Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:21.0.0
Analysis ID:444579
Start time:13:34:50
Joe Sandbox Product:Cloud
Start date:22.11.2017
Overall analysis duration:0h 10m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Analysis system description:Windows 7 (Office 2010 SP2, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • GSI enabled (VBA)
  • GSI enabled (Javascript)
Detection:MAL
Classification:mal52.phis.win@3/64@18/4
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Browsing: http://dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
  • Browsing link: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm
  • Browsing link: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm
  • Browsing link: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htm
  • Browsing link: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htm
  • Browsing link: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htm
  • Browsing link: http://www.viewdocsonline.com/whylogin.php?height=400&width=550
  • Browsing link: http://www.viewdocsonline.com/mydocs.php?height=350&width=550
  • Browsing link: http://www.viewdocsonline.com/support.php?height=400&width=550
  • Browsing link: http://www.viewdocsonline.com/blog
  • Browsing link: http://www.viewdocsonline.com/about.php?height=350&width=550
  • Browsing link: http://www.viewdocsonline.com/terms.php?height=400&width=550
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, WmiApSrv.exe
  • Execution Graph export aborted for target iexplore.exe, PID 3360 because there are no executed function
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtEnumerateKey calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.


Detection

StrategyScoreRangeReportingDetection
Threshold520 - 100Report FP / FNmalicious


Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample HTTP request are all non existing, likely the sample is no longer working
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Signature Overview

Click to jump to signature section


Phishing:

barindex
META author tag missingShow sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmHTTP Parser: No <meta name="author".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmHTTP Parser: No <meta name="author".. found
Source: http://www.viewdocsonline.com/terms.php?height=400&width=550HTTP Parser: No <meta name="author".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmHTTP Parser: No <meta name="author".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmHTTP Parser: No <meta name="author".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmHTTP Parser: No <meta name="author".. found
Source: http://www.viewdocsonline.com/whylogin.php?height=400&width=550HTTP Parser: No <meta name="author".. found
Source: http://www.viewdocsonline.com/mydocs.php?height=350&width=550HTTP Parser: No <meta name="author".. found
Source: http://www.viewdocsonline.com/support.php?height=400&width=550HTTP Parser: No <meta name="author".. found
Source: http://www.viewdocsonline.com/blogHTTP Parser: No <meta name="author".. found
Source: http://www.viewdocsonline.com/about.php?height=350&width=550HTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmHTTP Parser: No <meta name="copyright".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmHTTP Parser: No <meta name="copyright".. found
Source: http://www.viewdocsonline.com/terms.php?height=400&width=550HTTP Parser: No <meta name="copyright".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmHTTP Parser: No <meta name="copyright".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmHTTP Parser: No <meta name="copyright".. found
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmHTTP Parser: No <meta name="copyright".. found
Source: http://www.viewdocsonline.com/whylogin.php?height=400&width=550HTTP Parser: No <meta name="copyright".. found
Source: http://www.viewdocsonline.com/mydocs.php?height=350&width=550HTTP Parser: No <meta name="copyright".. found
Source: http://www.viewdocsonline.com/support.php?height=400&width=550HTTP Parser: No <meta name="copyright".. found
Source: http://www.viewdocsonline.com/blogHTTP Parser: No <meta name="copyright".. found
Source: http://www.viewdocsonline.com/about.php?height=350&width=550HTTP Parser: No <meta name="copyright".. found
HTML title does not match URLShow sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmHTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmHTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.viewdocsonline.com/terms.php?height=400&width=550HTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmHTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmHTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmHTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.viewdocsonline.com/whylogin.php?height=400&width=550HTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.viewdocsonline.com/mydocs.php?height=350&width=550HTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.viewdocsonline.com/support.php?height=400&width=550HTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.viewdocsonline.com/blogHTTP Parser: Title: Manage Your Domain - Login does not match URL
Source: http://www.viewdocsonline.com/about.php?height=350&width=550HTTP Parser: Title: Manage Your Domain - Login does not match URL
Suspicious form URL foundShow sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmHTTP Parser: Form action: yahoo.php
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmHTTP Parser: Form action: yahoo.php
Source: http://www.viewdocsonline.com/terms.php?height=400&width=550HTTP Parser: Form action: yahoo.php
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmHTTP Parser: Form action: yahoo.php
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmHTTP Parser: Form action: yahoo.php
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmHTTP Parser: Form action: yahoo.php
Source: http://www.viewdocsonline.com/whylogin.php?height=400&width=550HTTP Parser: Form action: yahoo.php
Source: http://www.viewdocsonline.com/mydocs.php?height=350&width=550HTTP Parser: Form action: yahoo.php
Source: http://www.viewdocsonline.com/support.php?height=400&width=550HTTP Parser: Form action: yahoo.php
Source: http://www.viewdocsonline.com/blogHTTP Parser: Form action: yahoo.php
Source: http://www.viewdocsonline.com/about.php?height=350&width=550HTTP Parser: Form action: yahoo.php
HTML body contains low number of good linksShow sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmHTTP Parser: Number of links: 0
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmHTTP Parser: Number of links: 0
Source: http://www.viewdocsonline.com/terms.php?height=400&width=550HTTP Parser: Number of links: 0
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmHTTP Parser: Number of links: 0
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmHTTP Parser: Number of links: 0
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmHTTP Parser: Number of links: 0
Source: http://www.viewdocsonline.com/whylogin.php?height=400&width=550HTTP Parser: Number of links: 0
Source: http://www.viewdocsonline.com/mydocs.php?height=350&width=550HTTP Parser: Number of links: 0
Source: http://www.viewdocsonline.com/support.php?height=400&width=550HTTP Parser: Number of links: 0
Source: http://www.viewdocsonline.com/blogHTTP Parser: Number of links: 0
Source: http://www.viewdocsonline.com/about.php?height=350&width=550HTTP Parser: Number of links: 0
None HTTPS page querying sensitive user dataShow sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmHTTP Parser: Has password / email / username input fields
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmHTTP Parser: Has password / email / username input fields
Source: http://www.viewdocsonline.com/terms.php?height=400&width=550HTTP Parser: Has password / email / username input fields
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmHTTP Parser: Has password / email / username input fields
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmHTTP Parser: Has password / email / username input fields
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmHTTP Parser: Has password / email / username input fields
Source: http://www.viewdocsonline.com/whylogin.php?height=400&width=550HTTP Parser: Has password / email / username input fields
Source: http://www.viewdocsonline.com/mydocs.php?height=350&width=550HTTP Parser: Has password / email / username input fields
Source: http://www.viewdocsonline.com/support.php?height=400&width=550HTTP Parser: Has password / email / username input fields
Source: http://www.viewdocsonline.com/blogHTTP Parser: Has password / email / username input fields
Source: http://www.viewdocsonline.com/about.php?height=350&width=550HTTP Parser: Has password / email / username input fields
Phishing site detected (based on logo template match)Show sources
Source: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmMatcher: Template: yahoo matched with 71%

Networking:

barindex
Downloads filesShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/index.htm HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/index.htm HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: www.dinartedamaso.com
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/jquery.css HTTP/1.1Accept: text/css, */*Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/thickbox-3.css HTTP/1.1Accept: text/css, */*Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/main-1.css HTTP/1.1Accept: text/css, */*Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/ga.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/main-1.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/tooltip-5.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/all.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/logo.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/yahoo.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/aol.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/gmail.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/hotmail.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/other.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/stemb.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/stemt.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/l.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/rb.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/b.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/lb.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/r.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/rt.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/loadingAnimation.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htm HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN_002.htm HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/t.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/lt.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/tip_balloon/background.gif HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /images/sprites/filetypes.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/YLogin.htm HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: www.viewdocsonline.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/View_files/download.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /R-viewdoc/Re-viewdoc/ALogin.htm HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dinartedamaso.comDNT: 1Connection: Keep-Alive
Found strings which match to known social media urlsShow sources
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?appid=ie8&amp;command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.ar.search.yahoo.com/os?market=ar&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.au.search.yahoo.com/os?market=au&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.ca.search.yahoo.com/os?market=ca&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.de.search.yahoo.com/os?market=de&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.e1.search.yahoo.com/os?market=e1&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.es.search.yahoo.com/os?market=es&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.fr.search.yahoo.com/os?market=fr&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.hk.search.yahoo.com/os?market=hk&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.id.search.yahoo.com/os?market=id&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.in.search.yahoo.com/os?market=in&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.it.search.yahoo.com/os?market=it&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.mx.search.yahoo.com/os?market=mx&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.my.search.yahoo.com/os?market=my&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.nz.search.yahoo.com/os?market=nz&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.ph.search.yahoo.com/os?market=ph&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.qc.search.yahoo.com/os?market=qc&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.sg.search.yahoo.com/os?market=sg&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.th.search.yahoo.com/os?market=th&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.tw.search.yahoo.com/os?market=tw&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.uk.search.yahoo.com/os?market=uk&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <SuggestionsURL>http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ar.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ar.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ar.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://au.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://au.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://au.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://br.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://br.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ca.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ca.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ca.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ca.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ca.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://cf.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://cl.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://cl.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://cl.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://co.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://co.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://co.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://de.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://de.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://de.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://de.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://es.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://es.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://es.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://es.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://espanol.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://espanol.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://espanol.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://espanol.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://hk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://id.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://kr.search.yahoo.com/ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://kr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://kr.searchcenter.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://nz.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://nz.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://nz.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://pe.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://pe.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://pe.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ph.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ph.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://qc.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://qc.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://qc.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=b2ie7</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=ie8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=yie7</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=yie7c</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;ei=utf-8&amp;fr=yie8ms</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://sg.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://sg.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://th.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://th.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://tw.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://tw.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://uk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://uk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://uk.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://uk.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ve.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ve.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://ve.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: iexplore.exeString found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)
Source: iexplore.exeString found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: _gaq.push(['_trackEvent', 'Facebook', 'Login with facebook account']); equals www.facebook.com (Facebook)
Source: iecompatdata.xml.0.dr, iecompatviewlist[1].xml.0.drString found in binary or memory: <domain uaString="11">messenger.yahoo.com</domain> equals www.yahoo.com (Yahoo)
Source: iecompatdata.xml.0.dr, iecompatviewlist[1].xml.0.drString found in binary or memory: <domain uaString="Firefox Token NoPlat">login.yahoo.com</domain> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: * @namespace YAHOO equals www.yahoo.com (Yahoo)
Source: all[1].js.1.drString found in binary or memory: * Copyright Facebook Inc. equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ""DNTException:Site:ak.facebook.comwdoc/Re-viewdoc/View_files/maipDoft Corporation1 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: #http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.comn() equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: #https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: 'ttps://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.comr equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: *.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: *.facebook.com0Y0 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: *.facebook.net equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: *.m.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: .ak.facebook equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: .ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: .dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joeyhttps://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joeyX equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: .facebook.co equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: .php?height=400&width=5501&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: .yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: //YAHOO.util.Dom.setStyle(YAHOO.util.Dom.get('selectFile'), 'background-color', "#FFFFFF"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: //YAHOO.util.Dom.setStyle(YAHOO.util.Dom.get('selectFile'), 'background-color', "#c7eaec"); equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: /R-viewdoc/Re-viewdoc/View_files/hotmail.jpg equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: /R-viewdoc/Re-viewdoc/View_files/hotmail.jpgxe equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: /R-viewdoc/Re-viewdoc/View_files/yahoo.jpg equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: /connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey{&PQ equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: 3http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command={searchTerms}ght={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market=zh-cnENTSS&pc=MICB39 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: ://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40r equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: </SearchProviderUpgradeList>.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: index[1].htm0.1.drString found in binary or memory: <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" xmlns:fb="http://www.facebook.com/2008/fbml" lang="en-gb"><head> equals www.facebook.com (Facebook)
Source: index[1].htm0.1.drString found in binary or memory: <img alt="" height="48" src="View_files/hotmail.jpg" width="132" class="auto-style2" /></a>&nbsp; equals www.hotmail.com (Hotmail)
Source: iexplore.exe, YLogin[1].htm.1.drString found in binary or memory: <img alt="" height="48" src="View_files/yahoo.jpg" width="132" /><center> equals www.yahoo.com (Yahoo)
Source: index[1].htm0.1.drString found in binary or memory: <img alt="" height="48" src="View_files/yahoo.jpg" width="132" class="auto-style2" /></a><span lang="en-us">&nbsp; equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <img width="132" height="48" alt="" src="View_files/yahoo.jpg"><center> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: ?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey equals www.facebook.com (Facebook)
Source: main-1[1].js.1.drString found in binary or memory: F=(F&&F.get)?F.get("element"):B.get(F);var D=this.get("element");if(!D){return false;}if(!E){return false;}if(D.parent!=E){if(F){E.insertBefore(D,F);}else{E.appendChild(D);}}this.fireEvent("appendTo",{type:"appendTo",target:E});return D;},get:function(D){var F=this._configs||{},E=F.element;if(E&&!F[D]&&!YAHOO.lang.isUndefined(E.value[D])){this._setHTMLAttrConfig(D);}return C.prototype.get.call(this,D);},setAttributes:function(J,G){var E={},H=this._configOrder;for(var I=0,D=H.length;I<D;++I){if(J[H[I]]!==undefined){E[H[I]]=true;this.set(H[I],J[H[I]],G);}}for(var F in J){if(J.hasOwnProperty(F)&&!E[F]){this.set(F,J[F],G);}}},set:function(E,G,D){var F=this.get("element");if(!F){this._queue[this._queue.length]=["set",arguments];if(this._configs[E]){this._configs[E].value=G;}return;}if(!this._configs[E]&&!YAHOO.lang.isUndefined(F[E])){this._setHTMLAttrConfig(E);}return C.prototype.set.apply(this,arguments);},setAttributeConfig:function(D,E,F){this._configOrder.push(D);C.prototype.setAttributeConfig.apply(this,argume
Source: iexplore.exeString found in binary or memory: Facebook Cross-Domain Messaging helper equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: Facebook Social Plugin equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: Facebook Userdom.inne" equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: Facebook, Inc.1 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: Free Hotmail.url equals www.hotmail.com (Hotmail)
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: Jhttp://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40 equals www.facebook.com (Facebook)
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: Mhttps://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: T /connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey HTTP/1.1 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: View_files/yahoo.jpg equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: View_files/yahoo.jpgf equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.namespace("upload"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.namespace("util");YAHOO.util.Cookie={_createCookieString:function(B,D,C,A){var F=YAHOO.lang,E=encodeURIComponent(B)+"="+(C?encodeURIComponent(D):D);if(F.isObject(A)){if(A.expires instanceof Date){E+="; expires="+A.expires.toUTCString();}if(F.isString(A.path)&&A.path!==""){E+="; path="+A.path;}if(F.isString(A.domain)&&A.domain!==""){E+="; domain="+A.domain;}if(A.secure===true){E+="; secure";}}return E;},_createCookieHashString:function(B){var D=YAHOO.lang;if(!D.isObject(B)){throw new TypeError("Cookie._createCookieHashString(): Argument must be an object.");}var C=[];for(var A in B){if(D.hasOwnProperty(B,A)&&!D.isFunction(B[A])&&!D.isUndefined(B[A])){C.push(encodeURIComponent(A)+"="+encodeURIComponent(String(B[A])));}}return C.join("&");},_parseCookieHash:function(E){var D=E.split("&"),F=null,C={};if(E.length>0){for(var B=0,A=D.length;B<A;B++){F=D[B].split("=");C[decodeURIComponent(F[0])]=decodeURIComponent(F[1]);}}return C;},_parseCookieString:function(J,A){var K={};if(YAHOO.lang.isString(J)&&J.length>0)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload = { equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.fileID = event.fileList[file].id; equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.init(); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.prog = Math.round(100*(event["bytesLoaded"]/event["bytesTotal"])); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.progressReport = document.getElementById("progressPercentage"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.progressReport.innerHTML = "Processing"; equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.progressReport.innerHTML = "Upload error. Try again later."; equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.progressReport.innerHTML = "Upload error."; equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.progressReport.innerHTML = YAHOO.upload.prog + "%"; equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.upload(); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.uploader.setAllowMultipleFiles(false); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.uploader.setFileFilters(ff); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.uploader.upload(YAHOO.upload.fileID, "http://www.viewdocsonline.com/upload/upload.php", "POST", {uploader: uploaderId}, "myfile"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.upload.uploader.upload(YAHOO.upload.fileID, "http://www.viewdocsonline.com/upload/upload.php", null, null, "myfile"); equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: YAHOO.util.Dom.setStyle(YAHOO.util.Dom. equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.util.Dom.setStyle(YAHOO.util.Dom.get('selectFile'), 'color', "#000000"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.util.Dom.setStyle(YAHOO.util.Dom.get('selectFile'), 'color', "#0ca1e3"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.util.Dom.setStyle(overlay, 'height', uiLayer.bottom-uiLayer.top + "px"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.util.Dom.setStyle(overlay, 'width', uiLayer.right-uiLayer.left + "px"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.util.Event.onDOMReady(function () { equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: YAHOO.widget.Uploader.SWFURL = "/scripts/uploader-2.7.0.swf"; equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: Zatic.ak.facebook.com,S equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ['Remote XD can talk to facebook.com (%s) equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: \tp:static.ak.facebook.com equals www.facebook.com (Facebook)
Source: all[1].js.1.drString found in binary or memory: __d("IframePlugin",["sdk.Auth","sdk.createIframe","copyProperties","sdk.DOM","sdk.Event","guid","Log","ObservableMixin","PluginPipe","QueryString","resolveURI","sdk.Runtime","Type","UrlMap","UserAgent","sdk.XD"],function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v){var w={skin:'string',font:'string',width:'px',height:'px',ref:'string',color_scheme:'string'};function x(ea,fa,ga){if(fa||fa===0)ea.style.width=fa+'px';if(ga||ga===0)ea.style.height=ga+'px';}function y(ea){return function(fa){var ga={width:fa.width,height:fa.height,pluginID:ea};k.fire('xfbml.resize',ga);};}var z={string:function(ea){return ea;},bool:function(ea){return ea?(/^(?:true|1|yes|on)$/i).test(ea):undefined;},url:function(ea){return q(ea);},url_maybe:function(ea){return ea?q(ea):ea;},hostname:function(ea){return ea||window.location.hostname;},px:function(ea){return (/^(\d+)(?:px)?$/).test(ea)?parseInt(RegExp.$1,10):undefined;},text:function(ea){return ea;}};function aa(ea,fa){var ga=ea[fa]||ea[fa.replace(/_/g,'-')]||ea[fa.replace(/_/g,'')]||
Source: LEdxGgtB9cN_002[1].htm.1.drString found in binary or memory: __d("initXdArbiter",["QueryString","resolveWindow","Log","XDM","XDMConfig"],function(a,b,c,d,e,f){(function(){var g=b('QueryString'),h=b('resolveWindow'),i=b('Log'),j=b('XDM'),k=c('XDMConfig');function l(z){return z?z.replace(/["'<>\(\)\\@]/g,''):z;}function m(){if(!window.chrome||!location.ancestorOrigins)return false;return !/\.facebook\.com$/.test(location.ancestorOrigins[1]);}function n(z,aa){if(m())return '';if(window!=parent&&window.parent!=window.parent.parent)try{return parent.parent.XdArbiter.register(window,z,aa);}catch(ba){i.error('Could not register with XdArbiter in parent.parent');}return '';}function o(z,aa,ba){if(!z&&m()){i.error('Can not use parent.parent to reach facebook.com');return;}var ca=z?h(z):parent.parent;try{ca.XdArbiter.handleMessage(aa,ba,window);}catch(da){i.error('Could not reach facebook.com using %s',z);}}function p(z,aa){var ba=50,ca=function(){if(!--ba)clearInterval(da);try{z();clearInterval(da);}catch(ea){}},da=setInterval(ca,50);ca();}function q(){var z=/^https?:\/\/[^\/]*/
Source: all[1].js.1.drString found in binary or memory: __d("sdk.Native",["copyProperties","Log","UserAgent"],function(a,b,c,d,e,f,g,h,i){var j='fbNativeReady',k={onready:function(l){if(!i.nativeApp()){h.error('FB.Native.onready only works when the page is rendered '+'in a WebView of the native Facebook app. Test if this is the '+'case calling FB.UA.nativeApp()');return;}if(window.__fbNative&&!this.nativeReady)g(this,window.__fbNative);if(this.nativeReady){l();}else{var m=function(n){window.removeEventListener(j,m);this.onready(l);};window.addEventListener(j,m,false);}}};e.exports=k;}); equals www.facebook.com (Facebook)
Source: all[1].js.1.drString found in binary or memory: __d("sdk.XD",["sdk.Content","sdk.Event","Log","QueryString","Queue","sdk.RPC","sdk.Runtime","sdk.Scribe","sdk.URI","UrlMap","XDConfig","XDM","sdk.createIframe","sdk.feature","guid"],function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u){var v=new k(),w=new k(),x=new k(),y,z,aa=u(),ba=q.useCdn?'cdn':'www',ca=t('use_bundle')?q.XdBundleUrl:q.XdUrl,da=p.resolve(ba,false)+ca,ea=p.resolve(ba,true)+ca,fa=u(),ga=location.protocol+'//'+location.host,ha,ia=false,ja='Facebook Cross Domain Communication Frame',ka={},la=new k();l.setInQueue(la);function ma(sa){i.info('Remote XD can talk to facebook.com (%s)',sa);m.setEnvironment(sa==='canvas'?m.ENVIRONMENTS.CANVAS:m.ENVIRONMENTS.PAGETAB);}function na(sa,ta){if(!ta){i.error('No senderOrigin');throw new Error();}var ua=/^https?/.exec(ta)[0];switch(sa.xd_action){case 'proxy_ready':var va,wa;if(ua=='https'){va=x;wa=z;}else{va=w;wa=y;}if(sa.registered){ma(sa.registered);v=va.merge(v);}i.info('Proxy ready, starting queue %s containing %s messages',ua+'ProxyQueue',va.getLength());va
Source: all[1].js.1.drString found in binary or memory: __d("sdk.XFBML.ConnectBar",["sdk.Anim","sdk.api","sdk.Auth","createArrayFrom","ConnectBarConfig","sdk.Data","sdk.DOM","sdk.XFBML.Element","escapeHTML","sdk.Event","format","sdk.Helper","sdk.Insights","sdk.Intl","sdk.Runtime","UrlMap","UserAgent"],function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w){var x=n.extend({_initialHeight:null,_initTopMargin:0,_picFieldName:'pic_square',_page:null,_displayed:false,_notDisplayed:false,_container:null,_animationSpeed:0,process:function(){i.getLoginStatus(ES5(function(y){p.monitor('auth.statusChange',ES5(function(){if(this.isValid()&&u.getLoginStatus()=='connected'){this._uid=u.getUserID();h({method:'Connect.shouldShowConnectBar'},ES5(function(z){if(z!=2){this._animationSpeed=(z==0)?750:0;this._showBar();}else this._noRender();},'bind',true,this));}else this._noRender();return false;},'bind',true,this));},'bind',true,this));},_showBar:function(){var y=l._selectByIndex(['first_name','profile_url',this._picFieldName],'user','uid',this._uid),z=l._selectByIndex(['display_na
Source: iexplore.exeString found in binary or memory: atic.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: c/View_files/hotmail.jpg equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: c/View_files/hotmail.jpgborder-radius-topright:4px; equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: com.facebook equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.appsLW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.business equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.codeZZZZXW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.developers equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.m equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.mbasicbW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.mtouchdW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.pixelnW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.research equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.securepW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.touchzW equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.upload|W equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: com.facebook.www equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: d=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e3 equals www.facebook.com (Facebook)
Source: main-1[1].js.1.drString found in binary or memory: document.getElementById("selectFile").value = event.fileList[YAHOO.upload.fileID].name; equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: facebook equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: facebook.com1 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: facebook.coma!e equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: facebook.comu equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cf.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: http://developer.yahoo.net/yui/license.txt equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&command={SearchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.searchcenter.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ru.search.yahoo.com equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.cn.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie7 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie7c equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie8ms equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40 equals www.facebook.com (Facebook)
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com&"X equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com_"Xy equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.como"YH equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40:#f equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40m equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ca.search.yahoo.com/os?market=ca&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.de.search.yahoo.com/os?market=de&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.es.search.yahoo.com/os?market=es&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.qc.search.yahoo.com/os?market=qc&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://th.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://th.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://vn.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://vn.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/hotmail.jpg@ equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/hotmail.jpg\ equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/hotmail.jpgv equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpg equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpg9-9EBF1 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpgEM equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http:static.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channe equals www.facebook.com (Facebook)
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.comf equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.cwb equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40m equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40r equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&"X equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#cb=f215cdb7521e34&domain=www.dinartedamaso.com&origin=http%3A%2F%2Fwww.dinartedamaso.com%2Ffbd364a9a874fc&relation=parent&response_type=token,signed_request,code&sdk=joeytype=token%2Csigned_request%2Ccode&sdk=joeyy*"X equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https:s-static.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: https:www.facebook.com equals www.facebook.com (Facebook)
Source: main-1[1].js.1.drString found in binary or memory: if(EU.isIE){YAHOO.util.Event.onDOMReady(YAHOO.util.Event._tryPreloadAttach,YAHOO.util.Event,true);var n=document.createElement("p");EU._dri=setInterval(function(){try{n.doScroll("left");clearInterval(EU._dri);EU._dri=null;EU._ready();n=null;}catch(ex){}},EU.POLL_INTERVAL);}else{if(EU.webkit&&EU.webkit<525){EU._dri=setInterval(function(){var rs=document.readyState;if("loaded"==rs||"complete"==rs){clearInterval(EU._dri);EU._dri=null;EU._ready();}},EU.POLL_INTERVAL);}else{EU._simpleAdd(document,"DOMContentLoaded",EU._ready);}}EU._simpleAdd(window,"load",EU._load);EU._simpleAdd(window,"unload",EU._unload);EU._tryPreloadAttach();})();}YAHOO.util.EventProvider=function(){};YAHOO.util.EventProvider.prototype={__yui_events:null,__yui_subscribers:null,subscribe:function(A,C,F,E){this.__yui_events=this.__yui_events||{};var D=this.__yui_events[A];if(D){D.subscribe(C,F,E); equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: isited: user@https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey3}} equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: nnect.facebook.net.facebook.com/assetsphp equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: oisited: user@https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey91D} equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: onnect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: onnect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joeyT equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: res://ieframe.dll/dnserrordiagoff.htm#http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.comAliv equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: res://ieframe.dll/dnserrordiagoff.htm#http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.comon: ~"YY equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: res://ieframe.dll/dnserrordiagoff.htm#https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: res://ieframe.dll/dnserrordiagoff.htm#https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com% equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.com1.11H equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.com> equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.comc equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.comp equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.coms equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: s-static.ak.facebook.com{*P] equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: st: www.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: st: www.facebook.com;"P equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: static.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: static.ak.facebook.comz? equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: tatic.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40 equals www.facebook.com (Facebook)
Source: main-1[1].js.1.drString found in binary or memory: this.uploader = new YAHOO.widget.Uploader( "uploaderOverlay" ); equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: tp:static.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: tps://connect.facebook.net/rsrc.php/v1/yR/r/ks_9ZXiQ0GL.swf equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: tps://connect.facebook.net/rsrc.php/v1/yW/r/PvklbuW2Ycn.swf equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: tps:www.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ts-staticak.facebook.coms-static.ak.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ttp://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40 equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ttp://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.comomfC<0!o equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ttp://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40S` equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: ttp://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpg equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: ttps://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&origin=http%3A%2F%2Fwww.dinartedamaso.com: equals www.facebook.com (Facebook)
Source: main-1[1].js.1.drString found in binary or memory: uploaderId = YAHOO.util.Cookie.get("uploader"); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: var overlay = YAHOO.util.Dom.get('uploaderOverlay'); equals www.yahoo.com (Yahoo)
Source: main-1[1].js.1.drString found in binary or memory: var uiLayer = YAHOO.util.Dom.getRegion('selectFilesLink'); equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: vatic.ak.facebook.com S equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: w.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: w.facebook.coma equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FLEdxGgtB9cN.js%3Fversion%3D40%23cb%3Df215cdb7521e34%26domain%3Dwww.dinartedamaso.com%26origin%3Dhttp%253A%252F%252Fwww.dinartedamaso.com%252Ffbd364a9a874fc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey) equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.comP equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.coma9a874fc&origin=http://www.dinartedamaso.com equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.come equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.comg equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.facebook.comseer\ equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: yahoo.php6 equals www.yahoo.com (Yahoo)
Source: all[1].js.1.drString found in binary or memory: } catch (e) {new Image().src="http:\/\/www.facebook.com\/" + 'common/scribe_endpoint.php?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script)+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"1162685","message":"'+e.message+'"}}');} equals www.facebook.com (Facebook)
Source: main-1[1].js.1.drString found in binary or memory: }else{this.__yui_subscribers=this.__yui_subscribers||{};var B=this.__yui_subscribers;if(!B[A]){B[A]=[];}B[A].push({fn:C,obj:F,overrideContext:E});}},unsubscribe:function(C,E,G){this.__yui_events=this.__yui_events||{};var A=this.__yui_events;if(C){var F=A[C];if(F){return F.unsubscribe(E,G);}}else{var B=true;for(var D in A){if(YAHOO.lang.hasOwnProperty(A,D)){B=B&&A[D].unsubscribe(E,G);}}return B;}return false;},unsubscribeAll:function(A){return this.unsubscribe(A);},createEvent:function(G,D){this.__yui_events=this.__yui_events||{};var A=D||{};var I=this.__yui_events;if(I[G]){}else{var H=A.scope||this;var E=(A.silent);var B=new YAHOO.util.CustomEvent(G,H,E,YAHOO.util.CustomEvent.FLAT);I[G]=B;if(A.onSubscribeCallback){B.subscribeEvent.subscribe(A.onSubscribeCallback);}this.__yui_subscribers=this.__yui_subscribers||{};var F=this.__yui_subscribers[G];if(F){for(var C=0;C<F.length;++C){B.subscribe(F[C].fn,F[C].obj,F[C].overrideContext);}}}return I[G];},fireEvent:function(E,D,A,C){this.__yui_events=this.__yui_events||{
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: dinartedamaso.com
Tries to download non-existing http data (HTTP/1.1 404 Not Found)Show sources
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 Nov 2017 12:36:34 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 31 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 55 50 41 4e c3 30 10 bc e7 15 4b cf 90 2d a8 47 2b 52 69 52 51 29 94 0a a5 07 8e 6e bd 8d 2d 39 76 b1 37 54 fd 3d 76 8a 04 1c 67 76 76 66 76 c5 5d fd b6 ea 3e 76 0d bc 74 af 2d ec f6 cf ed 66 05 b3 07 c4 4d d3 ad 11 eb ae be 4d 9e ca 39 62 b3 9d 55 85 d0 3c d8 4a 68 92 2a 01 36 6c a9 5a cc 17 b0 f5 0c 6b 3f 3a 25 f0 46 16 02 27 91 38 78 75 cd 7b 8f d5 1f 4d 42 85 38 57 9d 26 08 f4 39 52 64 52 b0 7f 6f 01 cd 20 7b 8a 68 bd 54 c6 f5 4b 97 30 1b ef ca de 9c e0 22 23 b8 64 72 ca 26 e0 1d b0 36 11 22 85 2f 0a a5 c0 f3 e4 b9 54 ca e4 0d 69 ed f5 1e 24 fc 6b 57 50 08 3e 4c 46 e4 8e 89 61 0a 29 f9 a2 8d 25 e0 70 4d 91 c0 1e c6 48 20 1d 34 59 5c fb e3 38 90 e3 cc 6b e9 54 16 fe d6 fe 89 c5 e9 ca 74 57 fe 4e f1 0d 9c 5d 10 75 58 01 00 00 0d 0a 30 0d
Urls found in memory or binary dataShow sources
Source: httpErrorPagesScripts[1].1.dr, httpErrorPagesScripts[1]0.1.drString found in binary or memory: file://
Source: iexplore.exeString found in binary or memory: file:///C:/Users/user/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/Content.IE5
Source: iexplore.exeString found in binary or memory: file:///C:/jbxinitvm.au3
Source: ver8F9F.tmp.1.drString found in binary or memory: http://
Source: iexplore.exeString found in binary or memory: http://%s.com
Source: iexplore.exeString found in binary or memory: http://amazon.fr/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://api.bing.com/qsml.aspx?query=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ar.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ar.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://ariadna.elmundo.es/
Source: iexplore.exeString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exeString found in binary or memory: http://arianna.libero.it/
Source: iexplore.exeString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: iexplore.exeString found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exeString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://au.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://au.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: all[1].js.1.drString found in binary or memory: http://bestiejs.github.com/json3
Source: main-1[1].js.1.drString found in binary or memory: http://blog.deconcept.com/swfobject/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://br.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://br.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exeString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.buscape.com.br/
Source: iexplore.exeString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.igbusca.com.br/
Source: iexplore.exeString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.orange.es/
Source: iexplore.exeString found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exeString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exeString found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exeString found in binary or memory: http://buscador.terra.com/
Source: iexplore.exeString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://buscador.terra.es/
Source: iexplore.exeString found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exeString found in binary or memory: http://buscar.ya.com/
Source: iexplore.exeString found in binary or memory: http://busqueda.aol.com.mx/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ca.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ca.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: iexplore.exeString found in binary or memory: http://cerca.lycos.it/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://cf.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: iexplore.exeString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://cl.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://cl.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://cn.bing.com/favicon.ico
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://cn.bing.com/search?q=
Source: iexplore.exeString found in binary or memory: http://cnet.search.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://co.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://co.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://corp.naukri.com/
Source: iexplore.exeString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://crl.comodo.net/UTN-USERFirst-Hardware.crl0q
Source: iexplore.exeString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: iexplore.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: iexplore.exeString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: iexplore.exeString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: iexplore.exeString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: iexplore.exeString found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
Source: iexplore.exeString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: iexplore.exeString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g5.crl04
Source: iexplore.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: iexplore.exeString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g5.crl0L
Source: iexplore.exeString found in binary or memory: http://crt.comodoca.com/UTNAddTrustServerCA.crt0$
Source: iexplore.exeString found in binary or memory: http://cs.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://cs.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://cs.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://de.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://de.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://de.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://de.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://de.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: main-1[1].js.1.drString found in binary or memory: http://developer.yahoo.net/yui/license.txt
Source: iexplore.exeString found in binary or memory: http://dinartedamaso.com/
Source: iexplore.exeString found in binary or memory: http://dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Source: iexplore.exeString found in binary or memory: http://dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmyt
Source: main-1[1].js.1.drString found in binary or memory: http://docs.jquery.com/License
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://es.ask.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://es.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://es.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://es.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://es.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://es.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://espanol.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://espanol.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://espn.go.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://find.joins.com/
Source: iexplore.exeString found in binary or memory: http://fontfabrik.comQ
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://fr.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://fr.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://fr.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://fr.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://fr.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://hk.search.yahoo.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://hk.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://home.altervista.org/
Source: iexplore.exeString found in binary or memory: http://home.altervista.org/favicon.ico
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://id.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://id.search.yahoo.com/search?p=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exeString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exeString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: iexplore.exeString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exeString found in binary or memory: http://images.monster.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: iexplore.exeString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exeString found in binary or memory: http://in.search
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://in.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://in.searchSNIE8&amp;pc=MSNIE8&amp;s
Source: iexplore.exeString found in binary or memory: http://it.search.dada.net/
Source: iexplore.exeString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://it.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://it.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://it.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://it.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://ja.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://ja.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://ja.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://jobsearch.monster.com/
Source: main-1[1].js.1.drString found in binary or memory: http://jquery.com/
Source: all[1].js.1.drString found in binary or memory: http://kit.mit-license.org
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://kr.search.yahoo.com/ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ei=UTF-8&fr=yie8ms&p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://kr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://kr.search.yahoo.com/search?p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://kr.searchcenter.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://list.taobao.com/
Source: iexplore.exeString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://livesearch.msn.co.kr/
Source: iexplore.exeString found in binary or memory: http://mail.live.com/
Source: iexplore.exeString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://malaysia.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://mscrl.mi
Source: iexplore.exeString found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://mx.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://nl.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://nl.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://nl.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://nz.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://nz.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0%
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0-
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0/
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com05
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.com
Source: iexplore.exe, 6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04.0.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB
Source: EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.com0:
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.com0K
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.com0M
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crlW
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/sha2-ha-server-g5.crlhttp://crl4.digicert.com/sha2-
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.comhttp://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: iexplore.exeString found in binary or memory: http://ocsp.entrust.net03
Source: iexplore.exeString found in binary or memory: http://ocsp.entrust.net0D
Source: 50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B.0.drString found in binary or memory: http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOq
Source: iexplore.exeString found in binary or memory: http://ocsp.msocsp.com0
Source: iexplore.exeString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exeString found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exeString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://pe.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://pe.search.yahoo.com/search?p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ph.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://pl.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://pl.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pl.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://price.ru/
Source: iexplore.exeString found in binary or memory: http://price.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pt.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://pt.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pt.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://qc.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://qc.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exeString found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exeString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exeString found in binary or memory: http://rover.ebay.com
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ru.search.yahoo.com
Source: iexplore.exeString found in binary or memory: http://ru.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://ru.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://ru.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://sads.myspace.com/
Source: iexplore.exeString found in binary or memory: http://search-dyn.tiscali.it/
Source: iexplore.exeString found in binary or memory: http://search.about.com/
Source: iexplore.exeString found in binary or memory: http://search.alice.it/
Source: iexplore.exeString found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.aol.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.aol.com/
Source: iexplore.exeString found in binary or memory: http://search.aol.in/
Source: iexplore.exeString found in binary or memory: http://search.atlas.cz/
Source: iexplore.exeString found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exeString found in binary or memory: http://search.auone.jp/
Source: iexplore.exeString found in binary or memory: http://search.books.com.tw/
Source: iexplore.exeString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.centrum.cz/
Source: iexplore.exeString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.chol.com/
Source: iexplore.exeString found in binary or memory: http://search.chol.com/favicon.ico
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://search.daum.net/
Source: iexplore.exeString found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exeString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.ebay.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.ebay.com/
Source: iexplore.exeString found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.ebay.de/
Source: iexplore.exeString found in binary or memory: http://search.ebay.es/
Source: iexplore.exeString found in binary or memory: http://search.ebay.fr/
Source: iexplore.exeString found in binary or memory: http://search.ebay.in/
Source: iexplore.exeString found in binary or memory: http://search.ebay.it/
Source: iexplore.exeString found in binary or memory: http://search.empas.com/
Source: iexplore.exeString found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.espn.go.com/
Source: iexplore.exeString found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exeString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.gismeteo.ru/
Source: iexplore.exeString found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exeString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.hanafos.com/
Source: iexplore.exeString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.interpark.com/
Source: iexplore.exeString found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exeString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5er
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6~
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7BOX&src=%7Breferrer:source?%7DI9
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7RE&src=%7Breferrer:source?%7D
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=MSNIE7&src=%7Breferrer:source?%7Dp9
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&mkt=%7BLanguage%7D&FORM=IE8SRC&src=%7Breferr
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRC
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=IE-SearchBox&Form=IE8SRC
Source: iexplore.exeString found in binary or memory: http://search.livedoor.com/
Source: iexplore.exeString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.lycos.com/
Source: iexplore.exeString found in binary or memory: http://search.lycos.com/favicon.ico
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5L
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS66
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS5R
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exeString found in binary or memory: http://search.nate.com/
Source: iexplore.exeString found in binary or memory: http://search.naver.com/
Source: iexplore.exeString found in binary or memory: http://search.naver.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.nifty.com/
Source: iexplore.exeString found in binary or memory: http://search.orange.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.rediff.com/
Source: iexplore.exeString found in binary or memory: http://search.rediff.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.seznam.cz/
Source: iexplore.exeString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.sify.com/
Source: iexplore.exeString found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exeString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: iexplore.exeString found in binary or memory: http://search.yam.com/
Source: iexplore.exeString found in binary or memory: http://search1.taobao.com/
Source: iexplore.exeString found in binary or memory: http://search2.estadao.com.br/
Source: iexplore.exeString found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exeString found in binary or memory: http://service2.bfast.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sg.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://si.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://si.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://si.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: main-1[1].js.1.drString found in binary or memory: http://sizzlejs.com/
Source: iexplore.exeString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exeString found in binary or memory: http://static.D
Source: iexplore.exeString found in binary or memory: http://static.ak.
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&or
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40:#f
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40m
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/y9/r/jKEcVPZFk-2.gif
Source: index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/y9/r/jKEcVPZFk-2.gif)
Source: index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yL/r/s816eWC-2sl.gif)
Source: index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yL/r/s816eWC-2sl.gif);cursor:pointer;display:block;height:15p
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yL/r/s816eWC-2sl.gif)js
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yL/r/s816eWC-2sl.gif)s
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ya/r/3rhSv5V8j3o.gif
Source: index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ya/r/3rhSv5V8j3o.gif)
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yd/r/Cou7n-nqK52.gif)
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yd/r/Cou7n-nqK52.gif4
Source: index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ye/r/8YeTNIlTZjm.png)
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ye/r/8YeTNIlTZjm.pngE
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ye/r/8YeTNIlTZjm.pngV
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ye/r/8YeTNIlTZjm.pngg
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/ye/r/8YeTNIlTZjm.pngp
Source: iexplore.exeString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yq/r/IE9JII6Z1Ys.png
Source: index[1].htm0.1.drString found in binary or memory: http://static.ak.fbcdn.net/rsrc.php/v2/yq/r/IE9JII6Z1Ys.png)
Source: main-1[1].js.1.drString found in binary or memory: http://stilbuero.de/tabs/
Source: iexplore.exeString found in binary or memory: http://suche.aol.de/
Source: iexplore.exeString found in binary or memory: http://suche.freenet.de/
Source: iexplore.exeString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://suche.lycos.de/
Source: iexplore.exeString found in binary or memory: http://suche.t-online.de/
Source: iexplore.exeString found in binary or memory: http://suche.web.de/
Source: iexplore.exeString found in binary or memory: http://suche.web.de/favicon.ico
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&appid=ie8&command=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&appid=ie8&command=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.ca.search.yahoo.com/os?market=ca&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ca.search.yahoo.com/os?market=ca&appid=ie8&command=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.de.search.yahoo.com/os?market=de&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.de.search.yahoo.com/os?market=de&appid=ie8&command=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&appid=ie8&command=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.es.search.yahoo.com/os?market=es&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.es.search.yahoo.com/os?market=es&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command=
Source: Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.qc.search.yahoo.com/os?market=qc&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.qc.search.yahoo.com/os?market=qc&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://th.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://treyresearch.net
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://tw.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://udn.com/
Source: iexplore.exeString found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://uk.ask.com/
Source: iexplore.exeString found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p=
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://uk.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://vachercher.lycos.fr/
Source: iexplore.exe, Kno29B1.tmp.0.dr, known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ve.search.yahoo.com/
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://ve.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://video.globo.com/
Source: iexplore.exeString found in binary or memory: http://video.globo.com/favicon.ico
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://vn.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://w
Source: iexplore.exeString found in binary or memory: http://wW
Source: iexplore.exeString found in binary or memory: http://web.ask.com/
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: http://www
Source: iexplore.exeString found in binary or memory: http://www.%s.com
Source: iexplore.exeString found in binary or memory: http://www.abril.com.br/
Source: iexplore.exeString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exeString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.amazon.co.jp/
Source: iexplore.exeString found in binary or memory: http://www.amazon.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
Source: iexplore.exeString found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
Source: iexplore.exeString found in binary or memory: http://www.amazon.de/
Source: iexplore.exeString found in binary or memory: http://www.aol.com/favicon.ico
Source: all[1].js.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: iexplore.exeString found in binary or memory: http://www.arrakis.com/
Source: iexplore.exeString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ascendercorp.com/
Source: iexplore.exeString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlt
Source: iexplore.exeString found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exeString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ask.com/
Source: iexplore.exeString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: iexplore.exeString found in binary or memory: http://www.baidu.com/
Source: iexplore.exeString found in binary or memory: http://www.baidu.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.bethmardutho.org.P
Source: iecompatdata.xml.0.dr, iecompatviewlist[1].xml.0.drString found in binary or memory: http://www.bing.com/bingbot.htm)
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://www.bing.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoH1
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoLinkID=403856&language=
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoarchTerms
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoorer
Source: iexplore.exeString found in binary or memory: http://www.bing.com/maps/
Source: iexplore.exeString found in binary or memory: http://www.bing.com/maps/default.aspx
Source: iexplore.exeString found in binary or memory: http://www.bing.com/maps/geotager.aspx
Source: iexplore.exeString found in binary or memory: http://www.bing.com/safety/warning
Source: known_providers_download_v1[1].xml.0.drString found in binary or memory: http://www.bing.com/search?q=
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRCn%
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=%7BsearchTerms%7D&src=IE-SearchBox&FORM=IE11SR
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=%7BsearchTerms%7D&src=IE-SearchBox&FORM=IE8SRC
Source: iexplore.exeString found in binary or memory: http://www.c-and-g.co.jp
Source: iexplore.exeString found in binary or memory: http://www.cdiscount.com/
Source: iexplore.exeString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exeString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: iexplore.exeString found in binary or memory: http://www.cjmall.com/
Source: iexplore.exeString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.cnet.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.cnet.com/favicon.ico
Source: main-1[1].js.1.drString found in binary or memory: http://www.codylindley.com)
Source: iexplore.exeString found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: iexplore.exe, tooltip-5[1].js.1.drString found in binary or memory: http://www.devira.com
Source: iexplore.exeString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: iexplore.exeString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: iexplore.exeString found in binary or memory: http://www.dinar
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinart
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinartedama
Source: iexplore.exe, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinartedamaso.com
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-v
Source: {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewd
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/4
Source: ~DFCA8F0C960F6558B9.TMP.0.dr, ~DFD04D456AFF2CE340.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm(
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm.
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm.0
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm/u
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm0
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm1q
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm32p
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm4
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm40
Source: iexplore.exe, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm4Manage
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm4t
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm6
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htm?
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmC
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmC7
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmC:
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmDMEOW
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmE
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmKs
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmL
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmManage
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htma
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmad/
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmb
Source: ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmc/YLogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htme
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmet
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmewdoc/Re-viewdoc/YLogin.htmo.com/R-viewd
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmine-
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmisited:
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmjt
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmo.com/R-viewdoc/Re-viewdoc/index.htmt_
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmp
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmppC:
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmth
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmttp://www.dinartedamaso.com/R-viewdoc/Re
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmvalleyblog.de.4
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/ALogin.htmxr.hr.hr.
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmU
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/GLogin.htmi
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htm-h
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmko
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmko3
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmtex
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/HLogin.htmw
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htm#
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmF
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmdu1
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmgu
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/OLogin.htmko
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htm3
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmIE
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmM
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmX
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmaI
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmn
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmt
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htmt=
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN_002.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN_002.htm4
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN_002.htm=
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/all.js
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/all.js(
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/all.js0
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/all.jsP
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/aol.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/aol.jpgB
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/aol.jpgf
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/aol.jpgm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/aol.jpgn
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/download.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/download.jpg)
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/download.jpg-c_
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/download.jpgewdoc/View_files/download.j
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/download.jpgs
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/download.jpgx
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/ga.js
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/ga.jsC
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/gmail.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/gmail.jpgex.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/hotmail.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/hotmail.jpgv
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/jquery.css
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/logo.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/logo.jpgg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/main-1.css
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/main-1.js
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/main-1.js3
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/other.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/thickbox-3.cssz
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/tooltip-5.js
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/tooltip-5.js;
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/tooltip-5.jssX
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpg
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpg9-9EBF1
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/View_files/yahoo.jpgEM
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YL
Source: ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm...
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm//s
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm0
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm1
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm4Fp
Source: {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm4Manage
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm73&
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmB
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmL
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmManage
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmTS
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmU
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmV
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmY
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmes2
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmhttp://www.dinartedamaso.com/R-viewdoc/R
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmineGgtB9cN_002.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmk
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmn
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmnC:
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmo.com/R-viewdoc/Re-viewdoc/index.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmrast=
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmviewdoc/index.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htmw
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/b
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/i&
Source: ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Source: ~DF8FF0AC6EC55B2428.TMP.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm%
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm(r6y
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm...
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm/LEdxGgtB9cN_002.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm/main-1.jscss
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm3
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmI
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmP
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmQ
Source: {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmRoot
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmhttp://www.dinartedamaso.com/R-viewdoc/Re
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmj?
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmp
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmq
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmsJ
Source: {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htmso.com/R-viewdoc/Re-viewdoc/YLogin.htmRoo
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/s
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/x
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/~
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc0
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-viewdoc8
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/R-voc/Re-viewdoc/View_files/LEdxGgtB9cN.htmX
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/favicon.ico-viewdo
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/favicon.ico-viewdoc/ALogin.htm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/favicon.icom
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/images/loadingAnimation.giftm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/images/loadingAnimation.giftm/LEdxGgtB9cN_002.htmm
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/images/sprites/filetypes.png
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/images/sprites/filetypes.png=550t-size:
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/images/sprites/filetypes.pngj
Source: iexplore.exeString found in binary or memory: http://www.dinartedamaso.com/images/sprites/filetypes.pngm
Source: {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.drString found in binary or memory: http://www.dinartso.com/R-viewdoc/Re-viewdoc/YLogin.htmRoot
Source: thickbox-3[1].css.1.drString found in binary or memory: http://www.drstatic.org/viewdocsonline/images/macFFBgHack.png)repeat;
Source: iexplore.exeString found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exeString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exeString found in binary or memory: http://www.expedia.com/
Source: iexplore.exeString found in binary or memory: http://www.expedia.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers/
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: iexplore.exeString found in binary or memory: http://www.fonts.com
Source: iexplore.exeString found in binary or memory: http://www.founder.com.cn/cn
Source: iexplore.exeString found in binary or memory: http://www.founder.com.cn/cn/
Source: iexplore.exeString found in binary or memory: http://www.galapagosdesign.com/
Source: iexplore.exeString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: iexplore.exeString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exeString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: iexplore.exe, tooltip-5[1].js.1.drString found in binary or memory: http://www.gnu.org/copyleft/lesser.html
Source: main-1[1].js.1.drString found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: ga[1].js.1.dr, ga[1].js0.1.drString found in binary or memory: http://www.google-analytics.com
Source: iexplore.exeString found in binary or memory: http://www.google-analytics.com/
Source: iexplore.exeString found in binary or memory: http://www.google-analytics.com/T
Source: iexplore.exeString found in binary or memory: http://www.google-analytics.com/ga.js
Source: iexplore.exeString found in binary or memory: http://www.google-analytics.com/ga.js/Re-viewdoc/View_files/ga.jsP
Source: iexplore.exeString found in binary or memory: http://www.google-analytics.com/ga.js2z
Source: iexplore.exeString found in binary or memory: http://www.google.co.in/
Source: iexplore.exeString found in binary or memory: http://www.google.co.jp/
Source: iexplore.exeString found in binary or memory: http://www.google.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.google.com.br/
Source: iexplore.exeString found in binary or memory: http://www.google.com.sa/
Source: iexplore.exeString found in binary or memory: http://www.google.com.tw/
Source: iexplore.exeString found in binary or memory: http://www.google.com/
Source: iexplore.exeString found in binary or memory: http://www.google.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.google.cz/
Source: iexplore.exeString found in binary or memory: http://www.google.de/
Source: iexplore.exeString found in binary or memory: http://www.google.es/
Source: iexplore.exeString found in binary or memory: http://www.google.fr/
Source: iexplore.exeString found in binary or memory: http://www.google.it/
Source: iexplore.exeString found in binary or memory: http://www.google.pl/
Source: iexplore.exeString found in binary or memory: http://www.google.ru/
Source: iexplore.exeString found in binary or memory: http://www.google.si/
Source: iexplore.exeString found in binary or memory: http://www.iask.com/
Source: iexplore.exeString found in binary or memory: http://www.iask.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.kkbox.com.tw/
Source: iexplore.exeString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exeString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.mercadolivre.com.br/
Source: iexplore.exeString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exeString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: iexplore.exeString found in binary or memory: http://www.mtv.com/
Source: iexplore.exeString found in binary or memory: http://www.mtv.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.myspace.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.najdi.si/
Source: iexplore.exeString found in binary or memory: http://www.najdi.si/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ncst.ernet.in/~rkjoshi
Source: iexplore.exeString found in binary or memory: http://www.neckermann.de/
Source: iexplore.exeString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.nifty.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: main-1[1].js.1.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: iexplore.exeString found in binary or memory: http://www.orange.fr/
Source: iexplore.exeString found in binary or memory: http://www.otto.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ozon.ru/
Source: iexplore.exeString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.paginasamarillas.es/
Source: iexplore.exeString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.priceminister.com/
Source: iexplore.exeString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.public-trust.com/CPS/OmniRoot.html0
Source: iexplore.exeString found in binary or memory: http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
Source: iexplore.exeString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.rambler.ru/
Source: iexplore.exeString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.recherche.aol.fr/
Source: iexplore.exeString found in binary or memory: http://www.rtl.de/
Source: iexplore.exeString found in binary or memory: http://www.rtl.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.sakkal.com
Source: iexplore.exeString found in binary or memory: http://www.sandoll.co.kr
Source: iexplore.exeString found in binary or memory: http://www.servicios.clarin.com/
Source: iexplore.exeString found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exeString found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.siliconvalleyblog.de/
Source: iexplore.exeString found in binary or memory: http://www.siliconvalleyblog.de/ebook.gif
Source: index[1].htm0.1.drString found in binary or memory: http://www.siliconvalleyblog.de/ebook.gif&quot;);
Source: iexplore.exeString found in binary or memory: http://www.siliconvalleyblog.de/ebook.gif6px;
Source: iexplore.exeString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.sogou.com/
Source: iexplore.exeString found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.soso.com/
Source: iexplore.exeString found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.t-online.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.taobao.com/
Source: iexplore.exeString found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.target.com/
Source: iexplore.exeString found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.tchibo.de/
Source: iexplore.exeString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.tesco.com/
Source: iexplore.exeString found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.tiro.com;Copyright
Source: iexplore.exeString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.typography.netD
Source: iexplore.exeString found in binary or memory: http://www.univision.com/
Source: iexplore.exeString found in binary or memory: http://www.univision.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.urwpp.de
Source: iexplore.exeString found in binary or memory: http://www.usertrust.com1
Source: iexplore.exeString found in binary or memory: http://www.vie
Source: index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/%
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/;
Source: index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/about.php?height=350&amp;width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/about.php?height=350&width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/about.php?height=350&width=5500
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/about.php?height=350&width=550koD
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/blog
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/blogD00
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/blogR00
Source: main-1[1].js.1.drString found in binary or memory: http://www.viewdocsonline.com/document/
Source: index[1].htm0.1.dr, YLogin[1].htm.1.drString found in binary or memory: http://www.viewdocsonline.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/favicon.icok
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/favicon.icom
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/favicon.icot
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/favicon.icoviewdoc/index.htm9cN.js?version=40
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/favicon.icoy
Source: index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/images/thumbnail_facebook.png
Source: iexplore.exe, tooltip-5[1].js.1.drString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/b.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/b.gif.htm
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/b.gif0
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/background.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/background.gif$
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/background.gif5
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/background.gifF
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/background.gifb
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/background.gif~
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/l.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/l.gif.htm
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/l.gifj
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/l.gifo
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/lb.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/lb.gifhtm
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/lt.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/lt.giff
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/lt.gifhtmW
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/lt.gifw
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/r.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/r.gif.htm
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rb.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rb.gif/
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rb.gifQ
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rb.gifhtm
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rt.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rt.gif?
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/rt.gifhtmq
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemb.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemb.gifl
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemb.gifs/tooltip-5.jssonline.com;www.viewdocsonli
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemb.gifuK
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemt.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemt.gif$
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/stemt.gifs/ga.js/
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/t.gif
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/t.gif.htm
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/t.gif3E
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/t.gifP
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/images/tip_balloon/t.gifp
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/mydocs.php?height=350&amp;width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/mydocs.php?height=350&width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/mydocs.php?height=350&width=5500
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/mydocs.php?height=350&width=550f
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/mydocs.php?height=350&width=550o
Source: index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/support.php?height=400&amp;width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/support.php?height=400&width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/support.php?height=400&width=550G
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/support.php?height=400&width=550u
Source: index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/terms.php?height=400&amp;width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/terms.php?height=400&width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/terms.php?height=400&width=550&
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/terms.php?height=400&width=5500
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/terms.php?height=400&width=5500Ao4
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/terms.php?height=400&width=550book.com../connect/xd_arbiter/LEdxGgtB9c
Source: main-1[1].js.1.drString found in binary or memory: http://www.viewdocsonline.com/upload/upload.php
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: http://www.viewdocsonline.com/whylogin.php?height=400&amp;width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/whylogin.php?height=400&width=550
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/whylogin.php?height=400&width=550V
Source: iexplore.exeString found in binary or memory: http://www.viewdocsonline.com/whylogin.php?height=400&width=550W
Source: iexplore.exeString found in binary or memory: http://www.walmart.com/
Source: iexplore.exeString found in binary or memory: http://www.walmart.com/favicon.ico
Source: tooltip-5[1].js.1.drString found in binary or memory: http://www.walterzorn.com
Source: iexplore.exe, tooltip-5[1].js.1.drString found in binary or memory: http://www.walterzorn.de
Source: iexplore.exeString found in binary or memory: http://www.weather.com/
Source: iexplore.exeString found in binary or memory: http://www.weather.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.yam.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.yandex.ru/
Source: iexplore.exeString found in binary or memory: http://www.yandex.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.zhongyicts.com.cn
Source: iexplore.exeString found in binary or memory: http://www3.fnac.com/
Source: iexplore.exeString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www8
Source: iexplore.exeString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
Source: iexplore.exeString found in binary or memory: http://yellowpages.superpages.com/
Source: iexplore.exeString found in binary or memory: http://yellowpages.superpages.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://z.about.com/m/a08.ico
Source: iexplore.exe, all[1].js.1.dr, ga[1].js.1.dr, ga[1].js0.1.dr, httpErrorPagesScripts[1].1.dr, httpErrorPagesScripts[1]0.1.drString found in binary or memory: https://
Source: iexplore.exeString found in binary or memory: https://en.wikipedia.org/wiki/XSLT/Muenchian_grouping
Source: iexplore.exeString found in binary or memory: https://example.com
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channe
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40m
Source: iexplore.exeString found in binary or memory: https://s-static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40r
Source: iexplore.exeString found in binary or memory: https://secure.comodo.com/CPS0
Source: iexplore.exe, index[1].htm0.1.drString found in binary or memory: https://ssl
Source: iexplore.exeString found in binary or memory: https://ssl.google-analyti
Source: ga[1].js.1.dr, ga[1].js0.1.drString found in binary or memory: https://ssl.google-analytics.com
Source: ga[1].js0.1.drString found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js0.1.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: iexplore.exeString found in binary or memory: https://support.google.com/favicon.ico$
Source: iexplore.exeString found in binary or memory: https://support.google.com/favicon.ico:
Source: iexplore.exeString found in binary or memory: https://support.google.com/favicon.icoS1
Source: iexplore.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: iexplore.exeString found in binary or memory: https://www.example.com.
Source: iexplore.exeString found in binary or memory: https://www.facebook.com/
Source: iexplore.exe, {B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, {C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat.0.dr, ~DF8FF0AC6EC55B2428.TMP.0.dr, ~DFCA8F0C960F6558B9.TMP.0.drString found in binary or memory: https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=
Source: ga[1].js0.1.drString found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.1.dr, ga[1].js0.1.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49216
Source: unknownNetwork traffic detected: HTTP traffic on port 49217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49217
Social media urls found in memory dataShow sources
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40#channel=fbd364a9a874fc&or
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40:#f
Source: iexplore.exeString found in binary or memory: http://static.ak.facebook.com/connect/xd_arbiter/LEdxGgtB9cN.js?version=40m
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/favicon.ico
Source: iexplore.exeString found in binary or memory: https://www.facebook.com/
Source: iexplore.exeString found in binary or memory: https://www.facebook.com/connect/ping?client_id=117978301565673&domain=www.dinartedamaso.com&origin=

System Summary:

barindex
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Classification labelShow sources
Source: classification engineClassification label: mal52.phis.win@3/64@18/4
Creates files inside the user directoryShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\History\Low
Creates temporary filesShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DFF1A8E8CB348E761F.TMP
Reads ini filesShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeFile read: C:\Users\desktop.ini
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3316 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3316 CREDAT:275457 /prefetch:2
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32

HIPS / PFW / Operating System Protection Evasion:

barindex
May try to detect the Windows Explorer process (often used for injection)Show sources
Source: iexplore.exeBinary or memory string: Program Manager
Source: iexplore.exeBinary or memory string: Shell_TrayWnd
Source: iexplore.exeBinary or memory string: Progman

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behavior_graph main Behavior Graph ID: 444579 Sample:   Startdate:  22/11/2017 Architecture:  WINDOWS Score:  52 0 iexplore.exe 35 73 main->0      started     d1e336495 www.dinartedamaso.com d1e351853reduced Connected ips exeeded maximum capacity for this level. 8 connected ips have been hidden. d1e351853 www.siliconvalleyblog.de 104.236.149.118, 80 DIGITALOCEAN-ASN-DigitalOceanIncUS United States d1e351854 www.viewdocsonline.com 62.149.144.39, 80 ARUBA-ASNIT Italy d1e351855 dinartedamaso.com 94.46.14.103, 80 ALMOUROLTECPT Portugal 0->d1e336495 1 iexplore.exe 56 0->1      started     1->d1e351853reduced 1->d1e351853 1->d1e351854 1->d1e351855 process0 dnsIp0 process1 dnsIp1 fileCreated0 fileCreated1

Simulations

Behavior and APIs

TimeTypeDescription
13:36:14API Interceptor502x Sleep call for process: iexplore.exe modified from: 60000ms to: 500ms

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Screenshot

windows-stand

Startup

  • System is w7_1
  • iexplore.exe (PID: 3316 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: EE79D654A04333F566DF07EBDE217928)
    • iexplore.exe (PID: 3360 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3316 CREDAT:275457 /prefetch:2 MD5: EE79D654A04333F566DF07EBDE217928)
  • cleanup

Created / dropped Files

C:\Users\user~1\AppData\Local\Temp\Kno29B1.tmp
File Type:XML document text
MD5:002D5646771D31D1E7C57990CC020150
SHA1:A28EC731F9106C252F313CCA349A68EF94EE3DE9
SHA-256:1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F
SHA-512:689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D4089215AD3FE33440908E687AA9AD7D94468F9F57A4CC19842D53A9CD2F17758BDADF0503DF63629C6
Malicious:false
Reputation:low
C:\Users\user~1\AppData\Local\Temp\~DF8FF0AC6EC55B2428.TMP
File Type:data
MD5:EB5C8A6CD83DBC2BF56A81C492DAE4C7
SHA1:16F134B75FB409C6EEA3764E5A746B9D87E44615
SHA-256:CCBB3C2CCDD911EFB959D1D6FDE48B557C505063E559E420B0BCF56D836A6E06
SHA-512:F75F14E41841228C6E80A6E372EB520A2AE1D2950793F8D46FBD1F760C23B407A6EB55DDD309109D7BC7E335B37F3D374A1A7440BB5611947BA313934236D9DF
Malicious:false
Reputation:low
C:\Users\user~1\AppData\Local\Temp\~DFCA8F0C960F6558B9.TMP
File Type:data
MD5:7F742EEED90B1D1B4833BC827C910461
SHA1:D84CE444CDBB5B3127ADC0FE2861CC94EC2AD666
SHA-256:4C13FF2F4888434B49EB57CFCA51833E37B7203FF38939161425ADE4066746BF
SHA-512:3D2DBE603B782316CFF3F514E16C2049D5AB0F4B70AA80AC426F604C6666E7D4248867AF6568D0565092572DA80489547B79519AAF90AB2B2E8A0C7888FA9725
Malicious:false
Reputation:low
C:\Users\user~1\AppData\Local\Temp\~DFD04D456AFF2CE340.TMP
File Type:data
MD5:3ECD47C751DD1758CB19152B5133269C
SHA1:ACAF973B0BCB1F541FE0055A1C735FC7CFD2BAEA
SHA-256:D2FDE3201B3901F95895EE16E79AB7A25AF6213483FE3A1D00FE3FEB2226D9BA
SHA-512:01A84FA0EFABF2574518556393EB1658E0163649A6A4525A8CC9A5C1F20C28A6FB360EE92839980796BBAC5297738EF6866FE68A7D617E5F9328323F761BEFCC
Malicious:false
Reputation:low
C:\Users\user~1\AppData\Local\Temp\~DFF1A8E8CB348E761F.TMP
File Type:data
MD5:C6BF20A42CAE84B1B1763719843DF66D
SHA1:153C2C84FA7213F0492A1A90E2F5B70020B12423
SHA-256:2A00B081213C0972C580559EEB50A6F9A6D1E975FB87DE10E68007987A0D5F14
SHA-512:2CC14BCF3A08D0F4E519C573F7AA9A6EAE4ED63734BC9E1935D7D605B4F16BF8C8D4EC9DA02CFF1447689371B552F7A02C63B880A61E2A53C8C88D5ED5950C44
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
File Type:data
MD5:07C4A4F374588D5CC25919A0CCBEFC71
SHA1:6AC0A70ED3006E41C82D84ECA2788821D6D185C6
SHA-256:62FC8E9F51E16BF2DD56084AC4F1875E490A35152CAEC282A8318CE0AB767388
SHA-512:0006471390A5DD5288E8F49C4DD7577214A78729ACAD51F743FFE92F982698ED29FFDB0315635CE065E96925E2FF804719B5EBDAC4C0D4FF2451FB8AF869F15D
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
File Type:data
MD5:B556CDA9CB7DD3505EFF20407FE6AFAA
SHA1:9FF906CBEB2C5BFD8CC9C18DFF827536E438C579
SHA-256:039491A2993EDF894DAA4D7206B8DAADDD1A4BF61EF5E5E65CEB0B0212BA8D81
SHA-512:6AD756739D92B8490E20D4916BA6FB9C1564479E07DDDFD948873EAFF788AC5635A7D72828449171902D1EEE6CE1077CD1ACCE3F92F01D700F8775CDB5EEDB9E
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9
File Type:data
MD5:16640217F86A4B53CB0E6F12D2E45FAB
SHA1:7854335783B9FFDD9549720C0E3A1FEE87B170FA
SHA-256:893A7250229FF9161A99EF9D0405FC3CA945BE97725BD00D9C80732123977671
SHA-512:D56DDE87F01FB36FE857D5362CED8DB289E61DE0850437C823B0546DFD23ACF58AE3C5D3C3772FF6A1B34D0BDCA24E0A82D1783AB294D121BCAD2C5131F8B724
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
File Type:data
MD5:976FFCEE818B0FDAC85EFC0F615B7521
SHA1:E1872BC10D8A199D576BC178F066954EAA4ACF68
SHA-256:EB8D8F1B43E75FBA989920E819FFA4622EE71D19C20D580817FBA742C31DC6F3
SHA-512:65CECFEC49F62C81E8CE13EA39DE8A5DF5D8A7496730F2F5FA3F277A5417E9EDC9BD4ED655225C57E0B28CDFD5A5CD7F657FA5D9705E3E5CFB80959940AD5551
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
File Type:data
MD5:07D4B1E76ABBEF13427C28621A0EE8F3
SHA1:6063509DACB822749EC9AF69AEDF579DA7067B73
SHA-256:898D884CCC25CFDD927EDDB99C858EB2B268B9840CCEA27BDDB5FF2880377BE8
SHA-512:7814B8CD50A348D6F1EC2AA310D08A934AD9E9F40217B95CEBFD657308393700F8E2439D57DA2B1DB379FF9AE41C4446CE0ACD74F6F67D0AA345980CC9C73871
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
File Type:data
MD5:03BCC84A8E3346149E9A4FE34235B7E9
SHA1:2BC17486912A8C133D3C4C039D2D5DC850EAFBBC
SHA-256:ECF71F2C41CB50329F380743ED1E6C501C333D087B237185925654174E33ABA3
SHA-512:B275ADA91EFD0BA0981228CB503FCD4A39091F6B2A231C91F23FB1C6D75BC1218483FFFEBF363778A18C44F7CA55977E19CA0C49E6BD53A600AB9CA2B90C4C4E
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
File Type:data
MD5:F1C91374535FD36223B7E3212007BE03
SHA1:C527F8E95F599A1FE7D97A5DCEEF8A1CC7E292A7
SHA-256:44FF3E9493A47EA60BEDF64EC8A2DC45483F7E891CB2C54B4B44AB6816A6DC68
SHA-512:1175B35B67C1B04A47315791FFE34631E61CC07B9EAD471F19395D1841556BD252D7A237DE12425E95CF61590FCBD263C819649E1D1657CCD5F2F1417B217D5D
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9
File Type:data
MD5:FF9B3A73370B36245BB1057E65CAE707
SHA1:281F447D11CFBBD623B4D910F68443723228E0C5
SHA-256:7A121E5C437DBEC4F9C6C4EDA13B61DC62921CF4A6D19B9AC9F21DC7DA208E72
SHA-512:08A255B621CB027E5E1E5251E6E9FE2248C94F11DFFC4F2700C655BA42798E680A709F752FBD81893FCCA18BB164BD2E6DD5B482AB4226B4480301F75E92D1B4
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
File Type:data
MD5:5973394BC5D962C47F7F30E1ECE95252
SHA1:C4EAC9C57BA3BC1A5E4788CA0AA37028334859B5
SHA-256:1A89D6CBF256800E1984FB88153D7C7362682C25224995AEE1825A5FE9A1758F
SHA-512:FAD37504C9296C30E08F3A444920080E6E1457C350DF616006F8900597C1C28B103E760686A54D9F9924049297F9D6673BDD1F13BB937BD9D0263F8CEAF9910D
Malicious:false
Reputation:low
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
File Type:PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5:1A85A1A8E48D59921E4802DF39CAAD1D
SHA1:8274A054D39EE873AC2ADA3C447845386D080738
SHA-256:A397C7CEEC858FDF9DB122669662F6D89D30BE1E4B6DE727156628B5C48DF62D
SHA-512:7A6A77EDF9EB8DD289EC01763DBAFD24692D1270BAB71A190656B0A6B07936CA65EF928CF1C5C425B592C1BC2D2D108317E4B1B1916E04A9BF462A7C943B1125
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.2
File Type:data
MD5:5A34CB996293FDE2CB7A4AC89587393A
SHA1:3C96C993500690D1A77873CD62BC639B3A10653F
SHA-256:C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD
SHA-512:E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A609B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
File Type:XML document text
MD5:516EAF3CA31AD768D309163C0E1C56BA
SHA1:BF6B158711B254C3861AF1BB01721EA349704358
SHA-256:C32D075F601D787DF8FD481C808FDBFC2CC1A7D6CD741BCBB27DCE40C69E9077
SHA-512:AB11029A0D8F00933FB00EBDE250E44838E0B3B6E55E48769B450E4D5A200437F57E4CE486E22EC76A72D8B6A9F8DB2DAD56178D8B50A3527BE99176F3983393
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9EC119B-CF81-11E7-932E-B808CF8DE4D6}.dat
File Type:Microsoft Word Document
MD5:49FFD71C25E7DBF32CC71D272ABD6AAF
SHA1:A3FE8F678D7B07C66742E638DDBC4AEFF62FCB38
SHA-256:F8796EEFC6D55CD84630CE576C3589F870A15F0AC17F81205E44FCE24474DC24
SHA-512:14C5297CE1AAA085C4AF7471409DAAEB9F5EEA5D59725E018BE38D869C5FFFB03523D75E357906C614C50E3506169BBCB4556BF2CDBBCFCE57E4AAF5658DA623
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9EC119D-CF81-11E7-932E-B808CF8DE4D6}.dat
File Type:Microsoft Word Document
MD5:4B1E980EAE5BE5953F753082F02218F8
SHA1:E25D44F636A71085599F38432D3C8C66A45C1DC5
SHA-256:68DF1586C6D12E8FD040D0E49BDBFBF869CBE7E7B617CC46C69D74ABDB20FF93
SHA-512:F18963F9C61DF921A66F142B8652A569CF3CD85FF467B95EAC1919CC67EFF0329104030B809A58AC5F3F532F705174EC3A7FB5A2364D0C7B18FCF13BD5505DEA
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3A78AFC-CF81-11E7-932E-B808CF8DE4D6}.dat
File Type:Microsoft Word Document
MD5:1BCB0AD433E4A3FAC205F1CC05D1E396
SHA1:7E4885F566563B1EDF14AC5ECF2F72B893893BB3
SHA-256:C53AD345C3D02C3CE320E20DB58A33CDA9A9E66539212C6170FEF545F68095EC
SHA-512:B39E0F983807AE37D506F83B86772E17E9EB12BD9795C9254FE2ED3E48A903C5F57A9E93EB9DC8C8612CDAC9043BACB53ADF69BB29D2B1DF057DC9E458F78BF0
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9E328C4-CF81-11E7-932E-B808CF8DE4D6}.dat
File Type:Microsoft Word Document
MD5:625D5B3BAC7692BF5A3F0B971F09F85C
SHA1:501475FA92F0C859B6A99EEDAEFE441826B32E05
SHA-256:C7C1E9E2A0F637F1B4D0824F50A0DE740861F9375D38B757384DCCB57A776B34
SHA-512:C88A44FA1D989B44A2308779CE7DB4EEFD68E585EED03BC7E28B4C1C96BD3023937D39D676668A7401F1ED4E47F5E018E981159A0F03A1C53B046C10108B3648
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver8CF0.tmp
File Type:XML document text
MD5:4685838350E19AB74E16EFE96F142EB4
SHA1:66B9CE117BACE5088B09B4AB506C8767593377CD
SHA-256:2B25A9DD5C47DA010258E1BC93D512B8E484359AF1003FE1B85390E93519C60A
SHA-512:E01570FA713BAB17D4941A1D46605D5C0FB89635C61136217E286F608A256F40D260B662CDAF2ED064D52CC57400DAD9BDB4FE1677D18559FBBF7B64068D2C75
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver8F9F.tmp
File Type:XML document text
MD5:4685838350E19AB74E16EFE96F142EB4
SHA1:66B9CE117BACE5088B09B4AB506C8767593377CD
SHA-256:2B25A9DD5C47DA010258E1BC93D512B8E484359AF1003FE1B85390E93519C60A
SHA-512:E01570FA713BAB17D4941A1D46605D5C0FB89635C61136217E286F608A256F40D260B662CDAF2ED064D52CC57400DAD9BDB4FE1677D18559FBBF7B64068D2C75
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\bullet[1]
File Type:PNG image, 15 x 15, 8-bit colormap, non-interlaced
MD5:26F971D87CA00E23BD2D064524AEF838
SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\errorPageStrings[1]
File Type:UTF-8 Unicode (with BOM) English text, with CRLF line terminators
MD5:6B26ECFA58E37D4B5EC861FCDD3F04FA
SHA1:B69CD71F68FE35A9CE0D7EA17B5F1B2BAD9EA8FA
SHA-256:7F7D1069CA8A852C1C8EB36E1D988FE6A9C17ECB8EFF1F66FC5EBFEB5418723A
SHA-512:1676D43B977C07A3F6A5473F12FD16E56487803A1CB9771D0F189B1201642EE79480C33A010F08DC521E57332EC4C4D888D693C6A2323C97750E97640918C3F4
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\ga[1].js
File Type:ASCII text, with very long lines
MD5:5C391A45AAB8DB26D02A189EB881DFA2
SHA1:5F0D30A6C556A8B0E2FF012F172F0FBC1250A9AB
SHA-256:F289BFF43FF075F3CCDB13B315ACBFE9C76492ACA411DDF23490F232265C53FC
SHA-512:7F827F8A5672A85A49D0E81050CF5C9D2AC0C13940E836125C2E78A2938A6AE5F47B24874F3941E0CDF76511213B50AC3E11677A9F1A4DF4985937089369F3CB
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\hotmail[1].jpg
File Type:PNG image, 192 x 50, 8-bit/color RGBA, non-interlaced
MD5:4901CFC069F5D64EC8D47550486CB420
SHA1:B36A2E42EF9CCE426F82BC253F2FF1FC47FBAECB
SHA-256:6B1AF85883B2AB64690488468BF9FB0699B82E0B8C3239129847E726BCD79C1B
SHA-512:E36DA08348C1145039D27B2AEFBB9C8B4572C67C792443F709284AE0C0CE2132E02B1EDF2E11515B72600A8FE48FAB82F4F38255829687C0B80A5AD4719F11C2
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\httpErrorPagesScripts[1]
File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5:3F57B781CB3EF114DD0B665151571B7B
SHA1:CE6A63F996DF3A1CCCB81720E21204B825E0238C
SHA-256:46E019FA34465F4ED096A9665D1827B54553931AD82E98BE01EDB1DDBC94D3AD
SHA-512:8CBF4EF582332AE7EA605F910AD6F8A4BC28513482409FA84F08943A72CAC2CF0FA32B6AF4C20C697E1FAC2C5BA16B5A64A23AF0C11EEFBF69625B8F9F90C8FA
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\index[1].htm
File Type:HTML document text
MD5:DB04D99719B9DA15F86ED4EBF9361E3D
SHA1:9B50087C1CDF53EE9CA62D94EBF33A049684AEAA
SHA-256:315A8618260E6178AE7808DFF7F598FA4246EC579448209FD0B13F58D41C6DC7
SHA-512:C0948D26E787D8445648970C8EBC783A8756EE1133B06D6F8CDDFE941419F6723A43FB0E232320C774FABD474F82596F74462FF034BD379FE0786FA3441A7777
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\info_48[1]
File Type:PNG image, 47 x 48, 8-bit/color RGBA, non-interlaced
MD5:5565250FCC163AA3A79F0B746416CE69
SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\info_48[2]
File Type:PNG image, 47 x 48, 8-bit/color RGBA, non-interlaced
MD5:5565250FCC163AA3A79F0B746416CE69
SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\known_providers_download_v1[1].xml
File Type:XML document text
MD5:002D5646771D31D1E7C57990CC020150
SHA1:A28EC731F9106C252F313CCA349A68EF94EE3DE9
SHA-256:1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F
SHA-512:689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D4089215AD3FE33440908E687AA9AD7D94468F9F57A4CC19842D53A9CD2F17758BDADF0503DF63629C6
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\main-1[1].js
File Type:ASCII C program text, with very long lines
MD5:1E6331E0AF1EA21700B47B68A420B872
SHA1:51B0EB5356D05E1C8070AFCCD99D55ED2D9B5525
SHA-256:49E1B456FB871B4C09E62F5BA0F762140069B4CFDD4BB1EFDAC03FC44E381E69
SHA-512:D6A017E6182E370D2C103A3B224333D023ACFC9915572A1D47C6FCC1017FD86BA127F4BC48C3B43D846E9E79C297DF7B17EA867B865F552BE9ED98F82B806DBC
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AESG8HGU\other[1].jpg
File Type:JPEG image data, JFIF standard 1.01
MD5:319ECD1F8B20F4860A69739FB653068E
SHA1:3D28493D95840C394A881D6042EEB026F18CC702
SHA-256:3E543CCE18B7844AC9DEDF6E30D988DCA45B543208A870F775C7FE16FD796A9B
SHA-512:02C2012DECC6560478320AF09D7AB03993D733DB358F787B482129DBE09D7D9D353D98A386153E90B101BC2834BF9C078C86803FD391BBB312255BF64F2890E6
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\all[1].js
File Type:ASCII English text, with very long lines
MD5:FDA57DA9B6C36B22A489E430F21175F2
SHA1:CC1E57BC6FB61F31DD2F9B4BA0A92715015AD90A
SHA-256:55EA6D74EF928464F427A737FC4C13D72818A0C0A5CF22A77D40B0204F40D010
SHA-512:D66BA74764BA5C44162EFAF87842765E99204359046252EA0324895DADDFC0C08C8E4873BB7CBE66E415EEB6DCE85C1A0259B86FDBFF378FDECB13DFD67245DE
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\download[1].jpg
File Type:JPEG image data, JFIF standard 1.01
MD5:B8D7B62DEFD3DA507472D594D74BB2E0
SHA1:F594B8028C947EB32C1D413E0975A39159D67F48
SHA-256:EEA937E239305C35E3ECD6BDB98A0A16362D4A9E019865680E6E08ABB59405CF
SHA-512:82D7E08B111D01AE26608D50884DAC617A28CD96F6E93788432ECAAC2B78523E2E3E7462DAA944FFC5D80DDE90A95990ADE00B7127C967ADE237E9D10E80F503
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\ga[1].js
File Type:ASCII text, with very long lines
MD5:02D3CBFB23BE87E21CBF5048D6BF75A5
SHA1:AD2968D1ADBC84BF718FB07F10EA6991D605B4DD
SHA-256:7C2C58FC24E2D3458B88680CFAD4577011697DF9A1406808F2F7D8F46060D8A7
SHA-512:68EB263F26FA7667E5F9F3ABF10031CB033E8416C9AB1B8A16D0B0B67AFCBA4A04062A8905E36D574045328154763F8F66FD144BC10A6A2FCB152EF432574369
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\httpErrorPagesScripts[1]
File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5:3F57B781CB3EF114DD0B665151571B7B
SHA1:CE6A63F996DF3A1CCCB81720E21204B825E0238C
SHA-256:46E019FA34465F4ED096A9665D1827B54553931AD82E98BE01EDB1DDBC94D3AD
SHA-512:8CBF4EF582332AE7EA605F910AD6F8A4BC28513482409FA84F08943A72CAC2CF0FA32B6AF4C20C697E1FAC2C5BA16B5A64A23AF0C11EEFBF69625B8F9F90C8FA
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\iecompatviewlist[1].xml
File Type:XML document text
MD5:516EAF3CA31AD768D309163C0E1C56BA
SHA1:BF6B158711B254C3861AF1BB01721EA349704358
SHA-256:C32D075F601D787DF8FD481C808FDBFC2CC1A7D6CD741BCBB27DCE40C69E9077
SHA-512:AB11029A0D8F00933FB00EBDE250E44838E0B3B6E55E48769B450E4D5A200437F57E4CE486E22EC76A72D8B6A9F8DB2DAD56178D8B50A3527BE99176F3983393
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\jquery[1].css
File Type:ASCII text, with CRLF line terminators
MD5:8A751D1C1E751D48611E364C1A5A0D7F
SHA1:7C505C08ABB9BF8A6B1E658FCE42B287A2F6CF0B
SHA-256:F3D705106CA4E8D08B80349F705AFE18CE083B8D192DBA77C347E7700E8B027A
SHA-512:5379CB5D4318818CD3E073B63A8D01C68C2687AD048F2B458F0AA11ECAC9212342FA6AC653CD740D963A01118503A9DA352BBEDC180B5B449DD5B32367A261AD
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\logo[1].jpg
File Type:JPEG image data, JFIF standard 1.01
MD5:4F4A40219CEFC7299A6ACECF10C6B0E5
SHA1:2ABE5E5FFE1A2D6A34E34CF331BF8DB80AA17FA4
SHA-256:F6329DD54128C1B627769692B41C6579D499E001B97EB8BE1CB4EFF8738B247C
SHA-512:3A454EA1C66504CF42B5E416DA4525377ACD5834546296B9D9C8B52932893C6421F8FA8C9BB0A28C24FC45BD83369C1D30EEB27F5BBAAA075DCDF850072E76E0
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\navcancl[1]
File Type:HTML document text
MD5:4BCFE9F8DB04948CDDB5E31FE6A7F984
SHA1:42464C70FC16F3F361C2419751ACD57D51613CDF
SHA-256:BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228
SHA-512:BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT5MYGJE\urlblockindex[1].bin
File Type:data
MD5:FA518E3DFAE8CA3A0E495460FD60C791
SHA1:E4F30E49120657D37267C0162FD4A08934800C69
SHA-256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
SHA-512:D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\ErrorPageTemplate[1]
File Type:UTF-8 Unicode (with BOM) C program text, with CRLF line terminators
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\ErrorPageTemplate[2]
File Type:UTF-8 Unicode (with BOM) C program text, with CRLF line terminators
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\aol[1].jpg
File Type:JPEG image data, JFIF standard 1.01
MD5:C0A8313EBEF0932F93A7C294CC0888D0
SHA1:6861E4C978A2D9CC5A5636DEA9E97DB88A024D08
SHA-256:47CF29D05E9B146E3794AD926CE64F4F642D4967E0053F53157808B3F159E841
SHA-512:8C923B5F002014EC7E48439BE4DB601EA45FD39B91DED7997AE7DC101F1080788EC2CDB4A524B4234DB3063194479DAE1EAD58BCB3242B8F2BFF0CB8509F2F26
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\background_gradient[1]
File Type:JPEG image data, JFIF standard 1.02
MD5:20F0110ED5E4E0D5384A496E4880139B
SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\errorPageStrings[1]
File Type:UTF-8 Unicode (with BOM) English text, with CRLF line terminators
MD5:6B26ECFA58E37D4B5EC861FCDD3F04FA
SHA1:B69CD71F68FE35A9CE0D7EA17B5F1B2BAD9EA8FA
SHA-256:7F7D1069CA8A852C1C8EB36E1D988FE6A9C17ECB8EFF1F66FC5EBFEB5418723A
SHA-512:1676D43B977C07A3F6A5473F12FD16E56487803A1CB9771D0F189B1201642EE79480C33A010F08DC521E57332EC4C4D888D693C6A2323C97750E97640918C3F4
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\index[1].htm
File Type:HTML document text
MD5:F93AF01826B216733A7DC55B32633148
SHA1:021B31B7B69DC7957E17A51094B8A91D721565C9
SHA-256:E40DE16AB93F617133AF66C361E1C9EE24AFAB75B84F30B471391F5FC4418F39
SHA-512:FD5E4A1DA9466AE6E6EB8E78DFA97F7A35BD7F702061517153985DE76952EDE3A7864DD4C6FD9853B4125B68982638BF4A48ACB8E64EA76787F04F015D41ED69
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\navcancl[1]
File Type:HTML document text
MD5:4BCFE9F8DB04948CDDB5E31FE6A7F984
SHA1:42464C70FC16F3F361C2419751ACD57D51613CDF
SHA-256:BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228
SHA-512:BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\ping[1].htm
File Type:ASCII English text, with very long lines, with no line terminators
MD5:1786638D6491B2E04D66B0179FDE1A83
SHA1:32A95FC6A82360D1BEA74CEF7306BA47F8574845
SHA-256:7B17717374065A2F98B8B440B85838F73EAF9248710E01944395259DB75BA54C
SHA-512:58503F808487E72FC4A14226BF7CA950021BBFD6E05DE3DEA130354DEE4043F0A68B70496ED43523EE5B795BC62C10C55E68355F4439EB35BF6B8FD10608867A
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\suggestions[1].en-US
File Type:data
MD5:5A34CB996293FDE2CB7A4AC89587393A
SHA1:3C96C993500690D1A77873CD62BC639B3A10653F
SHA-256:C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD
SHA-512:E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A609B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\tooltip-5[1].js
File Type:ASCII C program text, with very long lines, with CRLF line terminators
MD5:C1BE2676869CD138C29BF82AA3B30C62
SHA1:D8CD7BE6A589E54B2ACEF9A5B64F241FDD412A15
SHA-256:5828A9FBFE7C96245E49DD231FA7ABB293BE78A9DFECEFF93A87F3A36DA4CBA6
SHA-512:416538E679DEA25836C72CC448BA7EF1B0B17A568D8616655B1669BFD893AD7E6B6474CE9B0F0B16EA425DC9CD99BBEE9A668E4CCE0DB2BA9A43DF22A37B8819
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF8FZ0OT\yahoo[1].jpg
File Type:JPEG image data, JFIF standard 1.01
MD5:C930BCF158CDFE6D35A4CBD4C1C0812F
SHA1:23E34BFD5FD2F543614A86BE77D495134A3E9733
SHA-256:20E315A5CAF1553CD05A8F0A02C290C97D2B3D3EA2E485411456529A26043DD7
SHA-512:8E1C555D040A2B3624D136F0FE4E28AA6BC35FA019307FB5D6068869A41569335D9BDEE410FAE80FACDD25DCAB5399F52DFA6A4A3F68B10B4D6F9E75B99AACAD
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\ALogin[1].htm
File Type:HTML document text
MD5:E7CC745B6415BBEAF6E8D0DC76D6C1C5
SHA1:C8164CDDEF3AB720CFF86F2B09F8FF6304D29481
SHA-256:D2791BA758236414E482262562664F3BB28BB08A6C695557433A262293EE3B83
SHA-512:DAD4E2030E779853F72225542CCA7148B29BE139F0C9B9F2B7654AFCE205DDD0F79588CEDE4DC71A5AB74D8FBDD5A0A9296F6F724FE4D67A0D32B2A6D7683696
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\LEdxGgtB9cN[1].htm
File Type:HTML document text
MD5:78274F456D946E2FA1CD3177C74D03D1
SHA1:98312999622999B26BB445B4AADD69CA8FAA574A
SHA-256:117C7489951AA5F0AD60AAAB91B03DD53E758206908AFB5693E663F077418BF9
SHA-512:89661E5842051A52362DE66339344DC7CD1192D8C78B5B8D74F4D56B18B87FDE281783C9A7D7728E2EDEED5B7E83AEA7F60844D32B7D16E4A516E73DBA14648F
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\LEdxGgtB9cN_002[1].htm
File Type:HTML document text
MD5:78274F456D946E2FA1CD3177C74D03D1
SHA1:98312999622999B26BB445B4AADD69CA8FAA574A
SHA-256:117C7489951AA5F0AD60AAAB91B03DD53E758206908AFB5693E663F077418BF9
SHA-512:89661E5842051A52362DE66339344DC7CD1192D8C78B5B8D74F4D56B18B87FDE281783C9A7D7728E2EDEED5B7E83AEA7F60844D32B7D16E4A516E73DBA14648F
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\YLogin[1].htm
File Type:HTML document text
MD5:D597ADCA6D6B1B95F1B8EE82D2E2B54C
SHA1:2077859EB72B68FE1229A3483F1D6173E0EA892B
SHA-256:21C75DC9762196144EC4807F018D57663FF53EE487897BF3F3E55B81AB64E807
SHA-512:66B66C36947015144D986CAD6732C0F7B41B1AF3C0719DAB27C3EE6123F1BBB865AD8A1EE69059B0B3ABBEFEDCD84758C633153142CB3DEA1BA8AC4002407BEA
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\background_gradient[1]
File Type:JPEG image data, JFIF standard 1.02
MD5:20F0110ED5E4E0D5384A496E4880139B
SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\bullet[1]
File Type:PNG image, 15 x 15, 8-bit colormap, non-interlaced
MD5:26F971D87CA00E23BD2D064524AEF838
SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\favicon[1].ico
File Type:PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5:5B188904E3BC002102653489E7AC4A4A
SHA1:96607BA47296757DF3A005614947A5E83BA8683D
SHA-256:507C647828E8B817E23D90C7BE73B3105C32B9900147D0647B35046A32BE1016
SHA-512:99BF5DBC8CBAD84CA240A2DDAD2DE73BFC434193A4F729738048A09051688771E8C92D99AA6B0C5698C702FD155663DF28916F74561CAE1F8C73C0D9DD1A9FF7
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\gmail[1].jpg
File Type:JPEG image data, JFIF standard 1.01
MD5:ADDCB559CEE69F7C0818CFE02DD3F1D4
SHA1:FC7A72635AD7636706FF33BBC080EFD2CFA99850
SHA-256:CD6DCC20C7FC1645A20CB212BA8B84D16212BF0BBFB3B0C987E1724479D54A9B
SHA-512:45D7E55A49D58E0CB872A385B96DAAF274A3AD343D86E351093256FDC6D7946410556A3225B5BC547EB372FBAC611721B38F36A29A7C9B33F0ECCE5643975AE0
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\main-1[1].css
File Type:ASCII C program text, with CRLF line terminators
MD5:99E7CB8E525C162DDAA0747CBFE3F2B3
SHA1:71F90B3CF5481C6DCB1260437B2C93A2CDC4B931
SHA-256:981E570D738DC96CC12CF6CE56158B9B6F2C039B8D28FF189FC75504747BA7A8
SHA-512:FE6E569409A7E8AD8ABD06117534B2CBF48E7919B01DB0214FE0F7E56436CEF035E8E49C65D9384E53D5AB832564872E0D8C25A01BBE65FBBAFF8CFB6C14EE6E
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIAXG8Y5\thickbox-3[1].css
File Type:ASCII text, with CRLF line terminators
MD5:FA2E0ECD77614274E96780340EE35B6F
SHA1:5104C54DA38FCB567CB160C811230C6D8D18871E
SHA-256:2E967A5388F61A91BFA69BA2679BF7C1E98FE5848F84B6CCCD98ABCDF4E1F03A
SHA-512:E8FF750E73E589A11E406004E0F178D7F356FEF0E8BA2472405DF5D63EE3F9946B62CEB20AD6280ECD80833F99225FE29FD735C8D45F2035E859C7D9666BBD2A
Malicious:false
Reputation:low

Contacted Domains/Contacted IPs

Contacted Domains

NameIPActiveMaliciousAntivirus Detection
www.siliconvalleyblog.de104.236.149.118truefalse
www.facebook.com179.60.192.36truefalse
dinartedamaso.com94.46.14.103truefalse
www.viewdocsonline.com62.149.144.39truefalse
www.dinartedamaso.com94.46.14.103truefalse
s-static.ak.facebook.comunknownunknownfalse
static.ak.facebook.comunknownunknownfalse

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPCountryFlagASNASN NameMalicious
104.236.149.118United States
14061DIGITALOCEAN-ASN-DigitalOceanIncUSfalse
62.149.144.39Italy
31034ARUBA-ASNITfalse
94.46.14.103Portugal
24768ALMOUROLTECPTfalse
179.60.192.36United States
32934FACEBOOK-FacebookIncUSfalse

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Nov 22, 2017 13:36:18.140873909 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:18.409213066 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:18.411457062 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:18.413708925 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.138389111 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.403852940 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.404159069 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.404392004 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.958273888 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.961287022 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.138776064 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.404004097 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.404654980 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.405214071 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.950993061 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.951457024 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:21.950759888 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:21.951013088 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.138041973 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.404223919 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.404644966 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.404973984 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:23.950249910 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:23.950717926 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.138350010 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.404247046 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.404634953 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.404966116 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:27.951483965 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:27.951791048 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:28.042706013 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051069975 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051127911 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051157951 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051183939 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051208973 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051235914 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051261902 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054342031 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054389000 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054416895 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054441929 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054466009 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054491043 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.117307901 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.063369036 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.260510921 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.269063950 MEZ4919080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.269098043 MEZ804919094.46.14.103192.168.1.16
Nov 22, 2017 13:36:29.269761086 MEZ4919180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.269782066 MEZ804919194.46.14.103192.168.1.16
Nov 22, 2017 13:36:29.269860983 MEZ4919080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.270667076 MEZ4919080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.270704031 MEZ804919094.46.14.103192.168.1.16
Nov 22, 2017 13:36:29.270764112 MEZ4919180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.476866961 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.476923943 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.524542093 MEZ804919094.46.14.103192.168.1.16
Nov 22, 2017 13:36:29.524869919 MEZ4919080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.542155027 MEZ5461853192.168.1.168.8.8.8
Nov 22, 2017 13:36:29.698970079 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.874922037 MEZ53546188.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.876148939 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.876187086 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:29.876266003 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.877099037 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.877123117 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:29.877178907 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.877798080 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:29.877816916 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.356745958 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.356770039 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.356780052 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.356909990 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.397542953 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.397566080 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.397736073 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.410121918 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.410146952 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.411695004 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.411720991 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.413877964 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.413913012 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.415730000 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.416327000 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.416357040 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.416419029 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.416970968 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.416991949 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.417454004 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.417473078 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.419193983 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.419220924 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.419329882 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.424669981 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.424690962 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.436019897 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.436063051 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.436974049 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.437521935 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.437539101 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.466139078 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:30.466212034 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:30.466255903 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:30.595055103 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.595206976 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.617728949 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.617753029 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.714828014 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.715008020 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.808300018 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.808340073 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.808451891 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.838586092 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.838620901 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.859172106 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:30.859203100 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.912377119 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.912415981 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.912430048 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:30.912556887 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.091490030 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.091528893 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.091546059 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.091651917 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.118693113 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.119664907 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.125693083 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.125708103 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.125715017 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.125912905 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.132934093 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.133063078 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.178841114 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.178873062 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.178884029 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.179085016 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.185765028 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.185997009 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.193711996 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.193727970 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.193736076 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.193888903 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.231808901 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.231826067 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.231832027 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.235737085 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.239486933 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.239500046 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.239506006 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.239685059 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.245038033 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.245732069 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.246783972 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.246794939 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.246800900 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.247116089 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.284029961 MEZ6239653192.168.1.168.8.8.8
Nov 22, 2017 13:36:31.291057110 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.291155100 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.298388958 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.298557997 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.313232899 MEZ6363853192.168.1.168.8.8.8
Nov 22, 2017 13:36:31.320707083 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.320959091 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.323414087 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.323431969 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.391870975 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.391896009 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.391912937 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.392218113 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.406300068 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.406325102 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.406348944 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.406521082 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.439835072 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:31.492424011 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.492450953 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.492553949 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.497533083 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.497554064 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.499527931 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.499556065 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.499569893 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.499682903 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.591078997 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.591099977 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.591106892 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.591847897 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.597074032 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.598184109 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.598195076 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.598757982 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.598782063 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.599210978 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.601660967 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.601736069 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.601746082 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.601793051 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.601815939 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.607903957 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.607964993 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.611310005 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.697662115 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.699807882 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.717606068 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.717643976 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.717650890 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.720417976 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.723942041 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.805345058 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.805381060 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.805387020 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.809978962 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.810015917 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.812055111 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.812124014 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.820051908 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.820116043 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.823913097 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.902729034 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.902750969 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.902756929 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.902992964 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:31.909718990 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:31.909837961 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.037467003 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.037513018 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.037530899 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.037540913 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.040004969 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.040060997 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.049093008 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.049128056 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.049135923 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.051894903 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.089061975 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.089178085 MEZ804919894.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.091742039 MEZ4919880192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.096251011 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.096267939 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.096273899 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.097361088 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.102940083 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.102966070 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.102971077 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.103099108 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.103403091 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.103455067 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.105452061 MEZ4920080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.105503082 MEZ804920094.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.105570078 MEZ4920080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.106471062 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.106496096 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.106549025 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.135385990 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.135416985 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.136534929 MEZ4920080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.136560917 MEZ804920094.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.192780972 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.192926884 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.238754988 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.238899946 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.240340948 MEZ5287753192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.274985075 MEZ5936253192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.279648066 MEZ6239653192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.285710096 MEZ53636388.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.285744905 MEZ53623968.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.300893068 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.300910950 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.300915956 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.301023006 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.308676958 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.308689117 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.308692932 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.308772087 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.329324007 MEZ5226153192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.332938910 MEZ6158553192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.336723089 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.336849928 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.393637896 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.393651009 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.393656015 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.394092083 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.401575089 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.401957989 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.406080961 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.406100988 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.406125069 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.406490088 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.408525944 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.408732891 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.461457968 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.461493969 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.497746944 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.497965097 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.505244017 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.505260944 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.505269051 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.505456924 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.512304068 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.512316942 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.512322903 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.512468100 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.588418007 MEZ53528778.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.595612049 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.595628023 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.595633984 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.595858097 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.602765083 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.602778912 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.602785110 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.602936983 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.677871943 MEZ53623968.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.684856892 MEZ53522618.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.699563980 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.699726105 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.717413902 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.717449903 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.717473030 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.717644930 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.784441948 MEZ53615858.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.784511089 MEZ53593628.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.788533926 MEZ4920680192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.788569927 MEZ804920662.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.788661957 MEZ4920680192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.789695978 MEZ4920780192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.789726019 MEZ804920762.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.789814949 MEZ4920780192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.790839911 MEZ4920880192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.790868044 MEZ804920862.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.790932894 MEZ4920880192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.791917086 MEZ4920980192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.791944027 MEZ804920962.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.792020082 MEZ4920980192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.792979956 MEZ4921080192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.793001890 MEZ804921062.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.793076038 MEZ4921080192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.798885107 MEZ4921180192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.798933983 MEZ804921162.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.799011946 MEZ4921180192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.799391985 MEZ4920680192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.799411058 MEZ804920662.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.799921036 MEZ4920780192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.799947977 MEZ804920762.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.801084995 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.801183939 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.801548958 MEZ4921280192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.801584959 MEZ804921262.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.801656961 MEZ4921280192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.802985907 MEZ4921380192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.803015947 MEZ804921362.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.803093910 MEZ4921380192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.803792000 MEZ4920880192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.803819895 MEZ804920862.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.804656029 MEZ4921080192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.804678917 MEZ804921062.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.805352926 MEZ4920980192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.805375099 MEZ804920962.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.806077957 MEZ4921180192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.806099892 MEZ804921162.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.806523085 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.806581020 MEZ804919494.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.807287931 MEZ4919480192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.808743954 MEZ4921280192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.808767080 MEZ804921262.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.810303926 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.810319901 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.810327053 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.810575962 MEZ4921380192.168.1.1662.149.144.39
Nov 22, 2017 13:36:32.810597897 MEZ804921362.149.144.39192.168.1.16
Nov 22, 2017 13:36:32.810699940 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.899668932 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.899704933 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.899713039 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.899923086 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.905801058 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.905987978 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.906635046 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.906653881 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.906661987 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.906795979 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:32.913790941 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:32.913914919 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.071171045 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.071188927 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.071356058 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.081844091 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.081861019 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.081867933 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.082011938 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.129219055 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.129244089 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.129252911 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.129374027 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.136378050 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.136461020 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.156547070 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.156569004 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.156666994 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.190360069 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.190383911 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.211988926 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.212008953 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.212093115 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.218938112 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.218954086 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.219039917 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.222592115 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.222609997 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.243710041 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.243730068 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.302333117 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.302355051 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.302685976 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.345276117 MEZ4921480192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.345318079 MEZ804921462.149.144.39192.168.1.16
Nov 22, 2017 13:36:33.345391035 MEZ4921480192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.345993996 MEZ4921580192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.346016884 MEZ804921562.149.144.39192.168.1.16
Nov 22, 2017 13:36:33.346402884 MEZ4921480192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.346421003 MEZ804921462.149.144.39192.168.1.16
Nov 22, 2017 13:36:33.346474886 MEZ4921580192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.346889019 MEZ4921580192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.346908092 MEZ804921562.149.144.39192.168.1.16
Nov 22, 2017 13:36:33.353465080 MEZ5413753192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.364269972 MEZ5216553192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.380145073 MEZ5281453192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.407238960 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.407258034 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.407269001 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.407516003 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.482013941 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.493779898 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.493794918 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.493906021 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.501605988 MEZ804920094.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.501621008 MEZ804920094.46.14.103192.168.1.16
Nov 22, 2017 13:36:33.501734018 MEZ4920080192.168.1.1694.46.14.103
Nov 22, 2017 13:36:33.730572939 MEZ53521658.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.730631113 MEZ53541378.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.732851028 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:33.732918024 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:33.733022928 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:33.734798908 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:33.734843969 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:33.734951973 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:33.743179083 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:33.743216038 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:33.743573904 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:33.743607998 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:33.753997087 MEZ5859853192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.857894897 MEZ53528148.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.864391088 MEZ6309953192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.908479929 MEZ4921880192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.908516884 MEZ804921862.149.144.39192.168.1.16
Nov 22, 2017 13:36:33.908571005 MEZ4921880192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.908938885 MEZ4921880192.168.1.1662.149.144.39
Nov 22, 2017 13:36:33.908957005 MEZ804921862.149.144.39192.168.1.16
Nov 22, 2017 13:36:34.077291965 MEZ53585988.8.8.8192.168.1.16
Nov 22, 2017 13:36:34.092449903 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.092474937 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.092487097 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.092494011 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.092576027 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.092607975 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.099611044 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.099627972 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.099634886 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.099695921 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.107011080 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.107119083 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.198448896 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.198483944 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.198606968 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.206176996 MEZ53630998.8.8.8192.168.1.16
Nov 22, 2017 13:36:34.213242054 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.213269949 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.213277102 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.213351011 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.302373886 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.302390099 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.302397013 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.302534103 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.309729099 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.309886932 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.316970110 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.317001104 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:34.317109108 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:34.395926952 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.395946980 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.395953894 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.396039963 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.402960062 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.403584957 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.434175014 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.434222937 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.489203930 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.489236116 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.489243031 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.489356041 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.534703970 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.534830093 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.536550999 MEZ5619053192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.556524992 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.556565046 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.589392900 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.589519978 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.694523096 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:34.694657087 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:34.798578978 MEZ53561908.8.8.8192.168.1.16
Nov 22, 2017 13:36:34.882265091 MEZ6140753192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.899539948 MEZ5809853192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.942508936 MEZ6312953192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.987051010 MEZ5128353192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.290348053 MEZ53614078.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.334867001 MEZ53580988.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.341236115 MEZ6534853192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.456543922 MEZ53631298.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.465220928 MEZ6440553192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.472546101 MEZ53512838.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.477626085 MEZ5221653192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.634953976 MEZ53653488.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.731462002 MEZ53644058.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.860455036 MEZ53522168.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.141175985 MEZ5062153192.168.1.168.8.8.8
Nov 22, 2017 13:36:36.433336973 MEZ53506218.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.510812044 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:36.510849953 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:36.515431881 MEZ5463953192.168.1.168.8.8.8
Nov 22, 2017 13:36:36.600275993 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.600322008 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.731694937 MEZ53546398.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.792983055 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:36:36.793195009 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:36:36.966417074 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:36.966449022 MEZ804919594.46.14.103192.168.1.16
Nov 22, 2017 13:36:36.984113932 MEZ6054353192.168.1.168.8.8.8
Nov 22, 2017 13:36:37.312433004 MEZ6325053192.168.1.168.8.8.8
Nov 22, 2017 13:36:37.381019115 MEZ4919580192.168.1.1694.46.14.103
Nov 22, 2017 13:36:37.395188093 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:37.395220995 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:37.496788979 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:37.502810001 MEZ4922280192.168.1.1662.149.144.39
Nov 22, 2017 13:36:37.502857924 MEZ804922262.149.144.39192.168.1.16
Nov 22, 2017 13:36:37.503685951 MEZ4922280192.168.1.1662.149.144.39
Nov 22, 2017 13:36:37.505554914 MEZ4922280192.168.1.1662.149.144.39
Nov 22, 2017 13:36:37.505582094 MEZ804922262.149.144.39192.168.1.16
Nov 22, 2017 13:36:37.660743952 MEZ53605438.8.8.8192.168.1.16
Nov 22, 2017 13:36:37.662058115 MEZ4922380192.168.1.16104.236.149.118
Nov 22, 2017 13:36:37.662101030 MEZ8049223104.236.149.118192.168.1.16
Nov 22, 2017 13:36:37.662760973 MEZ4922480192.168.1.16104.236.149.118
Nov 22, 2017 13:36:37.662790060 MEZ8049224104.236.149.118192.168.1.16
Nov 22, 2017 13:36:37.662874937 MEZ4922380192.168.1.16104.236.149.118
Nov 22, 2017 13:36:37.662915945 MEZ4922480192.168.1.16104.236.149.118
Nov 22, 2017 13:36:37.749888897 MEZ53632508.8.8.8192.168.1.16
Nov 22, 2017 13:36:37.912962914 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:37.913278103 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:37.925208092 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:37.925239086 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.311136007 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.311156988 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.311166048 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.311268091 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:39.393446922 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.393470049 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.393476963 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.395324945 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:39.406198978 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.406394005 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:39.413259983 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.413280964 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:36:39.413484097 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:36:40.105822086 MEZ5194553192.168.1.168.8.8.8
Nov 22, 2017 13:36:40.246697903 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:40.246757030 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:40.313911915 MEZ53519458.8.8.8192.168.1.16
Nov 22, 2017 13:36:40.492746115 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:36:40.492928982 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:36:44.013781071 MEZ5204653192.168.1.168.8.8.8
Nov 22, 2017 13:36:44.022120953 MEZ5340753192.168.1.168.8.8.8
Nov 22, 2017 13:36:44.423084021 MEZ53520468.8.8.8192.168.1.16
Nov 22, 2017 13:36:44.637491941 MEZ53534078.8.8.8192.168.1.16
Nov 22, 2017 13:36:44.900927067 MEZ6295153192.168.1.168.8.8.8
Nov 22, 2017 13:36:45.133810997 MEZ53629518.8.8.8192.168.1.16
Nov 22, 2017 13:37:29.589400053 MEZ804919194.46.14.103192.168.1.16
Nov 22, 2017 13:37:29.589745045 MEZ4919180192.168.1.1694.46.14.103
Nov 22, 2017 13:37:34.494570017 MEZ804919094.46.14.103192.168.1.16
Nov 22, 2017 13:37:34.495088100 MEZ4919080192.168.1.1694.46.14.103
Nov 22, 2017 13:37:37.691409111 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:37:37.691895962 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:37:37.734883070 MEZ804920094.46.14.103192.168.1.16
Nov 22, 2017 13:37:37.735126019 MEZ4920080192.168.1.1694.46.14.103
Nov 22, 2017 13:37:39.088253021 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:37:39.088476896 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:37:43.593010902 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:37:43.593374968 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:37:45.491442919 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:37:45.491827965 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.264475107 MEZ4922380192.168.1.16104.236.149.118
Nov 22, 2017 13:38:10.264554024 MEZ8049223104.236.149.118192.168.1.16
Nov 22, 2017 13:38:10.265010118 MEZ4922480192.168.1.16104.236.149.118
Nov 22, 2017 13:38:10.265101910 MEZ8049224104.236.149.118192.168.1.16
Nov 22, 2017 13:38:10.265122890 MEZ4922380192.168.1.16104.236.149.118
Nov 22, 2017 13:38:10.265588999 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:38:10.265691996 MEZ44349217179.60.192.36192.168.1.16
Nov 22, 2017 13:38:10.265717983 MEZ4922480192.168.1.16104.236.149.118
Nov 22, 2017 13:38:10.266170025 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:38:10.266268015 MEZ44349216179.60.192.36192.168.1.16
Nov 22, 2017 13:38:10.266309977 MEZ49217443192.168.1.16179.60.192.36
Nov 22, 2017 13:38:10.266778946 MEZ49216443192.168.1.16179.60.192.36
Nov 22, 2017 13:38:10.267584085 MEZ4919980192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.267666101 MEZ804919994.46.14.103192.168.1.16
Nov 22, 2017 13:38:10.268157005 MEZ4919780192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.268188953 MEZ804919794.46.14.103192.168.1.16
Nov 22, 2017 13:38:10.268573046 MEZ4919680192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.268600941 MEZ804919694.46.14.103192.168.1.16
Nov 22, 2017 13:38:10.268958092 MEZ4920080192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.268985987 MEZ804920094.46.14.103192.168.1.16
Nov 22, 2017 13:38:10.269342899 MEZ4920180192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.269368887 MEZ804920194.46.14.103192.168.1.16
Nov 22, 2017 13:38:10.269728899 MEZ4919080192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.269756079 MEZ804919094.46.14.103192.168.1.16
Nov 22, 2017 13:38:10.270113945 MEZ4919180192.168.1.1694.46.14.103
Nov 22, 2017 13:38:10.270140886 MEZ804919194.46.14.103192.168.1.16

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Nov 22, 2017 13:36:18.140873909 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:18.409213066 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:18.411457062 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:18.413708925 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.138389111 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.403852940 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.404159069 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.404392004 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.958273888 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:19.961287022 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.138776064 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.404004097 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.404654980 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.405214071 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.950993061 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:20.951457024 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:21.950759888 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:21.951013088 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.138041973 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.404223919 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.404644966 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:22.404973984 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:23.950249910 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:23.950717926 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.138350010 MEZ5697553192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.404247046 MEZ5865953192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.404634953 MEZ6222853192.168.1.168.8.8.8
Nov 22, 2017 13:36:26.404966116 MEZ5120853192.168.1.168.8.8.8
Nov 22, 2017 13:36:27.951483965 MEZ6497053192.168.1.168.8.8.8
Nov 22, 2017 13:36:27.951791048 MEZ5691753192.168.1.168.8.8.8
Nov 22, 2017 13:36:28.042706013 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051069975 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051127911 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051157951 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051183939 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051208973 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051235914 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.051261902 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054342031 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054389000 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054416895 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054441929 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054466009 MEZ53586598.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.054491043 MEZ53622288.8.8.8192.168.1.16
Nov 22, 2017 13:36:28.117307901 MEZ53569178.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.063369036 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.260510921 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.476866961 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.476923943 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.542155027 MEZ5461853192.168.1.168.8.8.8
Nov 22, 2017 13:36:29.698970079 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:29.874922037 MEZ53546188.8.8.8192.168.1.16
Nov 22, 2017 13:36:30.466139078 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:30.466212034 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:30.466255903 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:31.284029961 MEZ6239653192.168.1.168.8.8.8
Nov 22, 2017 13:36:31.313232899 MEZ6363853192.168.1.168.8.8.8
Nov 22, 2017 13:36:31.439835072 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.240340948 MEZ5287753192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.274985075 MEZ5936253192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.279648066 MEZ6239653192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.285710096 MEZ53636388.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.285744905 MEZ53623968.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.329324007 MEZ5226153192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.332938910 MEZ6158553192.168.1.168.8.8.8
Nov 22, 2017 13:36:32.461457968 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.461493969 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.588418007 MEZ53528778.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.677871943 MEZ53623968.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.684856892 MEZ53522618.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.784441948 MEZ53615858.8.8.8192.168.1.16
Nov 22, 2017 13:36:32.784511089 MEZ53593628.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.353465080 MEZ5413753192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.364269972 MEZ5216553192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.380145073 MEZ5281453192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.482013941 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.730572939 MEZ53521658.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.730631113 MEZ53541378.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.753997087 MEZ5859853192.168.1.168.8.8.8
Nov 22, 2017 13:36:33.857894897 MEZ53528148.8.8.8192.168.1.16
Nov 22, 2017 13:36:33.864391088 MEZ6309953192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.077291965 MEZ53585988.8.8.8192.168.1.16
Nov 22, 2017 13:36:34.206176996 MEZ53630998.8.8.8192.168.1.16
Nov 22, 2017 13:36:34.536550999 MEZ5619053192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.798578978 MEZ53561908.8.8.8192.168.1.16
Nov 22, 2017 13:36:34.882265091 MEZ6140753192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.899539948 MEZ5809853192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.942508936 MEZ6312953192.168.1.168.8.8.8
Nov 22, 2017 13:36:34.987051010 MEZ5128353192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.290348053 MEZ53614078.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.334867001 MEZ53580988.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.341236115 MEZ6534853192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.456543922 MEZ53631298.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.465220928 MEZ6440553192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.472546101 MEZ53512838.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.477626085 MEZ5221653192.168.1.168.8.8.8
Nov 22, 2017 13:36:35.634953976 MEZ53653488.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.731462002 MEZ53644058.8.8.8192.168.1.16
Nov 22, 2017 13:36:35.860455036 MEZ53522168.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.141175985 MEZ5062153192.168.1.168.8.8.8
Nov 22, 2017 13:36:36.433336973 MEZ53506218.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.515431881 MEZ5463953192.168.1.168.8.8.8
Nov 22, 2017 13:36:36.600275993 MEZ53569758.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.600322008 MEZ53512088.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.731694937 MEZ53546398.8.8.8192.168.1.16
Nov 22, 2017 13:36:36.984113932 MEZ6054353192.168.1.168.8.8.8
Nov 22, 2017 13:36:37.312433004 MEZ6325053192.168.1.168.8.8.8
Nov 22, 2017 13:36:37.496788979 MEZ53649708.8.8.8192.168.1.16
Nov 22, 2017 13:36:37.660743952 MEZ53605438.8.8.8192.168.1.16
Nov 22, 2017 13:36:37.749888897 MEZ53632508.8.8.8192.168.1.16
Nov 22, 2017 13:36:40.105822086 MEZ5194553192.168.1.168.8.8.8
Nov 22, 2017 13:36:40.313911915 MEZ53519458.8.8.8192.168.1.16
Nov 22, 2017 13:36:44.013781071 MEZ5204653192.168.1.168.8.8.8
Nov 22, 2017 13:36:44.022120953 MEZ5340753192.168.1.168.8.8.8
Nov 22, 2017 13:36:44.423084021 MEZ53520468.8.8.8192.168.1.16
Nov 22, 2017 13:36:44.637491941 MEZ53534078.8.8.8192.168.1.16
Nov 22, 2017 13:36:44.900927067 MEZ6295153192.168.1.168.8.8.8
Nov 22, 2017 13:36:45.133810997 MEZ53629518.8.8.8192.168.1.16

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Nov 22, 2017 13:36:18.140873909 MEZ192.168.1.168.8.8.80x643bStandard query (0)dinartedamaso.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:19.138389111 MEZ192.168.1.168.8.8.80x643bStandard query (0)dinartedamaso.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:20.138776064 MEZ192.168.1.168.8.8.80x643bStandard query (0)dinartedamaso.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:22.138041973 MEZ192.168.1.168.8.8.80x643bStandard query (0)dinartedamaso.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:26.138350010 MEZ192.168.1.168.8.8.80x643bStandard query (0)dinartedamaso.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:29.542155027 MEZ192.168.1.168.8.8.80x20b8Standard query (0)www.dinartedamaso.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:32.274985075 MEZ192.168.1.168.8.8.80xb2fStandard query (0)www.viewdocsonline.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.353465080 MEZ192.168.1.168.8.8.80xf897Standard query (0)static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.364269972 MEZ192.168.1.168.8.8.80xfddStandard query (0)www.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.380145073 MEZ192.168.1.168.8.8.80x37c1Standard query (0)s-static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.753997087 MEZ192.168.1.168.8.8.80x3047Standard query (0)static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.864391088 MEZ192.168.1.168.8.8.80x31a3Standard query (0)s-static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:34.536550999 MEZ192.168.1.168.8.8.80x8134Standard query (0)static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:34.882265091 MEZ192.168.1.168.8.8.80xfd34Standard query (0)static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:34.899539948 MEZ192.168.1.168.8.8.80x7473Standard query (0)s-static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:35.341236115 MEZ192.168.1.168.8.8.80x40b0Standard query (0)s-static.ak.facebook.comA (IP address)IN (0x0001)
Nov 22, 2017 13:36:36.984113932 MEZ192.168.1.168.8.8.80xeb34Standard query (0)www.siliconvalleyblog.deA (IP address)IN (0x0001)
Nov 22, 2017 13:36:40.105822086 MEZ192.168.1.168.8.8.80x10d2Standard query (0)www.dinartedamaso.comA (IP address)IN (0x0001)

DNS Answers

TimestampSource IPDest IPTrans IDReplay CodeNameCNameAddressTypeClass
Nov 22, 2017 13:36:29.260510921 MEZ8.8.8.8192.168.1.160x643bNo error (0)dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)
Nov 22, 2017 13:36:29.476866961 MEZ8.8.8.8192.168.1.160x643bNo error (0)dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)
Nov 22, 2017 13:36:29.874922037 MEZ8.8.8.8192.168.1.160x20b8No error (0)www.dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)
Nov 22, 2017 13:36:30.466139078 MEZ8.8.8.8192.168.1.160x643bNo error (0)dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)
Nov 22, 2017 13:36:32.461457968 MEZ8.8.8.8192.168.1.160x643bNo error (0)dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)
Nov 22, 2017 13:36:32.784511089 MEZ8.8.8.8192.168.1.160xb2fNo error (0)www.viewdocsonline.com62.149.144.39A (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.730572939 MEZ8.8.8.8192.168.1.160xfddNo error (0)www.facebook.com179.60.192.36A (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.730631113 MEZ8.8.8.8192.168.1.160xf897Name error (3)static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:33.857894897 MEZ8.8.8.8192.168.1.160x37c1Name error (3)s-static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:34.077291965 MEZ8.8.8.8192.168.1.160x3047Name error (3)static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:34.206176996 MEZ8.8.8.8192.168.1.160x31a3Name error (3)s-static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:34.798578978 MEZ8.8.8.8192.168.1.160x8134Name error (3)static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:35.290348053 MEZ8.8.8.8192.168.1.160xfd34Name error (3)static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:35.334867001 MEZ8.8.8.8192.168.1.160x7473Name error (3)s-static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:35.634953976 MEZ8.8.8.8192.168.1.160x40b0Name error (3)s-static.ak.facebook.comnonenoneA (IP address)IN (0x0001)
Nov 22, 2017 13:36:36.600275993 MEZ8.8.8.8192.168.1.160x643bNo error (0)dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)
Nov 22, 2017 13:36:37.660743952 MEZ8.8.8.8192.168.1.160xeb34No error (0)www.siliconvalleyblog.de104.236.149.118A (IP address)IN (0x0001)
Nov 22, 2017 13:36:40.313911915 MEZ8.8.8.8192.168.1.160x10d2No error (0)www.dinartedamaso.com94.46.14.103A (IP address)IN (0x0001)

HTTP Request Dependency Graph

  • dinartedamaso.com
  • www.dinartedamaso.com
    • www.viewdocsonline.com

HTTP Packets

TimestampSource PortDest PortSource IPDest IPHeaderTotal Bytes Transfered (KB)
Nov 22, 2017 13:36:29.270667076 MEZ4919080192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/index.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dinartedamaso.com
DNT: 1
Connection: Keep-Alive
5
Nov 22, 2017 13:36:29.524542093 MEZ804919094.46.14.103192.168.1.16HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 22 Nov 2017 12:36:29 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 267
Connection: keep-alive
Location: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 64 69 6e 61 72 74 65 64 61 6d 61 73 6f 2e 63 6f 6d 2f 52 2d 76 69 65 77 64 6f 63 2f 52 65 2d 76 69 65 77 64 6f 63 2f 69 6e 64 65 78 2e 68 74 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm">here</a>.</p></body></html>
6
Nov 22, 2017 13:36:29.877798080 MEZ4919480192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/index.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: www.dinartedamaso.com
8
Nov 22, 2017 13:36:30.356745958 MEZ804919494.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 18 Jan 2015 20:12:22 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Data Raw: 31 36 64 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 3c db 72 db c6 92 cf 4c 55 fe 61 0c 9d 84 64 8e 00 82 57 f1 22 32 25 c9 f6 89 cf 71 6c 57 ac 24 27 89 5d 2c 10 18 92 b0 40 0c 0c 80 12 69 c5 1f b4 df b0 0f 5b b5 3f b4 bf b0 dd 33 03 70 40 80 14 e5 c8 d9 d4 52 12 45 cc a5 a7 bb a7 af 73 e1 ff fc e7 7f 9d 3e 7a fc f2 e2 f2 97 57 4f c8 3c 5e 78 e4 d5 8f e7 cf 9f 5d 10 4d af d5 7e 6e 5e d4 6a 8f 2f 1f 93 7f 7f 77 f9 fd 73 52 37 4c 72 19 5a 7e e4 c6 2e f3 2d af 56 7b f2 42 23 da 3c 8e 83 7e ad 76 73 73 63 dc 34 0d 16 ce 6a 97 3f d4 56 08 ab 8e 9d e5 47 3d 56 7a 1a 4e ec 68 a3 2f bf 38 e5 23 ae 16 9e 1f 0d 0b e0 d4 7b bd 9e e8 ae 61 a3 be 67 f9 b3 a1 46 7d 7d 36 d1 44 af fe 74 92 e9 38 b5 6c 3a 61 ec ca b0 d9 a2 d6 30 cd 6e 6d 3a c1 de 6a cf d1 e9 9c 5a 0e 8c 5e 3a 8d dd d8 a3 a3 9f 5c 7a 43 1e 33 3b 22 2f 7d cf f5 29 d1 c9 6b 77 e6 13 d7 27 11 b5 97 21 f5 d6 24 66 e4 1a 9b c5 73 4a 1c 66 2f 17 d4 8f 23 c2 78 fb d3 9a 80 f3 e5 17 04 5e a7 0b 1a 5b c4 b7 16 74 a8 39 34 b2 43 37 40 a2 35 62 33 3f 86 5e 43 2d 37 9e e5 79 ec 26 22 6b b6 cc 8c b3 60 51 0c bd 16 0b e6 a7 63 92 78 1d d0 08 51 b3 48 e4 2e 02 0f 7a fb 0e 99 5a d0 f4 c6 5a 1b e4 05 23 3e a5 0e 02 72 fd 28 06 d0 d0 60 4d 22 36 8d 6f ac 90 3e d2 0a d0 bc a2 eb 1b 16 3a 91 82 23 47 62 9b d0 e3 4d c9 31 47 93 86 c7 24 a4 80 9f e3 fa 2e af 3d 26 6c 3a 75 6d 68 1a 38 53 5e b2 3a 26 2b 2f 82 f7 20 88 e1 5d 81 24 81 6c a0 1e 93 a9 1b d2 29 c3 66 01 f5 8b 50 b5 96 f1 9c 85 0a a2 8f a9 ef 46 e4 87 04 09 8d cf ab d2 21 64 13 16 ab 94 f9 cc 0a ed b9 7b 4d 95 a6 28 41 3a 7d bf 74 af 87 da 85 68 a8 5f 02 a3 95 6e 31 5d c5 35 14 c5 01 b1 e7 56 18 d1 78 f8 e3 e5 53 bd 8b 50 52 38 41 08 78 87 f1 7a a8 b1 59 9f 0b c5 be 69 d7 c9 25 cc 32 b5 22 97 8a d9 4b 67 7f 9b f1 0a aa d9 21 b2 38 de d0 09 68 d8 ce d6 cb d0 53 1a 2b 5a 83 63 e2 7c 88 c1 50 77 76 81 70 17 d6 8c 1e 0a a4 c6 5b 47 b5 78 be 5c 4c 7c cb f5 c6 a9 7a 06 fe 6c d7 10 48 c1 18 e7 6e 0f eb 0a fb 4e 27 7d 2b 08 c6 ae a3 74 ac d7 4f 7a 27 dd a6 59 6f 77 da 9d 93 26 ef 87 5d 01 c8 15 48 ae 37 d4 5c 1b 75 73 0e 62 77 17 35 53 eb 1a 1b 1b f0 a6 71 35 84 ce 48 60 6d a5 73 20 a3 2c e0 08 e4 34 b6 97 31 79 d0 11 b8 3e 28 83 c4 6b 8f 46 73 4a e3 64 04 64 d5 78 ea 42 69 ed dd fb 25 0d d7 86 1d 45 09 34 2e c4 fc 79 41 1d d7 1a 6a 41 e8 a2 da 01 13 df 51 1b cd d4 31 01 8b 45 69 9e 9a 7d 03 c5 73 d7 be 9a b0 95 de dc 3b 58 02 b9 54 12 74 70 5a 1e e9 3a 39 73 1c e9 18 c8 b3 27 b5 9f d1 ee 06 d4 76 c1 8e 10 3e 2e e1 03 93 ca 05 ea b8 6c 78 01 76 11 35 a4 4a 74 7d 94 85 f7 9b 3b 25 5e 4c 01 16 39 79 8b 74 a4 95 fb e8 41 54 13 96 c5 d6 24 d2 5d aa 37 8c 13 a3 75 07 03 0b 39 b7 41 e7 37 0a 38 4f df 72 24 0f 66 e8 c2 72 7d bd 5e 38 f0 28 61 5e a9 54 3a 15 de 85 44 a1 9d e9 3e b3 8c 77 d0 d3 8a d6 3e 54 64 40 bc b3 ae 2d d1 0b fc 60 4d 7c 1a 25 70 8a db e5 c0 4b ec 60 88 0d 08 20 4e 22 b6 1f 98 32 55 f8 fa 5b 25 31 75 55 23 04 af bc ae 4c 97 3e 67 67 a5 4a 6e b3 6d 45 fb f2 11 4e ce 6b c1 f3 72 95 4f 55 e5 96 e0 f8 f0 9a ae 5e 07 e0 fd fa a4 ec b3 70 61 79 65 51 fe b1 3a 38 04 16 f0 b7 a2 39 6e 14 78 d6 5a 3b d6 26 1e b3 af b4 ed ae 29 2c 85 76 7c 94 ad 4e f9 c4 8e e4 23 8a e3 97 5f 18 93 65 1c 33 1f e9 41 7e e8 0e b5 59 68 e1 a0 7d 9f f9 74 40 92 0a cb 83 b8 a3 6f 03 3b 68 c8 4b 03 0b 54 c3 9f f5 eb f5 60 45 9a 8d 60 c5 4b 27 e0 ac 69 d8 8f 98 e7 3a 04 6b 8e 9a dd 4e c7 ee f1 4a 1d bc c0 95 1b eb a2 91 1e 5a 8e bb 8c fa 6d 68 d5 da fc 0d 48 09 05 a8 44 b2 ad 48 be 19 be f4 05 fb 90 85 a7 c7 0c 42 8f 69 8c 70 f7 36 0a dd d9 3c ee ef 05 05 fe 39 66 0b 0e ed 80 76 0a 40 a4 76 0a 96 be 5f ef 02 ba 67 a1 6b 79 c7 e4 3b ea 5d
Data Ascii: 16db<rLUadW"2%qlW$'],@i[?3p@REs>zWO<^x]M~n^j/wsR7LrZ~.-V{B#<~vssc4j?VG=VzNh/8#{agF}}6Dt8l:a0nm:jZ^:\zC3;"/})kw'!$fsJf/#x^[t94C7@5b3?^C-7y&"k`QcxQH.zZZ#>r(`M"6o>:#GbM1G$.=&l:umh8S^:&+/ ]$l)fPF!d{M(A:}th_n1]5VxSPR8AxzYi%2"Kg!8hS+Zc|Pwvp[Gx\L|zlHnN'}+tOz'Yow&]H7\usbw5Sq5H`ms ,41y>(kFsJddxBi%E4.yAjAQ1Ei}s;XTtpZ:9s'v>.lxv5Jt};%^L9ytAT$]7u9A78Or$fr}^8(a^T:D>w>Td@-`M|%pK` N"2U[%1uU#L>ggJnmENkrOU^payeQ:89nxZ;&),v|N#_e3A~Yh}t@o;hKT`E`K'i:kNJZmhHDHBip6<9fv@v_gky;]
20
Nov 22, 2017 13:36:30.356770039 MEZ804919494.46.14.103192.168.1.16Data Raw: d3 d8 b5 2d d0 47 08 38 f5 88 86 ee 74 90 34 05 e6 f0 fe 13 e6 39 bc d0 66 1e 0b fb 47 4f da 4f e1 25 98 6b d9 57 b3 90 2d 7d a7 7f 34 e5 af 2d b6 ae f4 68 6e 39 ec a6 6f c2 a8 f8 c7 27 e7 c8 74 1a dd 29 8c 0a 51 17 d8 2a c4 a8 07 7f 1d ac 9a b6
Data Ascii: -G8t49fGOO%kW-}4-hn9o't)Q*Gt0H1}P|:\4~<sE;uck+$'Fcq<N7o3// /$+p^61Ywb|VLx*eAh:f2PBm.P
22
Nov 22, 2017 13:36:30.356780052 MEZ804919494.46.14.103192.168.1.16Data Raw: de 7d 05 bf fc 1f 32 e2 98 4c 43 b6 a8 1c 9d 34 bb 67 e7 67 55 48 f7 59 e5 a8 71 d1 ea 75 4f aa d5 24 97 93 46 2d b5 37 49 b9 34 37 75 a7 65 76 73 c6 87 db 9d 1d ab 90 39 6b c4 b3 ed 54 6a a9 e7 b9 41 e4 46 99 ac 3c 99 fe 26 fc 75 5b 20 00 8d 5e
Data Ascii: }2LC4ggUHYquO$F-7I47uevs9kTjAF<&u[ ^{}\e7x[pQXRH~\+NbuZM%4sIxIz76g;Hv@=p;=Gju({4VHYH.Vn1
22
Nov 22, 2017 13:36:30.397542953 MEZ804919494.46.14.103192.168.1.16Data Raw: 43 c1 cd 5c 1a 50 84 54 42 96 12 6c f2 ad ea 84 15 8d c1 07 86 71 d4 3e 10 c6 d3 f3 f1 f3 ed 75 b4 07 d4 f8 81 8a 98 a0 8a 7f cc e6 e5 9d c2 55 68 11 7e 28 d1 73 4b 52 02 52 ed 53 3b 1e 4f ac 90 2b bf 05 1c 0d 71 9b e3 78 5f 3d 32 76 6f 03 6b 6f
Data Ascii: C\PTBlq>uUh~(sKRRS;O+qx_=2voko,){eYyV)v.-mW5WQBor#1],krq,SuJq5;B6pS|XTQkZs+UX6vig&1]!"lE`3^}N>-oC\Z
24
Nov 22, 2017 13:36:30.397566080 MEZ804919494.46.14.103192.168.1.16Data Raw: cf f6 04 29 ff 98 de 40 aa 7d 93 0a 33 ea 04 97 67 28 2e 12 69 ac 57 44 92 3f 67 c4 1b 0b b6 45 bb a4 c8 75 32 55 c9 d8 87 a2 5f 2c 30 90 ca 00 9b 85 52 97 c1 0c 30 2e c7 f2 9e dc df 90 79 00 ed 9d b5 02 eb c0 b9 c8 65 bd 8e 1e 40 05 09 8c b1 aa
Data Ascii: )@}3g(.iWD?gEu2U_,0R0.ye@I/pZ'd-SDCD+w+L@~Pd'H[^).mW$0A;2BKpnp<DY*u@].BVMzO&qjlHuc0Jj^1w=-n
25
Nov 22, 2017 13:36:30.410121918 MEZ4919480192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/jquery.css HTTP/1.1
Accept: text/css, */*
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
25
Nov 22, 2017 13:36:30.411695004 MEZ4919580192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/thickbox-3.css HTTP/1.1
Accept: text/css, */*
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
26
Nov 22, 2017 13:36:30.416970968 MEZ4919680192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/main-1.css HTTP/1.1
Accept: text/css, */*
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
27
Nov 22, 2017 13:36:30.417454004 MEZ4919780192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
27
Nov 22, 2017 13:36:30.424669981 MEZ4919880192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/main-1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
28
Nov 22, 2017 13:36:30.437521935 MEZ4919980192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/tooltip-5.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
28
Nov 22, 2017 13:36:30.595055103 MEZ804919494.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 32 62 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 55 d9 6e db 30 10 7c 4e 80 fc 03 11 23 40 5b 84 8e 94 c4 81 2b 03 45 9e fa 1f 94 b8 92 d8 d0 a4 40 d2 76 0e f4 df bb 3a 28 53 47 62 a3 b2 1f e4 f1 72 76 b8 3b e4 3e 6f 81 0b 46 2a a3 ff 40 e6 84 56 b7 c4 66 06 40 91 8f ab 4b 82 cf d2 b1 d4 d2 52 70 f0 48 fd 70 61 2b c9 de 12 a2 b4 82 4d 8b ff bd ba c4 ef b3 27 14 ca 0d 39 14 db 9f 47 31 09 97 c2 3a 6a dd 9b 84 41 f4 96 99 42 a8 84 44 dd ef 8a 71 2e 54 81 40 f3 79 ac 5e 37 43 be 84 e5 0e 8c 67 ed 05 a4 52 67 2f 1d 47 26 81 19 84 b4 2b 3d a2 95 03 e5 12 72 4d ae 47 7c 28 cc 93 e5 52 33 8c 91 90 bb b1 ba e6 13 37 62 1a 5c 28 7a 10 dc 95 09 59 4f 25 12 76 1b 94 8b 11 5b 31 f5 a5 e0 60 d3 f1 aa 4f 92 b2 ec a5 30 7a a7 78 42 76 46 7e bb 13 5b 56 80 bd 43 e6 65 a5 8a ef 58 46 6a a0 02 e6 26 f9 7d b6 4a 5b 51 1b 22 21 06 24 73 62 ef cb ee 74 95 90 fb 3e d5 3b 15 8a c3 2b 42 43 45 b4 ae c5 b1 39 99 96 1a 0b bb f8 19 a7 4f 3c ed c0 1c 6b 4b ad 78 c7 be c6 47 c6 06 3d 80 28 4a 57 77 42 f2 8d b7 81 02 5a 76 f8 fd d2 e7 73 f0 ea 28 93 a2 40 a9 19 76 0a 4c f8 07 87 4c 1b d6 6e 24 f0 ce a1 14 0e 28 56 37 6b 3c 75 30 ac da 20 3c 2a 46 fb 66 41 e2 d9 00 7e ac 8d df 4c 14 45 e3 fa 8d 97 0c da 99 94 7a 0f 66 08 e5 3a db d9 21 c4 b2 ba dc 3e d9 b1 97 f4 d8 93 38 8a 6e 08 8d 57 51 5f 35 bd 73 75 81 da 8a 7f 6e a9 f6 0d ad c4 52 59 eb 9b 4a 9a 44 4c 14 4e 22 ce 17 1c 45 33 96 1f b8 bc 3b 1b 4f 8f 73 27 26 40 bd 11 e2 f5 20 70 06 f6 86 6c 8c db 12 5c 78 0c 0f ba d3 db 24 38 9f fe 1f d3 f2 f4 7a 7f fc 3a a1 98 ed 9c 1e 69 eb a0 af 3d 15 52 9d 23 f5 61 5a c1 59 ce 19 e7 cd e0 4d 73 67 f0 ae a5 a1 b8 d9 be 46 84 76 26 bc 68 4f c5 22 ca 58 0c 0f f3 4d 3e ed c4 d3 61 f3 8a 3f f3 e4 19 1b 38 79 86 13 3c 58 2f d3 64 41 c0 5e 20 1d f0 2f 05 cd 93 04 01 1d 49 7f c9 ec 8c ad 6f 99 fa 1a 9b 54 f3 bf 6e 12 cf 58 69 d1 5d 93 33 db ee 05 75 8b 34 de 91 c2 e1 d4 59 3e 86 0b ea b1 c8 f0 be e9 c7 69 aa 0d 07 d3 3a 17 4f 13 b1 5a 0a 4e 16 bf 9b 67 3c ac 62 d8 92 f5 ec b4 5a e4 79 1e e6 c1 b9 5a 2f 21 b8 e0 63 44 d2 4e d6 fb e8 e4 d4 eb 38 96 85 c8 83 c9 87 6b 57 d1 4d 9d eb 1f 22 88 1d 18 05 09 00 00 0d 0a 30 0d 0a 0d 0a
Data Ascii: 2b5Un0|N#@[+E@v:(SGbrv;>oF*@Vf@KRpHpa+M'9G1:jABDq.T@y^7CgRg/G&+=rMG|(R37b\(zYO%v[1`O0zxBvF~[VCeXFj&}J[Q"!$sbt>;+BCE9O<kKxG=(JWwBZvs(@vLLn$(V7k<u0 <*FfA~LEzf:!>8nWQ_5sunRYJDLN"E3;Os'&@ pl\x$8z:i=R#aZYMsgFv&hO"XM>a?8y<X/dA^ /IoTnXi]3u4Y>i:OZNg<bZyZ/!cDN8kWM"0
30
Nov 22, 2017 13:36:30.617728949 MEZ4919480192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
31
Nov 22, 2017 13:36:30.714828014 MEZ804919594.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 33 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 55 df 8f d3 38 10 7e 3f 89 ff c1 52 05 b4 07 69 d3 ee 76 81 44 dc 89 45 0b 8b 74 3c dd 4a f7 88 5c 7b 92 f8 d6 b1 23 db fd b1 84 fb df cf 76 9c 26 69 c3 c2 2b a9 d4 b8 9d 99 6f ec cf 33 df 4c ee ae bf ec 99 a0 72 5f 67 52 98 64 b9 aa 0e e8 9d 62 98 bf 44 b7 c0 77 60 18 c1 2f 91 c6 42 47 1a 14 cb 52 22 b9 54 c9 e4 c2 3f e9 7f 4f 7e 9b 58 08 0d 44 0a fa 17 13 10 60 e2 9f 84 b9 f2 4f 0b d3 ec 04 e1 84 33 71 5f 3f ee b2 63 9a 19 a0 3f f0 2a e4 0e 54 eb 13 c7 f1 99 03 26 86 ed e0 07 28 99 24 5b 3d ee e3 f0 39 7e a8 2b 69 b7 c3 a4 48 32 76 00 9a 7e 8d 6c 2c 1c 2c 11 71 6a 64 95 58 3e 52 0e 99 f1 8b 02 58 5e 38 92 e2 a7 e9 9e 51 53 34 4b 8b 38 ef 10 3f 63 f2 e1 c3 f5 c7 5b 4c ee eb 8d fd ca 95 dc 0a 9a 6c 15 9f 16 c6 54 c9 62 b1 df ef e7 54 69 83 2d b9 73 a9 f2 c5 8e c1 9e 4a a2 a5 b0 fc c1 82 95 38 07 bd 28 3d 50 ee 80 e6 95 c8 67 0a 2a c0 e6 24 db f5 c7 5e 92 a8 c7 57 c6 b8 01 95 60 5e 15 78 2a 2b 4c 98 79 78 bb 8e 67 69 54 ca af 51 f8 23 89 e7 eb 38 1d fc b0 f0 bf a3 c2 94 1c 8d b2 84 37 5a f2 ad 81 96 0b 38 54 0a b4 b6 a6 a9 3d c1 b6 04 61 e6 1b 49 1f e6 9a 28 c9 f9 ad f7 42 7f a0 a1 51 66 99 06 13 8c 7f a2 ef 47 26 8f c4 bd 40 cf ab c3 f3 d9 f0 d2 4f ef b3 77 03 93 cc 3f bd 2b 5e a5 1d 61 8e 33 ca 74 65 4f 9b 08 29 20 dd 48 45 2d 81 97 b6 21 ec 91 19 45 93 f5 ca 7d 52 03 07 13 61 ce 72 91 b8 ca b0 8e c6 c8 d2 c2 3d 6d 2a 65 dd 94 44 8f c5 d3 ad 1d 49 2c b1 ca 99 88 5c a1 f5 88 8c 51 84 2a ac 34 7c 12 66 6a 0a a6 07 e7 5e ac 66 2f a6 77 d7 ff 78 cc cf 1e 00 bd ed 28 6c 17 37 1c dc 0b 3d 7b f6 5d 5b 60 fa 4e 56 e8 db b7 d1 4b b0 a6 d9 28 cd 88 95 b9 fb f5 c9 95 6a dd f2 b6 e1 92 dc 87 43 25 cb b5 65 2e b6 1f b7 08 6c 46 aa 69 a0 8e 53 42 48 6b 6b 79 1c 35 3a 8a 7a 16 d7 c8 c1 e2 39 3f 31 85 bd 12 5c 39 be eb 50 ab ab 75 d7 c3 7e 5d 61 4a 99 c8 93 57 36 fa c2 29 9f 97 3f 6f ca b8 c4 a6 b9 df 16 8c 4b 0d 0d eb f5 18 c8 72 19 62 1b 94 38 40 f8 13 0f 30 de fd 8b 0f 01 a7 8d ed a2 6c 5c 28 8a 8e 8e 7e c5 35 70 47 68 53 b4 d0 f8 88 7a c7 0c b7 72 de 1d a0 9f c5 26 08 b9 46 f2 04 28 e3 01 ce 65 e5 fd d5 cd f2 e6 ea c8 e0 65 17 e1 92 bf b7 f3 c3 96 4f 4d 38 60 95 58 d4 e2 98 d8 cd 26 5f 0e c7 af d4 09 8b dd e2 3e c1 5b 23 cf 5a ca c9 60 d4 aa ed fc 12 ca 91 44 4e 04 4b 49 31 3f b2 e8 81 cf 1d 51 35 e0 d9 9d 3f bc 5b 67 4b 15 3d 15 8e 81 16 b4 5b b9 b0 31 8d f0 af e2 d7 76 dd 49 c9 85 9f 16 eb be 06 84 3e 88 ae 42 1f 44 cb 38 50 d6 93 86 61 ea 5f 59 18 6e 19 85 bf 81 03 31 75 4b cb 9b 37 e9 09 ab 7e a4 86 81 9a 9e 57 98 93 e7 a0 bb 9e f7 d1 21 76 36 c3 ba 01 f6 c8 84 ee 71 de db e9 2f 30 d7 58 a6 70 09 23 dd d5 27 6a d8 cb d1 b2 6b ef 20 9c e9 97 d1 76 ff 1f 76 46 1d 94 47 0a 00 00 0d 0a 30 0d 0a 0d 0a
Data Ascii: 373U8~?RivDEt<J\{#v&i+o3Lr_gRdbDw`/BGR"T?O~XD`O3q_?c?*T&($[=9~+iH2v~l,,qjdX>RX^8QS4K8?c[LlTbTi-sJ8(=Pg*$^W`^x*+LyxgiTQ#87Z8T=aI(BQfG&@Ow?+^a3teO) HE-!E}Rar=m*eDI,\Q*4|fj^f/wx(l7={][`NVK(jC%e.lFiSBHkky5:z9?1\9Pu~]aJW6)?oKrb8@0l\(~5pGhSzr&F(eeOM8`X&_>[#Z`DNKI1?Q5?[gK=[1vI>BD8Pa_Yn1uK7~W!v6q/0Xp#'jk vvFG0
32
Nov 22, 2017 13:36:30.808300018 MEZ804919694.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 34 64 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 57 5d 4f e3 38 14 7d 0e 12 ff c1 12 5a 69 87 25 90 a4 4d a1 e9 53 4b 0b 54 53 08 ea 74 76 77 f6 65 e4 24 6e eb 21 8d a3 c4 05 66 2b fe fb 5e 3b 76 9a b4 a5 cc 8e 76 46 1b 04 52 9c 7b af cf b9 1f c7 06 af 0e 0f 42 16 b3 cc 43 47 61 8b d8 a4 d5 39 3c e0 e4 99 9b 11 09 59 86 39 65 89 87 12 96 10 58 7f 39 3c 38 8d 69 f2 90 af 94 0d 8e e9 0c 3e 87 24 e1 24 03 83 14 47 11 4d 66 66 c0 38 67 0b 0f b9 e9 73 e1 76 8c e6 7c 11 a3 c2 1b ad 16 38 9b d1 c4 e4 2c f5 90 2d 8c 5e 90 0e 8d f0 09 c2 e5 2e 86 c6 d6 b6 7b ad 7e 0f 82 19 fb c0 45 2c 5c 2e 00 cc 88 e6 1c 55 dd dd 76 db ea b6 df 72 57 00 bc 39 7b 24 59 09 63 fd 5a 0d 5f ac ae 00 37 82 47 ef 63 5d 76 ed 41 43 84 13 84 72 92 62 d8 86 65 12 cb a5 3f f2 c7 82 8a 7c 04 16 9d ae 98 4c b9 77 2e 73 55 ae 65 74 36 d7 8b 80 2d 85 08 45 d6 3c 64 ad 33 ad 53 0c 40 89 39 27 d2 07 d9 a7 2e 59 74 ea 25 fa b2 cc 39 9d 7e 2d 82 1d 3d 65 38 4d 01 fd e1 c1 13 8d f8 1c a2 58 96 8c 73 06 85 d2 51 e4 12 3a 3e ab 6c 8c f0 92 33 95 ac 80 3d 83 7f 80 c3 87 59 c6 96 49 e4 2d b3 f8 d7 33 ba c0 33 92 9f 05 b3 d3 2f e9 ec 1d 12 cc 10 94 19 65 24 25 98 9b cf db d0 55 ac 39 8b 23 89 28 8c 09 86 54 42 0b cd ab c6 76 fa 8c 1c f5 6b 4b c7 ca d6 90 f8 c0 8d 02 ab 08 d7 f3 fb 9f 64 c6 ef bb fd fe f0 ee da 1c 0f af 6f 26 00 5f f0 d1 6b a3 c1 d5 e6 52 cf 9f 4c fc 5b b5 78 db 1d 5f 0f ef 36 2c 26 fe bd 5a b9 f2 ef 26 e6 55 f7 76 38 fa e4 a1 df 49 16 e1 04 9f e4 38 c9 cd 9c 64 74 da 91 df 3f 0c ff 1a 78 b6 ad 69 1e 2d 30 4d d0 ca 30 00 9a 51 c4 2f 22 9a 8e 23 83 16 98 5c eb 17 bd bd 42 69 36 5c f9 fd 8f 61 7f 72 e3 a1 f3 a2 32 f7 fe 87 e1 64 e8 03 46 1c e4 2c 5e 72 d2 41 32 5c d3 85 00 37 83 82 74 53 18 ab f6 66 33 26 f3 32 19 fc 39 31 bb a3 e1 f5 5d 65 76 85 45 0e 26 38 79 d5 a4 06 ba 55 ef 57 3d f2 cd 62 79 cd 1f 39 b2 19 cb f6 b7 42 6c 93 46 c7 28 76 9c b2 6c 21 31 bd ca dd 39 af 72 77 9b 1b dc 33 12 c3 20 3f 0a ee af b1 a2 49 ba e4 9f a7 94 c4 91 dc aa e7 8f fb 03 01 25 90 8f 6c 2d 48 20 8d ca 42 7b a8 51 16 b9 20 61 cb 85 5e f7 f2 fd f5 d8 ff 78 d7 07 ef a9 7c ca ce 16 7d a1 7a 63 e4 77 27 4a 58 90 9e 1d d1 ec 46 65 22 c5 64 28 7c 63 82 23 1c c4 e4 8a c6 a4 26 7a 42 b5 70 5b 59 5d e2 54 08 d6 ce ef 46 6d fe 9d 62 96 8d e3 ba 2a a8 82 ed c4 70 94 93 98 84 5c 22 18 81 e8 ad de 30 fc 98 c5 7b cd 60 a2 41 29 12 27 a2 8f c2 26 a2 79 1a e3 af 1e 4d 24 a4 20 66 e1 83 c0 02 0a ca 69 88 63 e5 0f 42 51 6d 29 71 3c 94 02 88 75 c8 13 14 2c a1 d5 12 fd 8e b4 06 eb 4d cc 05 fb db d4 3b 31 a8 47 fd 73 0d 83 fa a6 8a 64 e9 77 ad 3a e5 c2 94 25 5c 4e 72 39 eb a8 32 ec 1b 87 c0 95 7c 04 13 e1 66 3e 15 05 08 40 e0 84 a5 f1 34 a7 9c 98 79 8a 43 e2 25 4c 48 b1 0e 50 49 a5 6a 60 f5 61 23 4f 0b 1a 45 31 29 b7 5d 66 39 ec 9b 32 5a 75 09 58 06 7a ba 66 50 51 cb a2 31 8b 33 aa 4c ab 3e e5 ea c9 dd 7d ca 95 04 6b 11 10 50 4a b6 aa 23 16 cb 12 a5 2c a7 f2 d4 5d 4f ad ca 6f cc 30 d7 fd 53 ab 00 12 3f a2 75 df 4a 85 b1 66 68 ca 53 c8 43 d5 13 29 4f 33 48 3b 9c 4c 3c 39 4d 93 d9 bb 4e dd a3 44 86 4c 5b 0c b2 e9 34 0a 25 db a6 b8 87 67 9d 6c 49 c1 15 ca 80 ac ff 12 a5 d3 96 20 cf db fb 40 be 85 b4 06 57 e9 84 bc 8e 6d 30 68 15 f8 51 d9 4c 55 61 51 f7 96 63 6d ec 48 e3 a6 f8 2b 09 d7 54 48 47 ff f6 34 7c 5e d0 78 7f 2a 64 b9 6c 5d 2d 54 5e 36 0b da a0 0f c5 1d c7 86 93 45 34 33 b4 da 93 f7 48 73 0a 8a 2b ef 9d c7 de 94 66 39 37 c3 39 8d a3 df ea ae db 0e eb 44 6f 24 f6 27 ea 50 eb db 74 28 88 22 32 6d fe ff 75 c8 d8 de af de d2 3b b5 e9 5f 48 d3 ae 39 f8 1e 61 32 ea aa e4 b8 3f 5f 96
Data Ascii: 4d9W]O8}Zi%MSKTStvwe$n!f+^;vvFR{BCGa9<Y9eX9<8i>$$GMff8gsv|8,-^.{~E,\.UvrW9{$YcZ_7Gc]vACrbe?|Lw.sUet6-E<d3S@9'.Yt%9~-=e8MXsQ:>l3=YI-33/e$%U9#(TBvkKdo&_kRL[x_6,&Z&Uv8I8dt?xi-0M0Q/"#\Bi6\ar2dF,^rA2\7tSf3&291]evE&8yUW=by9BlF(vl!19rw3 ?I%l-H B{Q a^x|}zcw'JXFe"d(|c#&zBp[Y]TFmb*p\"0{`A)'&yM$ ficBQm)q<u,M;1Gsdw:%\Nr92|f>@4yC%LHPIj`a#OE1)]f92ZuXzfPQ13L>}kPJ#,]Oo0S?uJfhSC)O3H;L<9MNDL[4%glI @Wm0hQLUaQcmH+THG4|^x*dl]-T^6E43Hs+f979Do$'Pt("2mu;_H9a2?_
34
Nov 22, 2017 13:36:30.808340073 MEZ804919694.46.14.103192.168.1.16Data Raw: 1a ea 70 df a2 f7 3a c7 57 44 c9 f9 01 aa 64 3b e7 12 e4 c5 3e 90 6f 20 dd 25 4a c5 a5 af ce 40 e6 e3 55 55 b2 2f 7e 90 d0 b8 6e 49 ad a6 33 df 2f 33 bb 55 06 6e c6 0c 26 41 5e 58 ab d7 6e 6b e3 62 6a 9d 5e c0 fd 7a d7 e5 77 eb ff cd 97 7f 00 ce
Data Ascii: p:WDd;>o %J@UU/~nI3/3Un&A^Xnkbj^zw0
34
Nov 22, 2017 13:36:30.838586092 MEZ4919680192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/logo.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
34
Nov 22, 2017 13:36:30.859172106 MEZ4919580192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/yahoo.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
35
Nov 22, 2017 13:36:30.912377119 MEZ804919794.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 33 64 39 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bd 7d 69 77 d3 ca b2 e8 f7 fc 8a 58 87 93 23 6d 77 14 3b 13 60 47 78 25 21 40 80 40 20 81 40 8c 37 ab d5 6a 3b c6 63 2c 39 03 c4 f7 b7 bf aa ea 41 2d db b0 cf 7b 77 ad b7 d9 b1 5a 55 3d 0f d5 d5 55 d5 25 bf 3d 1d 8a ac 3b 1a fa c1 af 1b 3e 59 e5 3c 92 43 31 4a e4 a7 8f c7 87 a3 c1 78 34 94 c3 8c c5 3c 3a 1e b6 bb c3 6e 76 cf 04 8f 52 99 9d 77 07 72 34 cd 58 c2 a3 6e fa 8e bf 63 83 e8 84 67 57 4c f2 28 91 f3 e9 eb a6 90 d5 63 e9 73 16 07 bf 26 32 9b 4e 86 ab 3c 1c 0d fb 23 9e 44 f1 cc 46 79 bd 18 45 4e 26 a3 89 1b e7 8a cf c5 19 f2 81 84 08 2b d8 84 61 e4 8d a7 e9 95 c7 ba 3c f2 32 99 66 1e fb 01 a1 b4 df 15 d2 63 e3 c8 9b c8 71 9f 63 b8 07 60 2c de 63 7d 08 b5 fb a3 d1 c4 63 03 08 8a 2b 3e d9 87 74 43 08 df f0 fe 14 e2 5e 47 5e 77 98 c8 bb f7 6d 8f 8d 00 3c e0 99 80 32 c6 10 1c 8f 26 10 f7 1a d3 4d 24 cf e4 51 5f 0e a0 d5 1e 9b 20 12 7a 05 42 91 87 55 f4 58 27 f2 3a aa f7 3c 36 8d bc ab 11 56 ef 06 ea 39 3a cb 26 dd 61 c7 63 b7 50 27 39 ec 60 aa 3b 48 3e 19 65 a3 ec 7e 0c d1 53 2c a0 df 85 9c 2f ba 09 a2 ef a1 51 e3 7e 17 32 c8 b0 7d d9 68 7c 3a 19 8d 79 87 63 1f 41 f6 08 14 23 4c fa 13 db 29 34 fc 06 e1 92 4f b0 fa fb ba 04 31 ea 43 c9 b6 80 57 b2 db b9 82 7c ef 00 72 35 91 d0 e4 03 48 33 8d 53 5d c7 7b 80 f3 f1 b8 7f 0f 59 73 6c da 4d 17 4a c5 de 3b 8c bc 1f a3 2e 94 f2 1c db f4 76 74 2b 27 87 3c 85 2a 1c e5 93 60 5f 8f 5e 7a db 85 3e f4 21 24 20 ca 6a a5 a6 86 d3 f3 ca bc 4e 90 aa 86 ac 56 ff d2 90 4d 0d 29 95 34 60 cb 46 39 da fa 8b cf cc 84 c8 a7 ca 01 14 66 26 8a 67 a0 5e 14 61 9f 8e da 6e cc 43 27 e6 ea cd a8 9b ac 56 4a 11 5f 5b 5b af ee f9 3c 14 a3 21 b4 7e 2a a0 95 65 cf 0b 9a d7 2d df d3 43 16 e4 79 bc 28 cc 4b 95 49 14 f1 87 07 6f 1d ca 84 cc 4a 31 84 31 98 a7 79 4e e5 76 db 7e 89 6b 5c 60 3a a2 de 1e 4d fc ba aa 83 b7 fa 6d f8 6d f2 2d f3 b0 68 de 1c f0 96 5f 09 82 7a c0 23 de 3c 68 f9 d5 e0 1f 22 f3 e6 6d 6b bd ea a4 a8 30 0d aa 2f f6 da 11 f7 6d 2b 06 e1 64 34 1d 26 fe 66 75 fb f1 f6 93 ad dd ed c7 7f 01 88 0f 93 d1 c0 0f dc b6 63 9a d9 8a 7d 7f a9 fa 02 1a c6 f9 6a 17 7a 8f 0f 05 76 f9 0b 1d 41 b7 72 35 6e 58 8a 03 1d 51 e3 d8 1d f5 57 fe ee 13 5b 31 99 0a 3e 06 b2 e0 14 86 51 7f 61 43 ee 61 1c ca 30 1e 87 f0 5c f5 82 3a 14 27 97 17 97 4d ee 4d 93 24 96 31 13 5c 4f bf 57 7e f5 71 30 93 7d 98 4f 85 72 a7 c3 bc 64 a4 2c 2f 79 64 c9 25 b4 8d 09 96 40 25 42 9e 24 47 37 b0 6a de 76 d3 4c 02 b1 6a 2c 82 7c 8c 5c 2a 25 d0 bc 90 67 19 17 57 84 5e 5b 2b bc fa 1e 4c cd 32 44 0d 66 ec d5 f2 b2 26 72 30 ba 91 f3 c5 2d 81 ba 25 26 b2 50 a2 f3 ea 94 58 cf 47 ee 98 e7 43 a7 b6 05 11 bd 6e 5e c3 24 02 82 32 e9 8e 33 e8 67 11 e2 0a 42 02 7b 97 6d fc e0 37 5c 63 00 c1 d3 fb a1 88 4a 15 08 a6 13 11 c1 4a 0d bb 40 e2 eb 98 51 12 bd 0e 81 00 6a 12 99 1e dc 9f f3 ce 3b a0 8c 79 ce cd 4a ab 9e 84 63 3e 01 fc 3b 98 16 21 8c a5 9c 64 07 12 a6 b7 f4 b1 1b cc f0 88 59 3e 1f de 38 6b 17 96 40 65 0f e7 76 83 43 66 35 cf cb a3 bd 35 0d 8a 23 de c0 28 b5 8a c9 ad b2 17 03 24 5e af 52 0a 8c f3 da 19 82 e0 57 76 d5 4d c3 31 10 c3 2e 90 e5 0e 0f bd 3a 41 3e 46 bf 66 b3 fa 6b de bc 6b 85 b0 2f 16 06 4d 27 fa d8 74 d2 96 79 0b 36 2a 9d a0 53 48 60 1b b0 34 95 49 03 84 28 e3 d0 27 cb 12 1a aa 15 51 52 c8 1d 67 6e 4e 78 df 10 a5 41 82 44 e4 eb f6 f6 36 f4 82 b5 35 5f 13 84 ed 20 27 05 cd e7 2d df 59 6e 6f f5 8c a0 b9 c0 92 e8 d7 74 d2 af 71 66 f6 8e 9a 77 95 65 63 8f e1 76 06 bd c7 70 d3 c3 67 52 1b ca 5b e8 47 06 6b f1 6a 34 c1 8e ad 13 a1
Data Ascii: 3d99}iwX#mw;`Gx%!@@ @7j;c,9A-{wZU=U%=;>Y<C1Jx4<:nvRwr4XncgWL(cs&2N<#DFyEN&+a<2fcqc`,c}c+>tC^G^wm<2&M$Q_ zBUX':<6V9:&acP'9`;H>e~S,/Q~2}h|:ycA#L)4O1CW|r5H3S]{YslMJ;.vt+'<*`_^z>!$ jNVM)4`F9f&g^anC'VJ_[[<!~*e-Cy(KIoJ11yNv~k\`:Mmm-h_z#<h"mk0/m+d4&fuc}jzvAr5nXQW[1>QaCa0\:'MM$1\OW~q0}Ord,/yd%@%B$G7jvLj,|\*%gW^[+L2Df&r0-%&PXGCn^$23gB{m7\cJJ@Qj;yJc>;!dY>8k@evCf55#($^RWvM1.:A>Ffkk/M'ty6*SH`4I('QRgnNxAD65_ '-YnotqfwecvpgR[Gkj4
36
Nov 22, 2017 13:36:30.912415981 MEZ804919794.46.14.103192.168.1.16Data Raw: 33 6b 3f a9 0b 5d 99 da c6 06 cc aa ca 5e 24 a0 42 30 fe 3a 67 43 aa 44 c0 74 2d 45 79 0b ea 89 c9 6e 70 42 6e 3c 7c fb d6 78 f8 97 5a f9 98 3c 48 42 ac 46 9e 90 9a 62 53 07 75 5a e7 a6 7c 13 97 e2 e4 b5 f9 97 5b 17 55 79 53 7a d5 e6 85 99 07 36
Data Ascii: 3k?]^$B0:gCDt-EynpBn<|xZ<HBFbSuZ|[UySz6I#OCs)Lkkk`powMRZ[XS}D>a"L@tFM]@~K!5ADIEv^`XvB&lnfX3fZ56 :?[;"!#?)?
38
Nov 22, 2017 13:36:30.912430048 MEZ804919794.46.14.103192.168.1.16Data Raw: 02 6a bb 58 4b 5d 91 31 54 e4 71 8e 19 8d 7a 5d a9 06 f3 94 3d 75 86 e8 84 df 1d 4e d3 6c 34 f8 cc 27 5d 1e f7 25 90 81 fb 98 b9 83 f3 19 17 d6 68 a2 f2 d0 12 67 0f 36 7b b6 f9 c4 89 75 26 d3 14 d6 f3 5c
Data Ascii: jXK]1Tqz]=uNl4']%hg6{u&\
38
Nov 22, 2017 13:36:31.091490030 MEZ804919794.46.14.103192.168.1.16Data Raw: ac 04 62 ed 2e 19 9e b9 68 12 a2 3d 75 a2 7d 94 6d e0 b9 e4 e4 3d 4c 85 49 17 a7 c2 6b 68 69 de b1 67 5d 98 28 63 29 13 77 2a 3c 07 4a b3 b5 a9 08 50 86 c3 7f 0a bb f4 4d 57 de 7a 0c 29 4b f8 82 b3 aa 83 25 c9 8b 41 b1 ed b9 74 6f 47 3c 51 f2 61
Data Ascii: b.h=u}m=LIkhig](c)w*<JPMWz)K%AtoG<QapYD5%b`S<lD!S9LgFi5,1(]o[5wb(&EEp7=*ib4z{( 4#OItN)-m-%I\#YL4+>|&XN
39
Nov 22, 2017 13:36:31.091528893 MEZ804919794.46.14.103192.168.1.16Data Raw: fc 96 90 7f 50 74 bc 43 39 c3 46 ae c3 17 31 52 0a 15 be 8c 51 f7 c6 61 c5 41 be d6 7e a4 89 80 f7 f0 ce 0c 35 20 75 ca 3a b0 60 64 ff c2 12 f5 90 ea d1 6e 91 9a 01 7a 73 c6 92 62 75 e6 f3 c3 80 10 ac a2 42 1f 0d 28 41 90 93 8b fc 6f 46 51 8d c7
Data Ascii: PtC9F1RQaA~5 u:`dnzsbuB(AoFQJa(K8MP&z(aQ+A%btGl[@s:fYYICd)y6G9fvj]~F6+l[uqQlIP.{RO2}5>V(GWNC+0,
41
Nov 22, 2017 13:36:31.091546059 MEZ804919794.46.14.103192.168.1.16Data Raw: 8d 08 b0 80 bd f2 77 9f 06 64 da 49 0c 5c 5c f6 ea ab 64 7e 0a 9c 3e 86 bd 7a 1b 0d 20 e1 70 20 ef c6 d0 94 14 10 3e 52 84 e7 3c 93 be 0d 05 cd 0e 10 24 e0 ff 82 30 1b bd 3c 39 57 d7 26 00 82 59 c0 ce a2 f3 50 72 76 c8 22 29 d3 08 9b 21 8f b8 96
Data Ascii: wdI\\d~>z p >R<$0<9W&YPrv")!^'l4$:OD!HMWtO>%Grqnil;S8'[VjBJ4?]Z@$=.`q|]x}xP)2fA'@{FEIA=pxhLq
41
Nov 22, 2017 13:36:31.118693113 MEZ804919794.46.14.103192.168.1.16Data Raw: 94 84 89 54 57 43 a0 f3 88 fa cf 45 c4 53 28 9e 31 50 82 fd 2b 89 12 12 44 24 b4 54 94 42 61 1f fa fd 86 f4 cf 52 64 3e e2 1f 93 bd b2 08 5f 92 1e 92 8c 4f 7c ef 91 9e 4a 9e 61 fb 80 c8 cf b0 47 64 f0 a7 bc 76 29 2f ef e2 f8 dd ea 2e 03 ba 59 65
Data Ascii: TWCES(1P+D$TBaRd>_O|JaGdv)/.YeBH#/JF?Li=+9+-/Cp>pHf&'e!Hy)Nru}`h#Et|CIwy^Z/EQDz_~3y
42
Nov 22, 2017 13:36:31.125693083 MEZ804919794.46.14.103192.168.1.16Data Raw: 32 35 32 87 22 cb 49 50 8f df c0 11 d1 c6 10 b8 97 87 af d5 7a 7a 0f 1d 59 23 c6 d8 d5 e8 e7 fc 71 7d e5 28 7c bf 70 ea a6 1d 26 0d e0 8f 3a e5 42 5f ba 22 f0 eb 40 8f 17 75 76 d8 43 4a 80 0f 4b c3 55 d5 61 ba 10 3f c2 c3 6e e3 a4 86 6f d7 fa ed
Data Ascii: 252"IPzzY#q}(|p&:B_"@uvCJKUa?novN!eWd',e\T1LO]4DPN@mmJTC%4kLjr"|G=#iNx+ pg6/3i_-E'b#eI
43
Nov 22, 2017 13:36:31.125708103 MEZ804919794.46.14.103192.168.1.16Data Raw: c6 63 33 2a 67 b1 d6 33 aa e5 8d 14 eb ef 0c 0b 59 cb 1d 0b 19 f4 b9 59 57 7a e9 c7 8e 7d 5b ec d8 b7 c5 8e 7d 5b d5 84 b9 70 0a 22 b3 31 6b af 55 30 d3 b2 89 5f 18 47 07 66 b6 55 9d 99 84 f6 95 ec f8 cf 0d b6 75 b3 e6 71 4e 1d 1d 23 30 1e 5e 72
Data Ascii: c3*g3YYWz}[}[p"1kU0_GfUuqN#0^rTtw5-dzmyjrj$Y9]O~u,F6wWQmt1lB{1J=eFn4PY-A:06IxWoN~n2&!
45
Nov 22, 2017 13:36:31.125715017 MEZ804919794.46.14.103192.168.1.16Data Raw: 21 ef 42 94 1a 57 6a 92 a2 db bb 39 43 ee 1a 6c 47 9f 70 5f 84 68 9f 13 1b cf 08 74 20 22 60 cd ad ce 62 e9 5f 91 d4 59 a5 57 43 33 49 27 74 dc 61 d0 de 4d 6b 36 7d a2 0f 58 5f e7 a7 b1 52 d9 d1 30 c7 73 3b b1 de b3 72 36 11 69 b2 2f 34 65 ca c5
Data Ascii: !BWj9ClGp_ht "`b_YWC3I'taMk6}X_R0s;r6i/4e@(%`08h,<pQ=y.WK1)r(UWNq"uP6<J?J|Pv)}}`x<M/Fz$aHEM19G59$I\1+|],mSi,
46
Nov 22, 2017 13:36:31.132934093 MEZ804919794.46.14.103192.168.1.16Data Raw: de ff 1e 25 18 e4 77 df 23 09 81 f4 aa 3b 1e 77 87 9d ef 51 1b de 44 37 bb ff 1e 1d 10 22 e3 99 fc 1e f5 10 8a de bf 26 80 48 31 f7 4c 0e d2 ef 91 09 d0 dd 5b e3 9d 78 c6 3a bf 6d 05 6e 8c ba f6 0f 0f 6d 0a a0 40 b8 42 ff 3c 4f fd af 44 84 3d 64
Data Ascii: %w#;wQD7"&H1L[x:mnm@B<OD=dQt[*&L8T^T)z{(NeY.nR45a~zRL@4`/}LvFrYG]!zUpR'lcsFdh #AmQ-+e>+KxW^=9iA
46
Nov 22, 2017 13:36:31.193711996 MEZ804919894.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 34 30 30 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e4 bd 69 77 db b8 b2 28 fa bd 7f 85 cc dd 47 21 23 58 53 92 de bb 45 d3 ba b6 a3 59 b6 93 58 9e 22 2b fb d2 12 6d ab 23 4b 6e 49 8e 9d 16 75 7e fb ab 01 00 41 8a 4e 7a 9f 75 ef 5b 6f ad d7 83 45 82 18 0b 85 aa 42 55 a1 50 78 fd 4b e6 75 e6 8f 8f 8f c1 fc 7b a6 ed 7f f3 4f 86 f3 f1 c3 32 d3 1d 5f cf 7d 48 fa 56 ca bf c9 97 31 cf dd 72 f9 50 29 14 fe f8 13 b3 e6 87 b3 fb 02 a4 e2 87 83 d9 c3 f7 f9 f8 f6 6e 99 b1 87 4e a6 5c 2c fe 9e 69 cf ee a6 99 4f c1 62 7c 8b 19 de 3f fa 93 cc 64 3c 0c a6 8b 60 94 79 9c 8e 82 79 66 79 17 64 0e 5b bd 8c 3f 1d 65 1a 1f ba ea f3 22 6f 34 35 9a 0d 17 79 a3 bd 2e e7 91 cd be f7 97 41 85 9a db 2e 96 b7 4b bf 67 4a ff ac bc 79 5b 29 97 32 db c5 77 c5 62 c6 ee dd 3d 8a 0c a4 d7 83 6b ca e6 60 a9 4f c1 b7 f1 62 3c 9b 56 32 bf 95 df fe 06 29 85 5f ec 9b c7 e9 70 09 69 b6 b3 fa e6 cf 33 13 6f 79 37 5e 88 5b f1 dd 9b e4 19 32 e2 01 1e 7f 15 33 9d 80 af 9e 2e 57 13 75 67 35 0f 96 8f f3 69 66 1a 3c 65 66 f9 9b 69 7e 3c 1d 2f e9 cb 5a bc f7 0a 5f fa 5f 76 06 af ed 1d 3b 1f 5e 2d 9c dc ae d3 ff b2 3b 78 fd 6b f8 e5 1f 76 ff ea 69 7b 90 73 7e 2d 88 1b c8 97 ef 7f a9 fc e3 aa 7f 95 17 f0 b9 e0 62 55 de 2c ff 30 9f 2d 67 cb ef 0f 81 b7 c2 7a 2b 46 d3 4d 67 55 f3 6a 61 08 d0 7a bc 0f a6 4b 77 7c 63 d7 f2 d3 d9 28 e8 41 7e 67 85 83 e9 17 07 5e cd c5 a7 fc 24 98 de 2e ef bc 12 bf 0d 67 d3 65 f0 bc 84 8f b2 fb 98 ba 86 1a b0 ad d9 4d a6 e6 79 9e b5 58 ce c7 d3 5b 8b a1 d3 f0 de e7 83 e7 60 68 d7 1c 6c a9 91 cd da 8d 7e 69 10 86 5b 4d c7 59 61 0a bc 61 97 66 f9 e1 24 f0 a7 76 1f 13 06 d0 cd 75 30 59 04 54 47 cb 53 9d cd df 06 cb da 24 c0 c7 fd ef ad 11 14 7e 33 a0 7a 5b d9 6c 2b 3f 1e 6d 79 94 a2 80 3b b3 9d fc cd 78 3a 82 c6 d7 58 51 dd 9b d9 ad 30 ec 43 99 ba 1e 8b 06 44 3d bf 08 26 c1 70 39 9b 47 e3 ab af b9 1b ba c2 66 54 23 7f 81 c6 67 f9 f1 a2 ae 21 ec 18 cd ab ba 9d fc 3c f0 47 df a9 14 c1 5b b5 94 cd d6 54 47 18 f4 46 1f f4 63 02 f6 ea 69 6d cc 01 e4 5d ee cd e7 fe 77 ea 0c 3f d5 9c 6a ad 32 cb df fb 5f 03 95 00 c8 a5 2a ad 58 96 e0 c5 52 b1 68 d1 5a 62 31 fe 2b a8 18 d8 6d d6 cf 78 b0 16 30 01 06 36 e9 3c 38 f1 b7 55 6a 26 42 be fc 02 97 69 7e e8 4f 26 36 56 e2 54 08 b9 6a 83 b5 78 78 5c dc 9d 2c fd e1 d7 a8 b2 ba 68 8a 9a 42 9a 99 5d 77 dc 06 54 15 7c 3b be fe 03 3a 4c 8b 0c 52 14 14 4c 90 20 02 34 11 f3 70 66 00 ef 1a 11 10 63 20 cd d9 b1 d7 aa 95 b1 00 0a 4e ae a6 67 b2 f9 83 c2 56 de ca 35 73 96 6d e5 6a 39 cb b1 d6 0a fc 0d 84 29 03 3f 06 19 73 f9 14 dd 24 68 10 00 79 ff e1 61 f2 9d 3a 05 23 8f 2d 29 11 f8 c3 3b 13 36 11 a8 67 79 fc c6 a5 30 7d 2d 60 d4 c1 73 da ac 00 2e 4c e5 d4 23 a2 f1 74 57 6b b0 bc 2b 35 41 33 b2 16 fe 72 39 8f 4f 42 83 27 a1 e6 d5 dd 68 65 d7 63 2b 5b 02 fc 36 86 23 50 6d 36 3b eb 37 c2 d0 c2 4a ad 81 2d 53 91 a8 11 84 6b de 6a ed d6 fa f5 81 d7 5c c7 b0 97 46 a4 3b d1 72 56 37 b3 b9 5d cf 8c 01 b1 9c d5 2c 8f d5 d9 8d 2a cf c7 f2 fb 24 a8 c8 d1 13 a5 7b 90 10 84 7a 45 43 b4 a0 35 58 65 30 b2 e1 62 51 89 d3 5c e8 b6 0d 98 6a 3d 8d 47 cb 3b 2b 0c f1 f9 2e 40 5e 64 39 d9 ec 83 3f 5f 04 f5 c9 cc 5f 02 f2 ed 14 9d 55 dd bb 8d f5 92 ba 01 15 09 6b f8 38 3f 38 39 b1 a0 11 c4 3f 03 7c d4 86 02 d9 16 54 3f 23 ec b5 b2 59 78 9b 3e 4e 26 f1 55 15 dc 3f 2c bf 03 91 02 44 08 80 a8 d8 1a 8c f2 21 3f 7b 9a 06 f3 f7 92 8a 44 44 db c9 0f 81 a0 2c 83 1e b4 7e 04 a4 db c6 31 f3 a4 59 96 2b 31 a4 1e 86 04 18 63 45 1b b8 93 1f de 8d 27 23 2c 1c cb 81 dd c7 af 8a 21 6c 79 ff 02 ea 9c f3 12 89
Data Ascii: 400aiw(G!#XSEYX"+m#KnIu~ANzu[oEBUPxKu{O2_}HV1rP)nN\,iOb|?d<`yyfyd[?e"o45y.A.KgJy[)2wb=k`Ob<V2)_pi3oy7^[23.Wug5if<efi~</Z__v;^-;xkvi{s~-bU,0-gz+FMgUjazKw|c(A~g^$.geMyX[`hl~i[MYaaf$vu0YTGS$~3z[l+?my;x:XQ0CD=&p9GfT#g!<G[TGFcim]w?j2_*XRhZb1+mx06<8Uj&Bi~O&6VTjxx\,hB]wT|;:LRL 4pfc NgV5smj9)?s$hya:#-);6gy0}-`s.L#tWk+5A3r9OB'hec+[6#Pm6;7J-Skj\F;rV7],*${zEC5Xe0bQ\j=G;+.@^d9?__Uk8?89?|T?#Yx>N&U?,D!?{DD,~1Y+1cE'#,!ly
51
Nov 22, 2017 13:36:31.193727970 MEZ804919894.46.14.103192.168.1.16Data Raw: a5 aa 4e 38 f3 27 8f 41 85 78 18 02 c3 ee e3 97 01 4d 81 c6 e9 da 5a 3c cd fd 87 bd c9 24 86 a6 b2 31 18 28 a3 1c d2 67 46 cc 8d b1 c3 88 27 b3 69 60 13 b5 57 39 60 c6 e0 13 8e 01 26 0b 70 7d 11 cc 97 fb 01 e0 4e a0 eb 5d d7 81 00 3e 24 79 76 83
Data Ascii: N8'AxMZ<$1(gF'i`W9`&p}N]>$yv @gG\ObE0\Sr8 <*Up_"?? c RG$]D9-9kkQ4;f7Ksr:_OR?n(pf
53
Nov 22, 2017 13:36:31.193736076 MEZ804919894.46.14.103192.168.1.16Data Raw: 7b fe 2d 7d b7 96 d7 b3 d1 77 0b c5 e9 30 3c 8a 09 f5 47 3f de 07 c8 82 8e 53 39 82 a5 ec 6a 13 80 a1 ba c7 b4 a8 f7 7f 69 15 56 3d bf 98 0f 49 2d f6 87 ff 6c af 1e e7 93 0a 25 09 7f f1 7d 3a ac f0 5e 13 c5 2c 24 c1 15 6b 41 16 1a 6b 2d 49 21 c8
Data Ascii: {-}w0<G?S9jiV=I-l%}:^,$kAk-I!?!-C=`ejJA@{W^<ljA94tf(43$Z%%fBxlz6CvKTku[1<ZU7B&1tralm5i-xm
54
Nov 22, 2017 13:36:31.231808901 MEZ804919894.46.14.103192.168.1.16Data Raw: 91 9e 48 41 3d dd c8 52 d7 b3 92 cd 46 cf 80 ab a7 d0 bd f9 81 bf 00 d2 e6 a1 d4 6f 26 24 ad 36 0d d1 41 92 4d db 18 a0 5f 45 a0 5f 0d c5 fa 98 69 31 41 c1 15 88 d4 a1 26 29 03 ee 80 a4 f0 d2 e8 d7 50 77 06 79 88 cc 39 ab 6b 80 c4 d7 b5 14 08 35
Data Ascii: HA=RFo&$6AM_E_i1A&)Pwy9k5IR^JZeQL7>dt[4Es1G.tp6Mfh - k=8nD1w-c6Eg<^k%G+g=<[jH`sJE$D7I]i+80n+D<C]0|{3jCd
55
Nov 22, 2017 13:36:31.231826067 MEZ804919894.46.14.103192.168.1.16Data Raw: 83 d0 ee cb 96 c0 06 10 3b 69 d1 37 8d e5 00 ae 06 32 bf b6 d4 5e 19 30 c3 74 a1 37 f3 d9 2c 88 1e 68 31 47 0a 18 86 fa 31 4e 43 90 2c 26 77 fb b4 f5 a1 5e 51 a1 08 ba d5 c4 7b 0c da f8 cd a9 d0 5f 2d 19 50 7e d3 fe 4d ee 9a 0f 86 b2 bf 21 fa ed
Data Ascii: ;i72^0t7,h1G1NC,&w^Q{_-P~M!\IC*#Qt*{D[d$M^nmtM_&m9nQ'0'a~V<aHVHK`c:\-nrBjBx)"xoey7=Q3C
57
Nov 22, 2017 13:36:31.231832027 MEZ804919894.46.14.103192.168.1.16Data Raw: 4b 9f 54 1d 25 8f e5 98 93 6e 1c 75 88 1d dc f9 e9 02 49 39 fa 54 37 fc f9 10 43 b5 a9 ec 8f d8 d9 ea 1a 29 ac f5 26 40 1b 77 6a 74 20 45 3a 7d 97 8a 64 51 c2 35 75 e7 59 ec 54 62 e5 60 4c e2 1b 2c bf 3d 14 a5 22 c7 94 21 b4 1e 54 56 6b 72 af 8a
Data Ascii: KT%nuI9T7C)&@wjt E:}dQ5uYTb`L,="!TVkrZhT*uiZf&-|roCf=K?;D~B~Wb{eB(`fgiD!HgPY-+K%%IT/qiG,hIu
58
Nov 22, 2017 13:36:31.239486933 MEZ804919894.46.14.103192.168.1.16Data Raw: c6 38 cd 45 97 45 ef 0b 5c 43 66 e4 0d 5c 58 e3 88 ad 9f 26 6c 4b 6a 1f e6 fb 80 e6 fe b8 ef fb 03 56 16 b9 be 2f 75 56 9c 9a cd ca 07 79 54 36 0c f9 35 56 5f 36 db b1 61 2d d3 07 c7 d1 5d 81 69 a1 94 a4 67 e5 df 68 34 a5 91 b4 6a 65 c5 35 82 ff
Data Ascii: 8EE\Cf\X&lKjV/uVyT65V_6a-]igh4je55x}II69/qiN23S@^Szz-Bk$^@{\,""=NX./(#f|,.}@4{k|5D=*NAA
59
Nov 22, 2017 13:36:31.239500046 MEZ804919894.46.14.103192.168.1.16Data Raw: c0 c0 97 e2 34 67 e5 f0 85 8b c0 f2 c5 82 b4 82 72 f0 17 d3 4b 8e b3 8d a3 7d 33 80 79 7c 33 d8 2e ae 7b e8 9d 03 34 43 2f b1 35 4b 35 7a 28 17 12 7f 2e 15 53 3c f7 2e 52 61 4c 14 ee 33 6a 70 24 13 47 74 e7 8d 90 99 44 54 94 46 e4 59 ff ed d1 56
Data Ascii: 4grK}3y|3.{4C/5K5z(.S<.RaL3jp$GtDTFYVG/J\y%C7I>50,|z,6 [|<"raH\H5JCH^C/Me*Nc|$8>X/8emhUEeLz.p?0Jym-TVA2Kzn
61
Nov 22, 2017 13:36:31.239506006 MEZ804919894.46.14.103192.168.1.16Data Raw: 44 67 31 65 9d 55 90 5e 2b b7 a4 9e 75 95 00 1e 1b 9a e6 d8 da 90 70 f9 d3 d6 37 73 70 eb 6a 54 97 09 d1 e6 02 fe 8b f5 ec 7c bd ee c5 dc 95 4f 9d b5 03 b3 9f 44 a7 de 8b e8 c4 a1 26 7a 3f 8a 62 76 30 bb e7 bc 20 ba 10 07 79 d9 1a 6f 78 f0 c8 d9
Data Ascii: Dg1eU^+up7spjT|OD&z?bv0 yox$!F*Szm)0NKI2n%1BzglkSPf7g.9/fT:,qtjU\;B}9mbB]L\!CrW;!DL<:6x
61
Nov 22, 2017 13:36:31.245038033 MEZ804919894.46.14.103192.168.1.16Data Raw: f5 22 2a 92 be d5 a8 be a0 71 f9 c1 ce a4 f4 db fa 05 3d 0d 0c ab 97 cd a2 8a 44 6a 23 ab d1 23 94 ac b0 bb 81 0c ea 94 6a 60 89 33 81 de df 0b 4c db 4b 06 a6 fd 68 f7 92 f1 68 5d 3e d1 68 28 1d 95 d6 f5 9c 8d e8 96 05 68 4a 5e 2d aa 0f 55 74 14
Data Ascii: "*q=Dj##j`3LKhh]>h(hJ^-Utr'v&Otyt}fNj23q{woP@4?;gxt0=6G<o:.bzUp6J)-}p*a~$}jr:w_(Jtxus#
62
Nov 22, 2017 13:36:31.246783972 MEZ804919894.46.14.103192.168.1.16Data Raw: 4b a4 09 8c 81 de 36 f2 de d1 86 21 9e 57 a6 99 d1 52 95 b9 80 d9 ca 6c 43 ec 51 67 72 e5 b1 b5 60 54 55 29 5c 99 3a 74 a0 43 d8 a3 96 2e 08 68 15 18 07 5a 2b b7 6b bc 20 0c 53 bd 96 8e 5a f8 42 24 5f 0a 0e c3 01 ff 8e cc 03 7f 47 de b1 3e ba d2
Data Ascii: K6!WRlCQgr`TU)\:tC.hZ+k SZB$_G>(n=U_MLZx5<' q,'-$ou94faRb;Y[~0g`ih{UC#eDj[;pOx8dS8R4ltg;{/
63
Nov 22, 2017 13:36:31.323414087 MEZ4919780192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/aol.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
68
Nov 22, 2017 13:36:31.391870975 MEZ804919994.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 32 35 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 7d 6b 77 db 48 8e e8 e7 9b 73 f2 1f 68 ce bd 16 19 51 b2 e4 38 e9 b4 64 da c7 0f 39 d1 b4 1f 39 b6 92 d8 e3 68 73 28 91 b2 d8 4d 91 5a 92 b2 ac b4 67 7f fb 05 50 0f 16 1f 52 d2 73 76 76 7b c6 92 58 0f 14 0a 85 42 01 28 80 d9 79 a5 0d a6 7e a2 85 51 ea 8f 3d 6d b6 48 52 6d e4 69 8b 30 8d 16 e3 a9 e7 6a 4e aa 39 41 a0 a5 fe cc 4b 9a 2f 5f 9c 44 f3 55 ec 3f 4c 53 cd 18 9b da 6e ab b5 db 80 8f 77 da 17 27 48 bd 58 fb 47 14 87 4d ed 08 3a 50 a3 44 8b bd c4 8b 1f 3d 17 ba be 7c b1 fc fe 2d 8d a2 20 f5 e7 cd df 93 ff a3 3d 36 b5 37 cd d7 6d ac 19 4c 3d 2d 70 52 0f 46 7f f4 e2 c4 8f 42 0d 90 72 1e 1d 3f 70 46 81 07 58 bc 7c 31 4d d3 79 67 67 67 b9 5c 36 97 34 da 77 1c 6c 1c cd 5e be 88 62 4d a9 75 bd 47 3f 76 aa 6a 94 7e ae 87 e3 9e c4 1e 8c ea 6a ed 66 7b b7 89 b3 d1 46 2b 75 2e 9a f1 c5 1b 75 d6 80 80 01 34 f3 e5 8b 73 07 b0 9e 45 ae 3f f1 3d b7 a3 fd d2 6c b7 11 d4 3b 84 df 73 92 55 23 8d 1a 8b c4 d3 c6 71 94 24 8d 51 1c 2d 81 24 1a 27 04 d2 f4 ef 48 74 3f 1c 07 0b d7 d3 52 a0 44 32 8e fd 79 8a a4 c7 a7 91 f7 e0 87 a1 1f 3e 68 d1 84 0a f6 47 91 bb 3a d0 12 6f 9c 02 a1 2c cd 09 5d e8 fe 18 fd 01 53 1a f8 73 a3 36 60 b0 b5 d4 7b 4a 6b 26 0c a5 25 d3 68 49 ed 3e 85 d8 82 ca a6 3e 1f 8e a3 62 69 93 18 66 84 25 ae 97 f8 b1 e7 be 7c f1 61 70 71 ae 79 8f 5e 98 4e a1 77 00 4b d3 d4 7a 4f ce 6c 1e 78 9d 97 2f f6 1d 2d 0a 67 11 4c 2e 82 55 b3 75 1a fc 26 9a 79 7c 64 5d 56 2f 52 5b e7 43 eb da 34 f6 26 b6 ee 87 ae f7 d4 9c a6 33 fd e0 62 a5 4d b1 d7 dc 79 f0 f6 77 9c 83 97 2f 2e 23 6d 1c 85 a9 e3 87 40 aa d3 fe 67 e0 a3 ff 5c 20 4a 40 ae e3 15 e0 37 71 16 41 6a 69 4b df 4d a7 34 b1 a9 47 5c 89 24 e2 94 d5 9c 18 18 67 91 46 33 07 78 1b 98 78 a5 39 ae 33 c7 e5 4e 19 78 98 16 c0 eb 27 34 43 6d ec cc 89 d7 00 84 bb 0a 9d 19 ef 03 0d 61 72 29 d2 df 89 47 7e 1a 3b f1 4a 63 74 09 bc 19 80 48 10 9c 18 f4 e5 0b 60 20 ec 88 ed 07 ce c3 20 22 a2 f4 4f bf 45 93 6f d8 eb 1b ef 05 3b e1 db c8 fb c6 a1 7b 2e ac 93 1f 26 a9 e7 b8 88 00 51 ca 82 1d 33 f5 c7 53 6d e6 39 61 a2 ad a2 05 40 0e b5 f9 02 b8 65 36 8f e2 d4 09 81 04 89 e7 c4 e3 69 c3 0b 81 4b bc 46 0c e0 1f a1 5c 4b d2 c5 64 02 20 15 dc 60 ae 47 f3 39 34 77 42 d8 ea db c0 58 53 e7 d1 8f 16 71 8e 6a 38 04 48 00 58 1e ff d1 77 17 82 06 13 ff 61 41 2c f1 e8 3b f0 3c 9b 01 d1 13 58 b1 24 61 f4 64 6c 05 db 4d 4e da a4 3d 3f 70 46 da 17 5c a5 8e b6 07 7b a5 7f d2 bb bc e9 75 b4 f3 f7 1f cf d9 c6 87 7d 1e f8 23 a2 2a fc 9c c4 1e f0 7f 34 49 97 b0 7a 5d 39 67 18 d9 4f d2 d8 1f 2d 52 40 2d c5 15 df 89 e2 97 2f 68 db ad b0 64 01 ec 14 33 76 f6 e2 59 22 f6 ca fb cb 4f da b9 97 e0 8e 7b ef 01 33 39 81 f6 71 31 0a fc 31 e0 02 02 2f 84 7d 69 20 2e a6 e6 c0 6c b0 26 41 a9 07 8b 88 bd cf 10 9b 1b 8e 8d 76 16 c1 20 0e ee b9 ae e6 f9 50 0f 08 08 69 b5 db 6c 8b 21 39 5c 0b 89 61 c0 1e 5e 11 85 e7 d8 0f 46 09 57 24 e8 62 21 e7 9a 55 54 c8 26 8b 3b 9b a0 4e a3 39 ee 56 80 07 93 5d fa 20 61 51 4c 27 de 64 11 00 9f 40 53 ed 4b 7f f0 e1 ea d3 40 3b ba bc d3 be 1c 5d 5f 1f 5d 0e ee ba d0 34 9d c2 f6 63 2c 8e 80 80 75 02 10 54 1a 4c 09 18 21 5d 01 da 2f 5f 5c f4 ae 4f 3e 40 87 a3 e3 fe 79 7f 70 87 a8 9f f5 07 97 bd 9b 1b ed ec ea 5a 3b d2 3e 1e 5d 0f fa 27 9f ce 8f ae b5 8f 9f ae 3f 5e dd f4 08 f1 33 68 38 8b 62 94 18 b0 59 03 20 7b b8 99 ec 92 3a 2f 5f 24 40 5b 45 b0 3e 84 8b 66 14 3f ec 8c e1 84 09 bc 49 ba 13 50 7f 94 10 c1 cb 17 af 76 80 d6 4e cc 39 d1 0e bd a5 76 35 fa 1d 24 a0 61 76 b1 3c 4d bf 9d 7a a3 c5 83
Data Ascii: 251b}kwHshQ8d99hs(MZgPRsvv{XB(y~Q=mHRmi0jN9AK/_DU?LSnw'HXGM:PD=|- =67mL=-pRFBr?pFX|1Myggg\64wl^bMuG?vj~jf{F+u.u4sE?=l;sU#q$Q-$'Ht?RD2y>hG:o,]Ss6`{Jk&%hI>>bif%|apqy^NwKzOlx/-gL.Uu&y|d]V/R[C4&3bMyw/.#m@g\ J@7qAjiKM4G\$gF3xx93Nx'4Cmar)G~;JctH` "OEo;{.&Q3Sm9a@e6iKF\Kd `G94wBXSqj8HXwaA,;<X$adlMN=?pF\{u}#*4Iz]9gO-R@-/hd3vY"O{39q11/}i .l&Av Pil!9\a^FW$b!UT&;N9V] aQL'd@SK@;]_]4c,uTL!]/_\O>@ypZ;>]'?^3h8bY {:/_$@[E>f?IPvN9v5$av<Mz
69
Nov 22, 2017 13:36:31.391896009 MEZ804919994.46.14.103192.168.1.16Data Raw: 9d c6 0b 8f 35 85 a2 5e 88 3b da 55 0a 81 3b 13 62 4f 7b e2 04 09 14 32 80 cd a3 11 88 b0 42 d9 f1 c3 49 14 44 b1 5d fb 5b 6f b7 f7 cb d9 59 4d a9 e9 cf 1e ec 9a 52 10 c5 c0 7e a2 79 ab f5 ba f5 eb af c5 da 9b 14 e6 65 d7 92 28 f0 dd 62 1d ed 10
Data Ascii: 5^;U;bO{2BID][oYMR~ye(b-KO@BxR'@?N$R>N5ub-fvFR6,k&a9y8+{J1);+=Y9s\m7]R,#~Ov hP1
71
Nov 22, 2017 13:36:31.391912937 MEZ804919994.46.14.103192.168.1.16Data Raw: f4 dd 74 e6 73 0f b8 59 36 50 d5 c5 a7 b4 a8 1a ba 23 76 62 5b 74 18 59 5c 4f c2 ef d1 71 f4 74 15 90 8a 88 3e 55 a6 1a c6 df ac 4c fb 20 ad d1 79 02 7d ed 36 fb 49 3a a4 38 04 84 36 80 30 fe ce 4c 32 f1 1b ad 36 fc ed 05 a7 74 80 5b e2 a4 25 0c
Data Ascii: tsY6P#vb[tY\Oqt>UL y}6I:860L26t[%/Sh(b~k3zSzKG3yyZpU$_^2,d,tj<SkH ;8A2)lDY3T[I?t|>(
71
Nov 22, 2017 13:36:31.406300068 MEZ804919994.46.14.103192.168.1.16Data Raw: be 55 16 3f af 58 0a 7b 08 11 b2 ff bb e6 54 b9 ba d2 26 02 3e 0a df 92 98 40 e5 0a 10 cc 8c 2a 6c 4e 66 15 f1 00 9d 39 92 67 b3 b3 5b 59 8b 0a 95 40 a8 52 f1 c2 cb 56 17 6d 8a 18 2c bd dc c5 a6 bc 44 e5 57 7a ae d6 bf bc e9 9f f6 d8 65 1e a0 22
Data Ascii: U?X{T&>@*lNf9g[Y@RVm,DWze"o/@\p$px/RKF"c&:Gr*3Fmqpqn4t"? >3WP0QeL7|iqr+:8h.kIBEYH}||
73
Nov 22, 2017 13:36:31.406325102 MEZ804919994.46.14.103192.168.1.16Data Raw: 39 d8 00 29 ab 16 b0 de af 87 73 76 74 d2 5b 0f 86 6a 39 14 f9 5c 05 e6 a6 ff 8f 0d 60 a8 56 01 43 cf 59 58 09 5d df 1e 0f 2e 87 8a 78 50 8a 09 f9 9b a1 04 5b 28 57 1c f9 ba 6e 89 ff 9b ca 41 ba 57 3e 3d cb 60 f0 5c 2a e0 5f 6e 61 1b 3e 70 f2 61
Data Ascii: 9)svt[j9\`VCYX].xP[(WnAW>=`\*_na>pa%;?ZT.EVV22[A8OMvJ"kFw0$Gq;?+b ha{gW3!{\qq'-r76l Y(>^}O_C(=8hs?]|pu(9+T
74
Nov 22, 2017 13:36:31.406348944 MEZ804919994.46.14.103192.168.1.16Data Raw: 63 95 63 b6 80 e9 89 79 54 92 bd 53 23 34 de 15 e0 d2 1c f8 ce e6 1b c6 17 fb 4f 71 59 67 d0 fc 5c 00 89 ff 23 8e f2 37 ce 43 65 fe 53 ef 08 4c 03 76 23 44 86 cb 6f be 9b bb 23 c2 78 f2 20 e5 31 e8 01 79 99 58 69 8a e9 86 ac 9c 7e 62 0d f6 b6 a1
Data Ascii: ccyTS#4OqYg\#7CeSLv#Do#x 1yXi~b@x#:ci"%h{kp)5g20w#"\%v$"r{P`nq+}u$6Ea}1wCG?xP,M%]P=^" tU*
75
Nov 22, 2017 13:36:31.492424011 MEZ804919994.46.14.103192.168.1.16Data Raw: f2 30 d3 1e 64 d0 16 ab 46 fe ca 82 91 ca eb 51 31 b2 9c d3 da 91 b7 7e 30 f4 d6 c6 b1 b3 e5 2e 8c 5d c4 2d 4b ef c6 47 ca 2f c7 dd c6 17 98 6f db 21 c6 73 32 ee cf 55 dc 96 6f a5 8a e3 8b f3 87 ed 3e 1a 83 03 ed 88 ad 88 f5 ee 93 fd 2f b0 94 ca
Data Ascii: 0dFQ1~0.]-KG/o!s2Uo>/*@lsFnnL>U-LX[b#!%&Bv[1cNF{-aWb|3n1AM~#S4zV_xE(;jlLG.Pr0ZZ
77
Nov 22, 2017 13:36:31.492450953 MEZ804919994.46.14.103192.168.1.16Data Raw: a9 da b5 f5 d1 d4 2c c9 a2 56 af e6 c8 7a 0d 23 ef 29 72 bc 55 af 55 0c 00 34 b4 6b f4 6f 11 8c 9d 80 a7 03 e0 3d a8 8e 79 6e 94 3f 00 4f 3a 35 3c 2e 35 1c 51 14 ae d2 96 15 60 73 5c 29 bb 56 08 5e 07 14 74 6d e7 80 92 34 64 6a 8b 48 8c 50 d2 3e
Data Ascii: ,Vz#)rUU4ko=yn?O:5<.5Q`s\)V^tm4djHP>!T/ 2Pa)]!]x?{`Nq)%#e+bC"I.o4[t1~tt\]}m,)%euz<l=d/~"AOYqk62~3hyHS>]>9S&a(
78
Nov 22, 2017 13:36:31.497533083 MEZ4919980192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/gmail.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
78
Nov 22, 2017 13:36:32.037530899 MEZ804919494.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Content-Encoding: gzip
Data Raw: 34 30 30 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc bd 7b 7b e2 38 b2 38 fc ff 7e 0a c2 cc c4 f6 60 08 90 4b a7 4d bb 73 d2 b7 d9 ec f4 ed 74 f7 5c 76 81 e1 11 60 c0 60 6c 62 1b 48 02 f9 7d f6 b7 aa 24 d9 b2 31 49 66 67 cf 39 cf f3 ce 25 d8 b2 2e a5 52 a9 54 2a 55 95 8e 7e 6c 1c 3f 3f 39 3f 3d 3d 3b 3f 33 1b cf ce 4f 8f 9f d5 1b a7 e6 3f ae be 95 5e 07 7e 14 87 cb 41 ec 06 be 55 5a 35 1a 67 cd b3 f3 53 d3 f1 7b bf 7c fd f1 e8 6f 7f 3b fa f1 c7 bf 95 7e 84 6c 8b db d0 1d 4f e2 d2 3b 36 70 fa 41 30 2b 5d f9 83 1a 7c c2 af ef dd 81 e3 47 ce b0 b4 f4 87 4e 58 8a 27 4e e9 72 c1 06 f0 23 be 98 a5 5f 9d 30 82 26 4a cd 5a 1d 4b 4c e2 78 61 1d 1d ad d7 eb 1a a3 9c b5 20 1c 1f 79 3c 77 74 f4 fe ea f5 db 8f 5f df 56 79 ee a3 bf c5 e1 6d 69 b3 76 fd 61 b0 ae bd 7b 55 da 6e 4b fa 68 e9 13 d0 3a 4f 36 4a 9b bf ad 58 58 8a 1c 6f 54 b2 4b 3c d1 2c 0d 83 c1 72 ee f8 71 92 54 93 29 2d 91 3d fe e6 ce 9d 60 a9 e4 48 d3 4c fc 7e e5 c7 4e b8 62 5e 26 83 4c 6c 61 25 bd de 9b b7 bf f6 7a 90 a1 de fa 9b 84 ab e4 cc 17 f1 ed 3b 09 25 c0 77 cf 9b ec f5 00 ae 5e 0f 00 80 3f 76 d2 0d 66 6c 42 27 5e 86 7e 89 b5 eb dd d6 7d 0b f2 15 7e 6d 89 7a 42 e7 7a e9 86 8e d9 eb 0d 5b ba 9a 11 3f f6 ed cd bd 39 c0 3f 43 bb ad 8d bd a0 cf 3c cd d4 44 99 f4 e9 cd ad cf e6 ee 20 4d 78 cf ee 6e e1 6d 1e 0c 97 1e e6 73 6e 16 41 18 47 5a b7 25 32 a4 30 39 e6 c8 d8 b8 23 7d 50 9b b0 e8 d3 da ff 1c 06 0b 27 8c 6f 75 c7 30 04 b0 83 b6 d3 6d 41 96 83 7e 41 1e 2c 3b 92 39 fd a5 e7 b5 e2 49 18 ac 4b be b3 2e bd 0d c3 20 d4 b5 0f 04 46 49 ab 38 15 ad 04 35 94 fc 20 2e f5 1d c7 2f 0d 9d 91 eb 3b 43 cd 68 dd 63 7f c7 76 1f 9a 32 27 f6 b8 36 74 16 91 e9 da 93 9a e7 f8 e3 78 62 4e cd 99 dd ee b6 46 50 1f e6 f4 ec 7a cb 7b e1 b6 bc 4a c5 d8 44 6b 37 1e 4c f4 49 db eb 1a 9b 01 8b a0 29 d1 73 6b 6a 8f 5b fd d0 61 b3 16 4f 97 88 c0 0f 35 f1 92 c9 20 90 0c df 59 26 5d e2 1c 3e 88 c7 a2 cf 72 20 1e ce 45 a3 03 59 08 5b fc 3b 20 82 2d bd 38 2d 57 1b 30 cf d3 31 87 49 fd 6a dd cf 6a 8b 65 34 d1 a7 f0 38 ae 8d d8 20 0e c2 5b 98 76 0b ef 56 67 e6 cc 68 e1 28 29 9d 12 23 92 26 20 2d 0e 33 e3 6e 8e cd 09 8d 5f 7c bb 70 82 11 a0 df d6 e4 77 cd d8 e0 58 d8 1b d1 92 35 36 71 48 ac 61 6d 10 f8 03 16 c3 98 9b a2 66 6b 73 7f 8f e4 31 b1 6d fb d8 d8 85 df 01 88 1d 0f fa cf 21 04 40 ee 0d 3d 9e b8 91 c1 a7 c0 db af a7 30 e9 12 c0 8c 0d 4c a9 a1 5e 86 e4 cb 30 64 b7 40 6c 71 80 10 96 cd 76 d7 4c a7 88 d9 37 07 e6 d0 24 fa e5 c4 03 73 73 5c 9b b3 45 da c9 89 e9 aa 1d 9c 1c a8 1d 4c e9 f4 1b 7c e6 b4 6a 10 2b 40 62 43 00 25 f1 79 36 e6 22 68 74 c0 34 12 e1 14 08 70 fa 62 d6 aa 54 a6 06 34 30 2d b9 7e 89 fa e4 b5 a7 5d 20 5b ea be 6b 62 12 24 00 f9 f2 0e 8b 51 f1 5a 08 2a d4 f3 16 b8 66 0e 5c ea 02 2f 8f 65 4c 4c e4 d9 5d 0f d8 d5 7f a2 73 d0 21 b5 7b 73 39 b3 78 a7 bc dd 4e 6d 38 3e a0 27 34 d0 b2 77 33 d9 2f 63 ce 89 13 90 73 2f ba 38 27 98 9d 95 13 de fe 75 90 09 ff 9f fa 53 67 10 73 ca 81 01 9a 0a f0 73 3c 61 46 3c 01 da f0 10 7a ea c7 41 02 f0 14 a6 92 e9 99 d3 84 b5 8d 18 10 a6 1c 15 58 41 1d 82 3a 0a e6 ce ff 35 d0 fb 61 26 30 33 f0 23 cc b0 a8 39 37 9f 46 39 b0 39 20 ca 60 b7 dc 2d b4 08 f5 bb 2f ea 86 5b b1 a7 04 49 cb 7d 31 6d b9 1c 04 57 8e fa e1 21 8d b9 db 85 79 3d 91 8d bb b2 e5 6a 03 9a 75 24 77 c1 69 6d b4 92 89 2b 17 cc 3f 39 77 fb d0 09 a5 03 2a d6 11 94 47 11 af bd 82 0a 4a f3 65 84 cb 4b 09 f1 07 d2 0c 2c e2 ac 94 96 a3 b1 71 09 25 e6 d4 a6 39 5d 5b 48 30 6b 11 0a 2f 1c f3 2c 1c 93 88 11 99 0d 98 f2 52 1e 98 e9 c9 1a ee 0a ee 0b
Data Ascii: 400a{{88~`KMst\v``lbH}$1Ifg9%.RT*U~l??9?==;?3O?^~AUZ5gS{|o;~lO;6pA0+]|GNX'Nr#_0&JZKLxa y<wt_Vymiva{UnKh:O6JXXoTK<,rqT)-=`HL~Nb^&Lla%z;%w^?vflB'^~}~mzBz[?9?C<D MxnmsnAGZ%209#}P'ou0mA~A,;9IK. FI85 ./;Chcv2'6txbNFPz{JDk7LI)skj[aO5 Y&]>r EY[; -8-W01Ijje48 [vVgh()#& -3n_|pwX56qHamfks1m!@=0L^0d@lqvL7$ss\EL|j+@bC%y6"ht4pbT40-~] [kb$QZ*f\/eLL]s!{s9xNm8>'4w3/cs/8'uSgss<aF<zAXA:5a&03#97F99 `-/[I}1mW!y=ju$wim+?9w*GJeK,q%9][H0k/,R
115
Nov 22, 2017 13:36:32.037540913 MEZ804919494.46.14.103192.168.1.16Data Raw: 8b 93 64 8a 4f a9 ce 30 88 99 0f dd 68 e1 b1 db 8f 0c 48 4d eb 07 20 73 59 5a 45 77 d5 f4 ed d6 ad f9
Data Ascii: dO0hHM sYZEw
115
Nov 22, 2017 13:36:32.049093008 MEZ804919494.46.14.103192.168.1.16Data Raw: f4 ab e9 17 06 80 3e ab c5 c1 d7 38 74 fd 71 82 a5 92 97 02 24 aa 81 85 d6 85 b1 11 89 b3 07 86 89 d7 f5 27 07 09 ca cc 6d 85 5b e3 18 01 32 6d 5a ce 8a 87 85 b7 a3 e0 05 eb 50 c6 07 4b 96 82 90 04 4f 29 10 08 f0 77 8a 86 0e a0 47 22 95 46 f1 e8
Data Ascii: >8tq$'m[2mZPKO)wG"FNTMM277d>TAid$|0vkX|bFGXX~f`6w}?}j%r%E'q^"~:$S8'cib3O`i^%45LWg>c
117
Nov 22, 2017 13:36:32.049128056 MEZ804919494.46.14.103192.168.1.16Data Raw: 03 88 3c ae f7 46 8e 38 df 6e 0f 42 92 bc 0f f4 09 ae 3f 59 71 c0 30 26 2a bf e3 eb 14 f0 31 58 8a 5c 46 dd 99 b0 5a af 47 d2 44 af 67 73 65 b9 9a 92 0a 50 8d 7b e4 96 c9 fa 76 60 8f 8d 8d 52 f9 54 54 3e 63 5c 57 96 54 61 7a cc 9e 32 94 e6 f4 ec
Data Ascii: <F8nB?Yq0&*1X\FZGDgseP{v`RTT>c\WTaz20Xc}o\fh*n7n]ft:12>E=Bwga!us<sTfLd{N%y)*ZNjZRiA3~l(*BB
118
Nov 22, 2017 13:36:32.049135923 MEZ804919494.46.14.103192.168.1.16Data Raw: 1c 95 cd be 85 72 9f 19 5b 28 d2 99 be 85 94 69 8e 2c 94 00 cd d0 42 91 ef be b5 54 b7 57 77 36 13 cb 02 e7 33 5f 6f fd 98 dd 48 4e 73 df 5a d9 79 1d 2e 83 12 40 a3 28 c5 89 23 d6 ec a4 13 a7 5d 77 2f 50 76 74 55 69 ef 8e e6 23 40 06 f2 1d f0 e2
Data Ascii: r[(i,BTWw63_oHNsZy.@(#]w/PvtUi#@DsIX`g KknIHWGDIcl5\JAP'ntj\I}W9k!-JC.?/6RLK8ua@b)WawNwIQL
120
Nov 22, 2017 13:36:32.096251011 MEZ804919494.46.14.103192.168.1.16Data Raw: 6d fd ed be f5 37 3e 99 a2 e1 ac f6 65 09 88 9c 3b af 03 7f e4 8e c9 4a 63 53 f6 e8 24 03 38 2e b9 6d c1 6c 08 63 d8 b7 f3 f3 d8 72 e8 ac 5c 74 bd 82 cf c2 bb ab 0c c0 50 7d 5f df fc 9c a9 a7 bf 8c e2 d7 e8 8d 55 26 bb 21 b3 1c b3 f1 eb 00 1a 7c
Data Ascii: m7>e;JcS$8.mlcr\tP}_U&!|<z,;;{rERaI'3zw2?l&E%q/`b5P:F-_BpHbKkBT.fEj
121
Nov 22, 2017 13:36:32.096267939 MEZ804919494.46.14.103192.168.1.16Data Raw: ac 07 63 75 f0 c3 71 9f e9 e7 4d b3 24 ff af 3d 33 5a ff 06 c9 f1 9a 7b 6c b8 42 21 6e b8 91 88 6c 60 81 ea 3c b8 ab 0a c2 0a 41 38 5e 46 d6 39 26 af 9d fe cc 8d 0b be ec a4 64 5b c1 e5 07 50 ae f6 e3 bb d1 68 24 49 f5 f8 f8 38 97 df 0b 60 57 e2
Data Ascii: cuqM$=3Z{lB!nl`<A8^F9&d[Ph$I8`WB12t]333f:WQmT'/:d$6Zu.Syuy;2\.hG%;!m<;'N^xW*45^2l-T
123
Nov 22, 2017 13:36:32.135385990 MEZ4920180192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/hotmail.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
129
Nov 22, 2017 13:36:32.136534929 MEZ4920080192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/other.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
129
Nov 22, 2017 13:36:32.799391985 MEZ4920680192.168.1.1662.149.144.39GET /images/tip_balloon/stemb.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
172
Nov 22, 2017 13:36:32.799921036 MEZ4920780192.168.1.1662.149.144.39GET /images/tip_balloon/stemt.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
173
Nov 22, 2017 13:36:32.803792000 MEZ4920880192.168.1.1662.149.144.39GET /images/tip_balloon/l.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
175
Nov 22, 2017 13:36:32.804656029 MEZ4921080192.168.1.1662.149.144.39GET /images/tip_balloon/rb.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
175
Nov 22, 2017 13:36:32.805352926 MEZ4920980192.168.1.1662.149.144.39GET /images/tip_balloon/b.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
176
Nov 22, 2017 13:36:32.806077957 MEZ4921180192.168.1.1662.149.144.39GET /images/tip_balloon/lb.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
176
Nov 22, 2017 13:36:32.808743954 MEZ4921280192.168.1.1662.149.144.39GET /images/tip_balloon/r.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
177
Nov 22, 2017 13:36:32.810303926 MEZ804919694.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:30 GMT
Content-Type: image/jpeg
Content-Length: 22505
Connection: keep-alive
Last-Modified: Fri, 03 Oct 2014 14:21:08 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff fe 00 3c 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 37 30 0a 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 96 01 2c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fd fa 93 76 cf 97 ef 53 58 f4 cf a5 49 50 dc c9 b1 bf fa d4 07 a8 ae ea 83 d0 56 27 8b fc 7d a2 f8 07 48 92 fb 5c d5 2c 34 9b 38 c1 26 5b a9 96 25 e0 13 c6 48 c9 f6 1c d7 85 fe dd bf f0 50 8f 0f 7e c8 7e 18 9a 2f 3a c6 f7 c4 7e 47 da 45 bc b2 7e e6 c2 33 90 b3 4e 41 04 2b 1f ba b9 05 b6 be 0f ca 6b f2 87 40 f1 57 8f 7f e0 ac da e4 be 33 f1 c7 8a f5 fd 17 e1 3c 97 92 da 58 c3 69 b6 2b ff 00 16 04 0c ad f6 35 2a 63 8a dd 24 5d 86 7f 2c 97 db 22 ab 87 52 47 d2 60 78 75 cb 0d fd a1 8f 97 b2 a3 d3 ac a5 fe 15 d7 d5 b4 8f 26 be 69 fb df ab e1 97 3c fa f6 5e af fc b5 3f 40 fe 3d ff 00 c1 c0 ff 00 00 be 0f f8 82 3d 27 47 9b c5 9f 12 35 85 77 8e 7d 3f c2 ba 51 ba b8 85 86 3a ac 8d 19 39 cf 55 c8 af 2a d6 bf e0 e3 b5 98 cb 2e 8f fb 38 fc 74 9a cd 7e eb dd e8 42 27 3e e4 2b b7 20 d7 75 fb 2e 7e c3 b0 f8 3b 4b b7 8f c0 9e 04 f0 ff 00 81 f4 d8 f7 34 77 5f 64 fb 5e a2 db 9f 2c c6 ee e4 c9 71 cf 1c 6f c0 c6 00 15 f4 2d a7 ec 87 ac dc c6 cd 7b e2 cd 5b cd 93 92 12 e5 94 7e 00 54 fd 73 28 a6 ed 4f 0c e7 e7 29 b4 df 9d a2 ac 8d be af 8a 6b df a9 67 e4 bf cc f8 f7 48 ff 00 83 9d fe 1f e9 57 1f 67 f1 77 c2 3f 8b 9e 1f b8 94 80 8b 3e 9f 6d 0e 49 ed fb e9 e3 eb ed 9a f7 ff 00 82 7f f0 5b df d9 e7 e2 ec 96 96 d2 78 ae e3 c3 3a a5 f3 00 96 3a d5 8c 90 b2 64 77 91 03 c4 33 ee fd eb 4f e2 df fc 13 6f 4d f8 99 a4 4f 6f ac 0d 37 c4 11 48 a5 58 6a 76 70 dc c9 82 31 f2 c8 ca 5d 0f 5c 15 60 47 ad 7e
Data Ascii: JFIF``"ExifMM*<CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 70CC,"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?vSXIPV'}H\,48&[%HP~~/:~GE~3NA+k@W3<Xi+5*c$],"RG`xu&i<^?@=='G5w}?Q:9U*.8t~B'>+ u.~;K4w_d^,qo-{[~Ts(O)kgHWgw?>mI[x::dw3OoMOo7HXjvp1]\`G~
178
Nov 22, 2017 13:36:32.810319901 MEZ804919694.46.14.103192.168.1.16Data Raw: 62 7e df 3f f0 46 5f 10 7e cf 1a 16 ad e2 af 03 c5 34 de 1b d3 6d e4 be d4 34 2b b9 8d c4 56 b0 46 86 49 25 b6 9a 42 5c 85 55 66 64 91 9c f5 03 00 00 3e 9b 27 a1 c2 99 9c d6 1b 13 19 e1 ea 49 d9 34 f9 a3 f8 9e 56 3a a6 69 85 8f b5 a4 e3 52 2b 56
Data Ascii: b~?F_~4m4+VFI%B\Ufd>'I4V:iR+V/IjIrRApLYh]?V'5/]x1,$LfCI+z72fG2Yv2xj}O{[=<E9[m(5E
180
Nov 22, 2017 13:36:32.810327053 MEZ804919694.46.14.103192.168.1.16Data Raw: a9 34 df cc fe 83 a3 bc de c4 63 ee fb d4 bb 89 af c9 4f f8 24 4f fc 17 03 57 f1 cf c4 7d 23 e1 1f c6 dd 5a d6 4d 4b 59 2b 6b e1 cf 14 cd 1c 76 ff 00 6f ba 69 0e cb 1b a0 a1 63 12 3a b2 a4 4e 02 ee 64 0a 4b 49 20 cf eb 34 33 2b 27 ca ca df 8d 7a
Data Ascii: 4cO$OW}#ZMKY+kvoic:NdKI 43+'z~aGEWyM8,J=z4k$yvUout#4jAff5qM\[>k1~.A1\+"#+2r6UsIdD=x+[BR}
180
Nov 22, 2017 13:36:32.810575962 MEZ4921380192.168.1.1662.149.144.39GET /images/tip_balloon/rt.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
181
Nov 22, 2017 13:36:32.899668932 MEZ804919694.46.14.103192.168.1.16Data Raw: 72 64 65 c1 08 3e 6c 30 62 36 f3 5f 2a fc 2e fd 9f 7c 6b fb 4d bd 9f 8a bf 68 6f 89 7f 13 35 7f 12 ea 90 79 87 c1 1e 1c d4 df 46 b1 d1 20 75 89 e1 8a e7 ec 7e 5b 3d ca 82 c1 c6 ec 03 c1 01 81 af d2 a9 e4 73 58 68 e3 31 92 f6 74 e5 f0 e8 db 95 ba
Data Ascii: rde>l0b6_*.|kMho5yF u~[=sXh1ty;,|eVThg/+?Q$FNz5|~^/xgDUT~3{|%Z|3j2Y%`I wb4|J>*iKs>vZz?lF,&e
182
Nov 22, 2017 13:36:32.899704933 MEZ804919694.46.14.103192.168.1.16Data Raw: 93 3c fc 4e 61 1a 1b c2 4d 77 4b 45 ea 7e 9d 33 65 78 eb 5c bf c5 ff 00 1f 43 f0 b7 e1 9f 88 3c 49 32 f9 d1 e8 76 12 de 79 7b b6 ef 28 a4 aa e7 dd b0 bf 8d 7e 37 fe da 1f f0 70 27 c4 af 81 91 79 1e 17 d6 b4 5d 5a e1 62 dc 59 ac 23 3b 98 9c 00 3e
Data Ascii: <NaMwKE~3ex\C<I2vy{(~7p'y]ZbY#;>Ls^+x5<acoY7h[dkx`YHU\3()y8z.+\5aLe:1#bOc=FgOGxNVv?,CkBC#
184
Nov 22, 2017 13:36:32.899713039 MEZ804919694.46.14.103192.168.1.16Data Raw: 4b 59 6b c5 ff 00 e0 8a bf b3 1c 3f b3 ff 00 c3 1d 1f c3 fa 67 9d 2e 97 a1 c0 d1 0b b9 10 a3 5e ca c5 a5 9a 66 07 90 5e 47 66 c1 1c 02 07 18 c0 f6 2f f8 2b 19 c7 c0 5d 2c e3 fe 62 12 73 8f 5b 59 6b f2 4e 34 ad 0a b8 6c 55 58 2b 29 5d af 9b 5a 15
Data Ascii: KYk?g.^f^Gf/+],bs[YkN4lUX+)]Z4<^~$8&Lc__#|(ubFt$b=O&KFk3%jYt[[-VoA2J,jO`8tIGg)V[HxOW
184
Nov 22, 2017 13:36:32.905801058 MEZ804919694.46.14.103192.168.1.16Data Raw: 3e 58 c5 7d 2c 72 da 6e 6a a5 6f 79 f7 7d 3d 3b 1f 97 54 e2 8c 4c 28 cb 0b 82 4a 8d 39 6e a3 bc ad b7 33 de 4d 6b 6b f7 67 94 7e c4 1f 09 b5 2f 82 9f 09 34 ef 0e cd 6b 6f a7 e9 7a 4d ba 59 58 59 c0 08 8a ce 04 50 b1 c6 80 f4 55 e8 06 78 e9 cf 5a
Data Ascii: >X},rnjoy}=;TL(J9n3Mkkg~/4kozMYXYPUxZ|tn=?RT+hn|G)RtQ/E0+3v0j>i-E(~{WE MWp_2qjQQMY~oj<'4L}Ink
185
Nov 22, 2017 13:36:32.906635046 MEZ804919694.46.14.103192.168.1.16Data Raw: a9 a5 5f 4b 8d ad 24 d0 c1 e6 5b ca f8 3f 7d 81 6e 98 3c 57 db bf 07 bf e0 e5 bf 8a 5a 54 36 b6 be 32 f8 3d ab 6b 8f 0c 4a b2 dc 69 9a 3d f4 77 77 4f 9e 4b 46 63 58 c7 a7 1c 57 c5 66 3c 01 51 4b 9f 2c c4 53 ad 0f f1 25 2f 9a 6f f2 3d bc 2e 7d cc
Data Ascii: _K$[?}n<WZT62=kJi=wwOKFcXWf<QK,S%/o=.}8KhGe[7R;~?tQtX3[p/x6mc} u5?i<;#K}W\1`s":kf(6}:
187
Nov 22, 2017 13:36:32.906653881 MEZ804919694.46.14.103192.168.1.16Data Raw: bc a4 ee ed e4 af 64 69 9a 66 5f 59 71 84 34 84 55 92 f2 47 8d 7e df 1f b0 37 83 bf 6d ff 00 87 0d a3 f8 a3 48 b7 d5 05 b9 33 5a b1 1b 6e 2d 24 d8 57 74 52 0e 55 b9 3d 72 b9 c1 20 d7 e5 4e a9 ff 00 04 15 d4 7e 13 fc 57 b3 bc d0 7c 6f e3 3d 1a 3b
Data Ascii: dif_Yq4UG~7mH3Zn-$WtRU=r N~W|o=;S1"q~~OI/t?BWYazW-easO9z2,8m1$WY>#;O>LTp5gVJ=W>0#<[x
188
Nov 22, 2017 13:36:32.906661987 MEZ804919694.46.14.103192.168.1.16Data Raw: 83 f5 af 63 2d c6 ee be 87 b9 a1 7d bf 2a 9e 66 16 5b 1c 5e 81 f0 0b c2 de 18 0b f6 5d 2e 15 93 bb 10 3f c2 bb 0b 2d 3e 1b 08 f6 43 12 44 9f dd 51 8a 9b 18 34 ed d4 01 1e 32 7d 3d 2a 8e b3 e1 ab 2d 7a 1f 2e ea de 39 94 8c 1d c0 74 fc ab 40 fc d4
Data Ascii: c-}*f[^].?->CDQ42}=*-z.9t@4-!cV":t%?)nNAP?i,6;FuM7~v\y"Y@q__4]sO}cX!,7PI{`pr
189
Nov 22, 2017 13:36:33.190360069 MEZ4919680192.168.1.1694.46.14.103GET /images/loadingAnimation.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
202
Nov 22, 2017 13:36:33.211988926 MEZ804919594.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:31 GMT
Content-Type: image/jpeg
Content-Length: 2142
Connection: keep-alive
Last-Modified: Tue, 01 Nov 2011 19:59:10 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 07 04 04 04 05 04 07 05 05 07 0a 07 05 07 0a 0c 09 07 07 09 0c 0d 0b 0b 0c 0b 0b 0d 11 0d 0d 0d 0d 0d 0d 11 0d 0f 10 11 10 0f 0d 14 14 16 16 14 14 1e 1d 1d 1d 1e 22 22 22 22 22 22 22 22 22 22 ff db 00 43 01 08 07 07 0d 0c 0d 18 10 10 18 1a 15 11 15 1a 20 20 20 20 20 20 20 20 20 20 20 20 20 21 20 20 20 20 20 20 21 21 21 20 20 20 21 21 21 21 21 21 21 21 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 ff c0 00 11 08 00 30 00 84 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 06 07 03 08 01 ff c4 00 39 10 00 01 03 03 03 02 03 04 08 04 07 00 00 00 00 00 02 01 03 04 00 05 06 07 11 12 21 31 13 22 41 14 23 32 71 15 33 51 52 61 81 91 a1 08 17 92 c1 24 25 42 62 a2 a3 d1 ff c4 00 19 01 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 ff c4 00 27 11 00 02 02 01 03 04 02 01 05 00 00 00 00 00 00 00 00 01 02 11 03 12 21 31 04 13 41 51 22 61 32 42 52 71 81 91 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fa 46 80 50 0a 01 40 28 05 00 a0 14 02 80 50 0a 01 40 28 05 00 a0 14 02 80 50 0a 01 40 28 05 00 a0 14 02 80 50 0a 01 40 28 05 00 a0 23 ce b9 5b a0 00 9c e9 0d 46 03 2e 00 4f 18 b6 8a 5b 6f c5 14 95 3a ec 95 29 58 a3 d1 89 31 e4 07 88 c3 82 e8 7d e0 54 24 fd 52 a0 1e 94 05 66 4b 8b da f2 38 23 0a e2 af 23 40 7e 20 ac 77 dd 8e 68 5b 2a 7c 4d 10 2a f4 5e cb d2 ad 09 b8 f0 4c 65 47 0d d6 5d 38 c8 b1 1e 37 8b 35 ca 7b f8 f1 2a 0b a2 e4 97 8c e3 38 bd 13 92 f2 ea d9 af 65 f4 5e 9f 65 77 74 f9 54 b6 75 67 4e 29 a7 fc 9d 23 45 5e c3 ae 76 14 bd 59 01 d6 ae 0a 29 1e e3 1d e9 52 24 2b 4e 27 55 4d 9e 33 4d 8b b8 92 27 54 ae 6e a3 52 74 cc b2 dd ee 56 67 da 9d a8 d8 85 c1 a8 ee 5b ed 73 3d b5 e2 6e dd 1e 3b af 94 b7 07 7f 2a ab 3c 77 fc 17 6e 9b d5 f1 61 84 fd 93 0c 71 65 cd 87 2c d4 04 93 19 dc ca 35 a2 c5 6e 7d 15 50 5c 96 be d2 4a 83 bf 11 05 f2 6e 9b a6 fe 6e 95 49 42 1f a6 db 2a e2 bc 5b 35 70 6f 76 6b 89 18 5b a6 c7 96 e3 69 b9 83 2e 83 8a 3b f6 e5 c5 57 6d eb 17 16 8a 34 61 b2 5d 5f c8 71 db c4 0b 45 c7 19 ff 00 19 73 2e 10 91 b9 cd 92 1a f3 40 ea be 1f 97 a9 a7 7a de 18 14 95 a7 c7 d1 a4 71 27 e4 d6 30 e6 55 74 b2 3c 2f b4 36 1b a9 16 cc 90 98 4e e2 29 b2 f2 54 d9 b1 5d fa a6 d5 97 c5 3f 68 a6 c9 fb 31 78 4d fb 50 6e f9 ed eb 1f 9b 7c 64 a2 58 5c 6b 99 04 26 c4 a4 21 f5 54 f8 97 c3 ed b7 4d eb 6c 91 82 8a 75 c9 a4 94 52 bf 65 e5 fb 57 71 eb 7d e4 ec 56 c8 f2 af 97 c6 fe b6 1d b5 bf 17 c3 54 ee 8e 1a a8 80 ed eb d7 a7 ad 52 38 1b 56 f6 45 56 27 cf 04 69 1a b5 70 b6 34 b2 f2 0c 52 eb 6e b6 8f 57 66 22 33 20 5b 4f bc e0 b4 6a 42 9f 95 4f 62 f8 92 6c 76 fd 34 4f ca f5 53 17 b0 e1 cd e5 0d ba 93 a2 4a d8 60 03 2b f5 e6 bb f9 77 5f 87 6d 97 96 fd be 7d 2a b0 c0 e5 2d 24 47 1b 6e 8c e6 3f fc eb cc e1 37 78 7a e9 1b 19 b5 c9 44 72 2c 66 23 24 89 0a da f5 12 25 77 b7 24 eb fd 92 b4 97 6e 1b 56 a6 5d e8 8f d8 c8 23 eb 56 1f 05 cb d4 5b cb 19 1d be 2a 2b b2 e1 49 8a 2c 3b e1 8f 52 20 26 bb ec 9d 7b fe 4b 48 f6 e7 b5 50 5a 25 f4 52 6b 3e 57 6d cc 34 5e dd 7e 86 3c 5b 7a 7b 48 6c 9e ca 4d b8 20 e8 98 2a fe 0b eb ea 95 a7 4f 07 0c 95 f4 5b 14 74 ce 8d 8e 83 d8 02 cf a6 76 ef 27 07 a7 72 9a ef cd e5 dc 3f eb 41 ac 7a 99 5c cc f3 3b 91 b8 ac 0c c5 01 e3 3a 14 49 f0 dd 85 31 a1 7a 2b e0 ad bc d1 a6 e2 42 49 b2 a2 d1 3a 07 cd d7 77 6f 7a 35 a8 f2 d8 b1 3a 8f c5 79 9e 4d 32 f6 ea 26 c3 bc bc 31 77 6d b7 36 8d 3a 2f fe ad 7a 71 ac d0 dc eb 55 38 ee 76 8c 0b 4f 06 d0 e9 64 37 d7 d6 e9 98 cd 14 59 77 17 3a f8 68 a9 f5 31 d3 b0 36 3d ba 77 fd ab 8b 2e 5b d9 6d 13 9e 73 bd 97 05 1e b0 5d 20 5d 6f 96
Data Ascii: JFIFHHC""""""""""C ! !!! !!!!!!!!"""""""""""""""09!1"A#2q3QRa$%Bb'!1AQ"a2BRq?FP@(P@(P@(P@(#[F.O[o:)X1}T$RfK8##@~ wh[*|M*^LeG]875{*8e^ewtTugN)#E^vY)R$+N'UM3M'TnRtVg[s=n;*<wnaqe,5n}P\JnnIB*[5povk[i.;Wm4a]_qEs.@zq'0Ut</6N)T]?h1xMPn|dX\k&!TMluReWq}VTR8VEV'ip4RnWf"3 [OjBOblv4OSJ`+w_m}*-$Gn?7xzDr,f#$%w$nV]#V[*+I,;R &{KHPZ%Rk>Wm4^~<[z{HlM *O[tv'r?Az\;:I1z+BI:woz5:yM2&1wm6:/zqU8vOd7Yw:h16=w.[ms] ]o
203
Nov 22, 2017 13:36:33.212008953 MEZ804919594.46.14.103192.168.1.16Data Raw: 8c 28 e2 bb 35 93 70 6e 17 80 8c c1 49 78 22 32 be 50 41 04 52 1f 19 c4 44 55 4f 4f 9d 5f a7 54 9c bf c2 f8 95 2b 21 e8 1c e8 f6 bb 9d ff 00 0b 36 4a 3b d0 e4 14 b8 3e 3b 5e 0b e5 11 d5 e8 86 2b b1 79 77 15 eb f7 aa 7a a5 69 48 66 5c 32 a7 5e e5
Data Ascii: (5pnIx"2PARDUOO_T+!6J;>;^+ywziHf\2^M8.(c>**ap\Y\\1IXFz%"MF F,Y+;%Q*+lM2~(v;tkC(Y\G]>mTN-\nKYlr2_M
204
Nov 22, 2017 13:36:33.218938112 MEZ804919794.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:31 GMT
Content-Type: image/jpeg
Content-Length: 2611
Connection: keep-alive
Last-Modified: Tue, 01 Nov 2011 19:59:10 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 07 04 04 04 05 04 07 05 05 07 0a 07 05 07 0a 0c 09 07 07 09 0c 0d 0b 0b 0c 0b 0b 0d 11 0d 0d 0d 0d 0d 0d 11 0d 0f 10 11 10 0f 0d 14 14 16 16 14 14 1e 1d 1d 1d 1e 22 22 22 22 22 22 22 22 22 22 ff db 00 43 01 08 07 07 0d 0c 0d 18 10 10 18 1a 15 11 15 1a 20 20 20 20 20 20 20 20 20 20 20 20 20 21 20 20 20 20 20 20 21 21 21 20 20 20 21 21 21 21 21 21 21 21 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 ff c0 00 11 08 00 30 00 84 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 07 00 01 04 05 06 03 08 02 ff c4 00 3e 10 00 01 02 05 01 06 01 08 08 04 07 00 00 00 00 00 01 02 03 00 04 05 06 11 12 07 13 21 22 31 41 14 15 32 51 52 61 71 72 91 08 23 24 42 62 81 82 a1 17 36 74 b3 44 54 94 c1 c2 d2 e1 ff c4 00 1a 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 05 03 04 06 02 01 ff c4 00 2c 11 00 01 03 03 03 03 04 02 01 05 00 00 00 00 00 00 00 01 02 03 04 05 11 12 21 31 13 41 51 22 33 61 71 15 91 81 14 23 32 c1 f0 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f4 7c 00 28 00 78 00 50 00 d9 80 05 98 00 59 80 05 98 03 22 cc 00 28 00 78 00 ab b8 ee 06 68 92 09 9a 75 3a b5 ba 86 52 33 81 a9 7d c9 e3 c0 62 24 8a 25 7b b0 43 3c c9 1a 65 4e 94 ea fc 84 f0 1a 1c 46 b3 db 56 47 e5 ff 00 b1 e3 a2 72 1d b2 54 52 7c 47 93 b1 e3 d0 1a 00 1e 00 18 c0 06 57 6a 37 93 b6 bd b4 a9 89 52 91 53 98 58 66 4f 50 d4 33 d5 4a 29 ef a5 31 6a 8a 9b aa fc 76 28 dc aa fa 11 e5 39 2c ac ab 91 ab 8a da 94 aa b7 80 b7 51 87 d0 3e eb a9 e0 b4 fc c7 08 8a a2 25 8d ea d2 5a 39 d2 58 d1 c5 b9 56 38 c4 45 90 59 7b ed d4 4b 4c 39 21 6d 36 db ca 6f 95 73 ee f1 6f 3d f7 48 e1 ab 1e b1 38 86 b4 b6 ad 5e a7 ec 82 2a db e6 85 d3 1f ec c8 7f 17 76 96 3e d3 e3 55 ba eb 93 2e de eb e7 a3 fd e2 ef f4 14 fc 77 17 7e 56 ab 9e c6 d2 c5 db 83 73 f3 4d d3 ae 36 d1 2e f3 a4 25 99 d6 f8 34 a5 1e 81 c4 9c e8 cf a7 38 f7 45 1a bb 5e 84 d4 cd d0 67 41 7a 49 17 4b f6 70 41 af 54 1d a7 d0 a7 a7 da 1a 9d 96 97 75 e4 03 d0 94 20 a8 67 e5 0b 63 6e 5c 88 37 9a 4c 31 5c 9e 01 e6 c7 f6 89 74 5c 35 f9 8a 7d 5d e4 be d7 87 2f b6 42 12 82 85 25 49 4e 06 9c 70 3a bb c3 2b 8d 13 22 62 39 39 13 5a 6e 32 4d 22 b5 c1 46 15 8f 45 00 18 ad b4 bd b8 b4 10 ef ab 36 cf fc a2 fd ad 33 37 f0 2a bd 3b 10 e7 e5 0c bd 99 68 dc b5 c9 54 54 54 af 03 22 b1 94 3c e6 75 2c 7a 52 9e 1c 3d a4 c5 9a ba 98 db b2 6e a5 4a 2a 79 64 4d 4b e9 40 8b 6e ca bf 26 9d c2 ea a2 a0 80 30 12 a0 8d 69 fd 49 24 e3 df 0a e5 5d 4b c6 07 50 b7 4f 7c 97 19 88 c9 85 00 0f 00 0c 4c 00 01 f6 af 5b 99 ba 2f a1 4a a7 82 f3 52 8a f0 72 cd a7 ef bc 4f d6 91 db ce e5 fc a3 41 6d 8d 22 8b 5b bb 99 3b bc ee 9a 6d 0d ec 59 ec 12 e6 32 95 69 9b 72 60 e1 b9 bc bd 2e 0f 67 9b 1c e9 fd 49 1f b4 41 76 87 2d 49 10 b3 62 a8 d2 e5 8d 7b 9b 0d b4 5c 13 14 9b 2d c4 4b 28 a1 f9 f7 13 2a 14 3a 84 a8 15 39 8f d2 9c 45 3b 74 28 f9 77 ec 31 bb 54 2c 70 ed ca ec 62 f6 27 61 d3 ea eb 7e b9 53 68 3f 2d 2a bd d4 ab 0a 19 41 74 0d 4a 52 87 7d 20 8c 08 bf 75 ab 56 e1 8d d8 57 64 a3 47 e6 45 ec 19 4c bb 45 9d c9 40 dd 63 1a 30 34 e3 d1 8e 90 8f 2b fc 9a 4d 29 c7 60 2b b6 bb 0e 9f 44 9a 62 af 4c 68 33 23 3a a5 36 fb 09 e0 84 3c 06 a0 52 3b 05 8c f0 f6 43 db 55 52 bb 2d 76 e6 6a f5 44 d8 f0 f6 ed 95 35 76 ad 7e 62 b3 b1 99 e7 26 55 ae 66 56 52 6a 55 c5 9e aa dd b6 74 93 ed d0 44 52 9e 24 65 4e 13 8c a0 c2 9a a3 a9 46 aa bc a2 29 91 fa 3f ff 00 39 3f fd 0b 9f dc 6e 2f de 7d b4 fb 16 58 3d e5 fa 0e 39 84 06 a8 78 00 a5 bb 6d 96 2e 29 49 69 29 83 f6 56 e6 9a 98 7d 1e ba 1a cf 27 ea 38 cf b2 25 82 65 8d 72 9e 0a f5 54 e9 2a 22 2f 19 43 0f
Data Ascii: JFIFHHC""""""""""C ! !!! !!!!!!!!"""""""""""""""0>!"1A2QRaqr#$Bb6tDT,!1AQ"3aq#2?|(xPY"(xhu:R3}b$%{C<eNFVGrTR|GWj7RSXfOP3J)1jv(9,Q>%Z9XV8EY{KL9!m6oso=H8^*v>U.w~VsM6.%48E^gAzIKpATu gcn\7L1\t\5}]/B%INp:+"b99Zn2M"FE637*;hTTT"<u,zR=nJ*ydMK@n&0iI$]KPO|L[/JRrOAm"[;mY2ir`.gIAv-Ib{\-K(*:9E;t(w1T,pb'a~Sh?-*AtJR} uVWdGELE@c04+M)`+DbLh3#:6<R;CUR-vjD5v~b&UfVRjUtDR$eNF)?9?n/}X=9xm.)Ii)V}'8%erT*"/C
206
Nov 22, 2017 13:36:33.222592115 MEZ4919580192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
208
Nov 22, 2017 13:36:33.243710041 MEZ4919780192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/LEdxGgtB9cN_002.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
208
Nov 22, 2017 13:36:33.302333117 MEZ804919994.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:31 GMT
Content-Type: image/jpeg
Content-Length: 2449
Connection: keep-alive
Last-Modified: Tue, 01 Nov 2011 19:59:10 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 07 04 04 04 05 04 07 05 05 07 0a 07 05 07 0a 0c 09 07 07 09 0c 0d 0b 0b 0c 0b 0b 0d 11 0d 0d 0d 0d 0d 0d 11 0d 0f 10 11 10 0f 0d 14 14 16 16 14 14 1e 1d 1d 1d 1e 22 22 22 22 22 22 22 22 22 22 ff db 00 43 01 08 07 07 0d 0c 0d 18 10 10 18 1a 15 11 15 1a 20 20 20 20 20 20 20 20 20 20 20 20 20 21 20 20 20 20 20 20 21 21 21 20 20 20 21 21 21 21 21 21 21 21 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 ff c0 00 11 08 00 30 00 84 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 03 04 05 06 07 02 08 ff c4 00 44 10 00 01 03 03 02 02 05 06 0a 06 0b 00 00 00 00 00 01 02 03 04 00 05 11 06 12 07 21 13 22 31 41 81 14 32 51 52 61 71 08 15 23 33 35 72 73 91 a1 b2 16 25 42 43 82 b1 24 34 37 53 63 84 b4 c1 d1 e1 f1 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 04 05 01 02 03 06 07 ff c4 00 35 11 00 01 03 02 04 02 06 0a 01 05 00 00 00 00 00 00 00 01 02 03 04 11 05 12 21 31 13 41 23 32 51 71 81 f0 06 14 22 34 61 72 91 a1 b1 c1 d1 42 43 52 c2 e1 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fa 46 80 28 0c 5e b0 e2 9c 6b 55 cc 58 2c 71 8d d7 50 ab 91 61 07 0d b4 7f c4 50 cf 3f 60 f1 c5 4c 86 8a ed e2 3d 72 b3 f3 dc 41 9e ba cf e1 b1 33 49 f8 ef 1a 66 cf c5 fb 92 3a 69 97 a6 2d 9b b9 f9 3c 68 e8 56 df 66 e7 37 9a c2 cb 02 6c cb f7 af f0 67 81 3b ba cf b7 72 7f 24 0b c3 7c 6c d3 cc 99 91 67 b1 7b 8c df 59 6c ad 84 25 cc 7b 91 b0 9f 03 5d a2 75 2c 9a 39 aa cf 8d f4 38 ca ca b8 d2 ed 72 3f e0 a9 a9 69 c3 3e 26 b9 ac 12 f3 32 20 2e 2c b8 e3 e5 1c 4f 59 85 7b 01 38 50 57 b0 fd f5 ce ba 8d 20 5d 1d 7b fd 4e b4 15 ab 3a 6a db 5b e8 6d 2a 11 38 28 02 80 28 02 80 28 03 22 80 62 65 c6 df 09 29 54 c9 0d c7 4a ce 12 5d 5a 50 09 f4 0d d8 ac 2a a2 1a be 46 b7 75 b1 ed 72 63 a3 6e f7 12 9d de 6e 48 19 ac 9b 1e c1 0a 00 83 90 7b 0d 00 b4 01 40 67 78 93 aa 17 a6 b4 7c cb 93 3c a5 e0 33 17 3f de ba 76 a4 ff 00 0f 35 78 54 9a 28 38 b2 a3 79 11 6b ea 38 51 2b b9 99 0e 00 69 d6 be 2c 93 a8 e4 fc a4 d9 4e a9 28 75 7c d5 80 7a c7 3e 95 2b 39 a9 58 c4 b7 93 27 26 a1 13 05 86 d1 67 fe a7 a9 d4 6a b0 b5 11 69 0b 41 49 ec 23 06 80 87 67 b1 da ac d1 3c 92 da c2 58 63 39 da 9f 49 ad 9c f5 72 dd 75 53 56 31 1a 96 4d 10 92 65 45 0e f4 45 d4 07 7d 4d c3 77 dd db 5a dc df 2a ee 2f 4c cf ae 9f bc 52 e2 c1 d3 33 eb a7 ef 14 b8 b0 8c c8 8e f0 25 97 12 e0 1d bb 48 3f ca 97 0a d5 4d c5 71 f6 1b f9 c5 a5 1f 58 81 5a 3e 66 37 ac a8 81 1a ab b1 e9 2b 42 c6 e4 10 a1 e9 15 b2 39 17 54 30 61 75 fe 82 ba 5f 75 5d aa ef 0e e7 e4 a9 89 b4 16 4a 88 20 a5 7b b7 37 83 da ae c3 53 a9 ab 12 38 dc dc b7 b9 02 aa 89 64 95 af cd 6c bc 86 78 de 3f 55 5b 73 cc f4 ea fc 95 4f 59 b2 11 71 de ab 7e 63 67 6e 8d 1e 45 a2 20 7d 01 c1 d0 a3 ce e7 dc 3f e2 a5 97 28 4d 4a 42 52 12 9e 49 1c 80 a0 16 80 28 0e 77 f0 85 69 d5 e8 86 56 9f 31 b9 ad 97 3d c5 0b 48 fc 4d 59 e0 cb d3 78 15 58 e2 74 1e 23 bc 03 9e cc 8d 0a 23 a4 fc ac 57 dc 43 83 eb 1d e3 f0 55 69 8b 33 2c eb f1 37 c1 e4 cd 4e 9f 0b 9b fa af 2c 86 65 4e 85 10 03 29 f6 d9 0a f3 4b 8a 08 cf bb 38 ac a3 55 76 35 73 d1 37 d0 6d ab cd a1 d7 12 d3 53 18 5b 8a e4 94 25 c4 12 7d c0 1a ca c6 e4 e4 a6 12 56 af 34 38 ae b9 b3 5c ee fc 5c 9d 0e d4 76 dc b0 97 58 3b b6 1d cd 47 4a f0 15 dc 4e 39 55 64 ad 55 97 4d cf 6f 86 d4 32 2a 06 b9 fd 5b d9 7c 54 d3 e8 7e 25 5a dc 2b b3 ea f6 5b 83 77 8d 90 a7 dd 40 6d 2b d8 39 87 07 ec 39 f8 1e ea ed 14 e9 b3 b4 52 b7 11 c2 5e 9d 25 3a ab e3 5e 49 ad bf 94 2a 6f ba 92 ed af 2e 2b b1 69 08 c2 3d a5 1c e5 4c 29 d8 54 8f 4a d5 da 84 1e e4 f6 aa b4 7b d6 45 b3 76
Data Ascii: JFIFHHC""""""""""C ! !!! !!!!!!!!"""""""""""""""0D!"1A2QRaq#35rs%BC$47Sc5!1A#2Qq"4arBCR?F(^kUX,qPaP?`L=rA3If:i-<hVf7lg;r$|lg{Yl%{]u,98r?i>&2 .,OY{8PW ]{N:j[m*8((("be)TJ]ZP*FurcnnH{@gx|<3?v5xT(8yk8Q+i,N(u|z>+9X'&gjiAI#g<Xc9IruSV1MeEE}MwZ*/LR3%H?MqXZ>f7+B9T0au_u]J {7S8dlx?U[sOYq~cgnE }?(MJBRI(wiV1=HMYxXt##WCUi3,7N,eN)K8Uv5s7mS[%}V48\\vX;GJN9UdUMo2*[|T~%Z+[w@m+99R^%:^I*o.+i=L)TJ{Ev
210
Nov 22, 2017 13:36:33.302355051 MEZ804919994.46.14.103192.168.1.16Data Raw: 25 53 52 32 89 bc 5a 85 bb f9 37 cf 3f b2 13 7e 0f 18 08 bb 01 c9 3b 9a e5 e0 6b 6a 2d 94 8f e9 4f 5d 9f 2a fe 4d 8c ed 31 6e 4c 87 1f 9d 70 52 37 92 a4 a7 29 04 67 eb 64 9a ab a9 c2 70 f6 2a be 75 d5 cb 7f 69 df 82 a2 3a a9 d7 46 72 ec 42 2d a2
Data Ascii: %SR2Z7?~;kj-O]*M1nLpR7)gdp*ui:FrB-H^;47T*`vh[\T|9z.28GGbyCe%y;omD~Z\*(z>%~4+@WX&XNG*RV+WFpW?
211
Nov 22, 2017 13:36:33.346402884 MEZ4921480192.168.1.1662.149.144.39GET /images/tip_balloon/t.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
212
Nov 22, 2017 13:36:33.346889019 MEZ4921580192.168.1.1662.149.144.39GET /images/tip_balloon/lt.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
212
Nov 22, 2017 13:36:33.407238960 MEZ804920194.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:32 GMT
Content-Type: image/jpeg
Content-Length: 5104
Connection: keep-alive
Last-Modified: Thu, 02 Oct 2014 07:03:16 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 32 08 06 00 00 00 0a 86 d4 15 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b 08 80 14 00 40 7a 8e 42 a6 00 40 46 01 80 9d 98 26 53 00 a0 04 00 60 cb 63 62 e3 00 50 2d 00 60 27 7f e6 d3 00 80 9d f8 99 7b 01 00 5b 94 21 15 01 a0 91 00 20 13 65 88 44 00 68 3b 00 ac cf 56 8a 45 00 58 30 00 14 66 4b c4 39 00 d8 2d 00 30 49 57 66 48 00 b0 b7 00 c0 ce 10 0b b2 00 08 0c 00 30 51 88 85 29 00 04 7b 00 60 c8 23 23 78 00 84 99 00 14 46 f2 57 3c f1 2b ae 10 e7 2a 00 00 78 99 b2 3c b9 24 39 45 81 5b 08 2d 71 07 57 57 2e 1e 28 ce 49 17 2b 14 36 61 02 61 9a 40 2e c2 79 99 19 32 81 34 0f e0 f3 cc 00 00 a0 91 15 11 e0 83 f3 fd 78 ce 0e ae ce ce 36 8e b6 0e 5f 2d ea bf 06 ff 22 62 62 e3 fe e5 cf ab 70 40 00 00 e1 74 7e d1 fe 2c 2f b3 1a 80 3b 06 80 6d fe a2 25 ee 04 68 5e 0b a0 75 f7 8b 66 b2 0f 40 b5 00 a0 e9 da 57 f3 70 f8 7e 3c 3c 45 a1 90 b9 d9 d9 e5 e4 e4 d8 4a c4 42 5b 61 ca 57 7d fe 67 c2 5f c0 57 fd 6c f9 7e 3c fc f7 f5 e0 be e2 24 81 32 5d 81 47 04 f8 e0 c2 cc f4 4c a5 1c cf 92 09 84 62 dc e6 8f 47 fc b7 0b ff fc 1d d3 22 c4 49 62 b9 58 2a 14 e3 51 12 71 8e 44 9a 8c f3 32 a5 22 89 42 92 29 c5 25 d2 ff 64 e2 df 2c fb 03 3e df 35 00 b0 6a 3e 01 7b 91 2d a8 5d 63 03 f6 4b 27 10 58 74 c0 e2 f7 00 00 f2 bb 6f c1 d4 28 08 03 80 68 83 e1 cf 77 ff ef 3f fd 47 a0 25 00 80 66 49 92 71 00 00 5e 44 24 2e 54 ca b3 3f c7 08 00 00 44 a0 81 2a b0 41 1b f4 c1 18 2c c0 06 1c c1 05 dc c1 0b fc 60 36 84 42 24 c4 c2 42 10 42 0a 64 80 1c 72 60 29 ac 82 42 28 86 cd b0 1d 2a 60 2f d4 40 1d 34 c0 51 68 86 93 70 0e 2e c2 55 b8 0e 3d 70 0f fa 61 08 9e c1 28 bc 81 09 04 41 c8 08 13 61 21 da 88 01 62 8a 58 23 8e 08 17 99 85 f8 21 c1 48 04 12 8b 24 20 c9 88 14 51 22 4b 91 35 48 31 52 8a 54 20 55 48 1d f2 3d 72 02 39 87 5c 46 ba 91 3b c8 00 32 82 fc 86 bc 47 31 94 81 b2 51 3d d4 0c b5 43 b9 a8 37 1a 84 46 a2 0b d0 64 74 31 9a 8f 16 a0 9b d0 72 b4 1a 3d 8c 36 a1 e7 d0 ab 68 0f da 8f 3e 43 c7 30 c0 e8 18 07 33 c4 6c 30 2e c6 c3 42 b1 38 2c 09 93 63 cb b1 22 ac 0c ab c6 1a b0 56 ac 03 bb 89 f5 63 cf b1 77 04 12 81 45 c0 09 36 04 77 42 20 61 1e 41 48 58 4c 58 4e d8 48 a8 20 1c 24 34 11 da 09 37 09 03 84 51 c2 27 22 93 a8 4b b4 26 ba 11 f9 c4 18 62 32 31 87 58 48 2c 23 d6 12 8f 13 2f 10 7b 88 43 c4 37 24 12 89 43 32 27 b9 90 02 49 b1 a4 54 d2 12 d2 46 d2 6e 52 23 e9 2c a9 9b 34 48 1a 23 93 c9 da 64 6b b2 07 39 94 2c 20 2b c8 85 e4 9d e4 c3 e4 33 e4 1b e4 21 f2 5b 0a 9d 62 40 71 a4 f8 53 e2 28 52 ca 6a 4a 19 e5 10 e5 34 e5 06 65 98 32 41 55 a3 9a 52 dd a8 a1 54 11 35 8f 5a 42 ad a1 b6 52 af 51 87 a8 13 34 75 9a 39 cd 83 16 49 4b a5 ad a2 95 d3 1a 68 17 68 f7 69 af e8 74 ba 11 dd 95 1e 4e 97 d0 57 d2 cb e9 47 e8 97 e8 03 f4 77 0c 0d 86 15 83 c7 88 67 28 19 9b 18 07 18 67 19 77 18 af 98 4c a6 19 d3 8b 19 c7 54 30 37 31 eb 98 e7 99 0f 99 6f 55 58 2a b6 2a 7c 15 91 ca 0a 95 4a 95 26 95 1b 2a 2f 54 a9 aa a6 aa de aa 0b 55 f3 55 cb 54 8f a9 5e 53 7d ae 46 55 33 53 e3 a9
Data Ascii: PNGIHDR2pHYsOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BBdr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|J&*/TUUT^S}FU3S
214
Nov 22, 2017 13:36:33.407258034 MEZ804920194.46.14.103192.168.1.16Data Raw: 09 d4 96 ab 55 aa 9d 50 eb 53 1b 53 67 a9 3b a8 87 aa 67 a8 6f 54 3f a4 7e 59 fd 89 06 59 c3 4c c3 4f 43 a4 51 a0 b1 5f e3 bc c6 20 0b 63 19 b3 78 2c 21 6b 0d ab 86 75 81 35 c4 26 b1 cd d9 7c 76 2a bb 98 fd 1d bb 8b 3d aa a9 a1 39 43 33 4a 33 57
Data Ascii: UPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSSM=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa
215
Nov 22, 2017 13:36:33.407269001 MEZ804920194.46.14.103192.168.1.16Data Raw: fd ea c0 eb 19 af db c6 c2 c6 1e be c9 78 33 31 5e f4 56 fb ed c1 77 dc 77 1d ef a3 df 0f 4f e4 7c 20 7f 28 ff 68 f9 b1 f5 53 d0 a7 fb 93 19 93 93 ff 04 03 98 f3 fc 63 33 2d db 00 00 00 20 63 48 52 4d 00 00 7a 25 00 00 80 83 00 00 f9 ff 00 00 80
Data Ascii: x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATx][lWNzBE2KaCEFRW!5RV JTjLUmRV)"N%7I=}x|r<>31}>i99Epp+
216
Nov 22, 2017 13:36:33.493779898 MEZ804920194.46.14.103192.168.1.16Data Raw: 45 4f 30 4c 90 20 c8 73 82 12 0e 81 5e 7d ae 09 3f f6 fe 11 fb 3a 1a 32 94 1f 00 2a 2b 2c d8 bd d1 8e 1f 5f ef 80 7b 6b 93 b9 e6 fb c9 3f bc 9e 67 bc ec 50 5c fb 34 2a bf 84 20 80 6e 22 1c f2 72 75 2a 51 02 ec 77 36 e2 fd bf 38 50 53 99 52 fc e9
Data Ascii: EO0L s^}?:2*+,_{k?gP\4* n"ru*Qw68PSR1x)nG2.u4660J_/DLs,v<^\#_<z;oN.VX_llmI^.BA}<)MIy1t_WyX8wO.LS@Yr@
218
Nov 22, 2017 13:36:33.493794918 MEZ804920194.46.14.103192.168.1.16Data Raw: b7 ef 3d 34 62 a9 42 21 21 ad 0b f1 13 56 d7 2d 7a 88 10 a5 9a e3 12 07 86 b6 eb 2b d7 f4 7e bf a2 2d a9 5e 4d ee 44 93 c2 31 ad e1 4f 48 71 8f 8b 08 e9 a4 c9 23 96 b0 43 da 1c e4 55 dc fb 83 28 2b 48 29 20 b8 28 7d d1 4d 09 53 cc 92 cb 62 18 ba
Data Ascii: =4bB!!V-z+~-^MD1OHq#CU(+H) (}MSbv(\P{cB^`RTOA8V^"&f}>`zg.Zya]<Hjd|OxDrYH@Wzb$W<HG(K,Z@|3Qr
218
Nov 22, 2017 13:36:33.501605988 MEZ804920094.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:32 GMT
Content-Type: image/jpeg
Content-Length: 1693
Connection: keep-alive
Last-Modified: Tue, 01 Nov 2011 19:59:10 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 07 04 04 04 05 04 07 05 05 07 0a 07 05 07 0a 0c 09 07 07 09 0c 0d 0b 0b 0c 0b 0b 0d 11 0d 0d 0d 0d 0d 0d 11 0d 0f 10 11 10 0f 0d 14 14 16 16 14 14 1e 1d 1d 1d 1e 22 22 22 22 22 22 22 22 22 22 ff db 00 43 01 08 07 07 0d 0c 0d 18 10 10 18 1a 15 11 15 1a 20 20 20 20 20 20 20 20 20 20 20 20 20 21 20 20 20 20 20 20 21 21 21 20 20 20 21 21 21 21 21 21 21 21 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 ff c0 00 11 08 00 30 00 84 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 00 03 05 06 07 01 02 04 08 ff c4 00 34 10 00 00 04 05 02 03 06 06 01 05 01 00 00 00 00 00 01 02 03 04 00 05 06 11 12 07 13 14 21 31 15 22 23 32 41 51 08 16 42 61 71 81 62 17 25 33 52 82 a1 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff c4 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fa 46 01 00 80 40 20 10 08 04 02 01 00 80 40 20 10 08 04 02 01 01 1f 10 df 7b 63 70 bb d6 be dd c3 2b 7e 3a c0 49 00 80 40 20 10 08 04 02 01 00 80 40 20 10 08 04 06 0d af d5 84 da 91 d2 99 b4 e2 50 6d b9 90 02 68 20 b7 aa 62 ba a5 4c 54 0f e4 52 98 44 bf 78 0d 3e 1a 0b 27 36 99 7c cd 8b f1 aa 85 a7 69 76 ef 14 6b f1 1b 7b de 5b 79 32 e5 97 9b d7 28 0a c9 96 ae 6a 7c e6 9a d3 55 10 38 ac b2 b3 00 4d 51 15 f6 41 fb c6 6f 08 54 52 71 cc 3b 98 ed 89 8c 3c 84 c2 23 e9 c8 32 35 2a 6a f9 87 c4 3c fd 49 04 9d b3 da 91 d4 91 98 b9 41 77 05 49 b3 7b 22 dc ea 98 54 b8 66 00 a0 81 0b 63 05 ef d6 02 fc bf 14 89 0e 94 b6 aa fb 28 06 a0 76 fc d2 94 65 a0 af 85 c4 10 a0 71 39 94 1b 09 49 81 ca 36 10 bd c6 dd 3b d0 13 53 5f 10 b3 d5 4b 52 ca aa 29 63 34 2a 49 1c a5 c4 e1 b7 04 e4 1c 34 70 44 12 cf 0c c8 65 2c 37 10 bd 8c 3e bd 2d 01 6f a3 1a a9 5e d7 ea 16 63 30 90 a1 2e a5 d5 6c 63 37 7c 57 00 75 14 70 9a 80 99 8a 09 5f 30 20 8e 56 11 2f d3 d6 02 2d 54 d6 c9 c5 3d 58 b5 a2 e9 46 0d 5e cf 55 43 8b 72 b4 c1 c1 5b 36 45 3e 78 97 23 19 30 13 98 0b 7f 37 b7 5b f2 0a 37 9f 14 6e 0b a5 ed aa e6 d2 82 0c d0 b3 82 c9 a6 52 d1 54 4c 52 98 51 51 6c d2 39 43 bd 90 10 2d fb eb d6 03 82 6b de ac 05 5a bd 16 ad 26 cc 6a 75 11 07 2c d3 2b e0 d8 4d 2c 73 36 fa 83 dd 11 28 77 79 18 bd e8 0b 6a 7f 5e 2a 1a 83 49 d6 ab 65 14 f7 11 3d 6e f4 d2 f7 0c 01 60 22 09 9c a0 53 99 65 15 3e 16 4c 08 a0 7e f9 7d e0 2a e9 bd 72 9a 55 28 d5 f4 95 47 2f 62 67 d2 d9 2b b7 a2 bc ad d0 2e d1 64 8a 98 14 e9 ee 14 ca 58 de 31 42 e0 61 b7 3e 82 10 18 3a 6e 98 b8 a6 74 41 46 0d 78 36 87 9f af b6 df 70 ca e3 69 a9 00 7b e6 e6 37 1b 8c 06 65 3a f8 93 aa cb 58 cd 65 12 59 54 b4 ed a5 2f 45 90 b3 7c f4 1a 3f 74 24 38 26 26 40 aa 09 09 cc 6e 21 c8 79 40 6e e6 6b 9d 76 89 2e 74 8c 81 d4 21 4e 64 4f 88 98 82 60 b8 94 d8 89 8b 70 e8 36 11 08 09 60 10 18 be ab d2 2d ea ea 06 65 21 71 70 23 82 94 73 20 5c c5 32 67 03 94 e0 1f c4 4b 78 0d 37 f2 ef c4 0f c8 9f 25 76 f4 9f e5 ed 9e 0b 8a f1 78 ee 12 d8 ec db 6f fd 3b 9f 8f ab d6 03 d5 55 e8 ac d9 8d 1d 42 21 4c 9d b0 bf 90 3b 33 9f ee 19 26 92 c2 65 48 b6 4a 61 71 02 89 cb 7b 5f ca 3d 79 40 65 74 9e 9d 4d 47 59 66 55 3c f0 59 aa 83 a9 33 44 05 26 c7 54 6c e0 89 37 2a 82 5c 8a 5f 0a e4 36 3d eb da d0 1a ed 5d 04 a8 0f a4 e6 94 a8 e5 af 6a a3 50 2f 30 6c 60 13 9d b1 88 a3 74 53 db 54 4c 42 88 08 ed df ca 3f fb c8 2e 69 2d 21 a8 c8 95 54 e1 fa 52 16 4e 1e 49 1d b1 62 ce 52 90 ed 24 75 db 8a 62 a9 97 32 67 56 c6 1e a0 07 1e a3 cb d2 03 65 68 85 14 6a 5f 4f 25 4c 9e 6d 9e 68 8a 4a 11 65 92 31 cc 41 03 2c 63 06 39 01 7d 2d f4 c0 60 5a d5 a4 f3 89 c6 a8 b5 a9 e5 08 ca de 1c 5a 95
Data Ascii: JFIFHHC""""""""""C ! !!! !!!!!!!!"""""""""""""""04!1"#2AQBaqb%3R?F@ @ {cp+~:I@ @ Pmh bLTRDx>'6|ivk{[y2(j|U8MQAoTRq;<#25*j<IAwI{"Tfc(veq9I6;S_KR)c4*I4pDe,7>-o^c0.lc7|Wup_0 V/-T=XF^UCr[6E>x#07[7nRTLRQQl9C-kZ&ju,+M,s6(wyj^*Ie=n`"Se>L~}*rU(G/bg+.dX1Ba>:ntAFx6pi{7e:XeYT/E|?t$8&&@n!y@nkv.t!NdO`p6`-e!qp#s \2gKx7%vxo;UB!L;3&eHJaq{_=y@etMGYfU<Y3D&Tl7*\_6=]jP/0l`tSTLB?.i-!TRNIbR$ub2gVehj_O%LmhJe1A,c9}-`ZZ
220
Nov 22, 2017 13:36:33.501621008 MEZ804920094.46.14.103192.168.1.16Data Raw: 17 12 f9 de 7c 2a 98 e4 00 7b 92 c3 7e 7e e1 d3 ef 01 4e ff 00 44 aa 35 b4 85 9c 9c ae 25 9d ac 69 f2 2f dc a8 82 5c 32 00 44 db ac 9e d1 76 90 28 9c 4b 98 73 12 fe e0 33 c1 d3 03 7f 5f 42 a2 f0 3b 10 25 1c 37 0f 91 f7 77 73 eb 6c 6d 6f fa 80 d7
Data Ascii: |*{~~ND5%i/\2Dv(Ks3_B;%7wslmo&By<j/>eRbH[&@Mc`n_JYTLW,sZuBQR1<0r#,HjDi+fg7)Kp>c}VQ:;[s#mv&%n@en
220
Nov 22, 2017 13:36:33.908938885 MEZ4921880192.168.1.1662.149.144.39GET /images/tip_balloon/background.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
241
Nov 22, 2017 13:36:34.092449903 MEZ804919694.46.14.103192.168.1.16HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 22 Nov 2017 12:36:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Data Raw: 31 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 55 50 41 4e c3 30 10 bc e7 15 4b cf 90 2d a8 47 2b 52 69 52 51 29 94 0a a5 07 8e 6e bd 8d 2d 39 76 b1 37 54 fd 3d 76 8a 04 1c 67 76 76 66 76 c5 5d fd b6 ea 3e 76 0d bc 74 af 2d ec f6 cf ed 66 05 b3 07 c4 4d d3 ad 11 eb ae be 4d 9e ca 39 62 b3 9d 55 85 d0 3c d8 4a 68 92 2a 01 36 6c a9 5a cc 17 b0 f5 0c 6b 3f 3a 25 f0 46 16 02 27 91 38 78 75 cd 7b 8f d5 1f 4d 42 85 38 57 9d 26 08 f4 39 52 64 52 b0 7f 6f 01 cd 20 7b 8a 68 bd 54 c6 f5 4b 97 30 1b ef ca de 9c e0 22 23 b8 64 72 ca 26 e0 1d b0 36 11 22 85 2f 0a a5 c0 f3 e4 b9 54 ca e4 0d 69 ed f5 1e 24 fc 6b 57 50 08 3e 4c 46 e4 8e 89 61 0a 29 f9 a2 8d 25 e0 70 4d 91 c0 1e c6 48 20 1d 34 59 5c fb e3 38 90 e3 cc 6b e9 54 16 fe d6 fe 89 c5 e9 ca 74 57 fe 4e f1 0d 9c 5d 10 75 58 01 00 00 0d 0a 30 0d 0a 0d 0a
Data Ascii: 100UPAN0K-G+RiRQ)n-9v7T=vgvvfv]>vt-fMM9bU<Jh*6lZk?:%F'8xu{MB8W&9RdRo {hTK0"#dr&6"/Ti$kWP>LFa)%pMH 4Y\8kTtWN]uX0
242
Nov 22, 2017 13:36:34.092474937 MEZ804919794.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Data Raw: 32 32 37 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7c 69 97 db 36 96 e8 f7 3e a7 ff 03 4b 93 2e 12 11 b5 94 e3 a4 63 a9 50 35 8e 63 67 3c e3 6d 6c 67 92 6e 49 ae 03 91 90 48 89 22 55 24 b5 95 a4 f9 ed ef 5e 2c 24 a8 c5 76 de f4 99 25 4b 09 c4 7a 37 dc 0d 20 af 2f 7e 7e fb ec e3 df de 3d b7 82 7c 16 dd fc f9 4f d7 e2 f7 3a e0 cc c7 a7 19 cf 19 34 e5 f3 06 bf 5f 84 4b 5a f3 92 38 e7 71 de c8 37 73 5e b3 d4 13 ad e5 7c 9d b7 70 68 d7 f2 02 96 66 3c a7 bf 7e 7c d1 f8 b1 76 73 9d 87 79 c4 6f 5e 30 8f 0f 93 64 6a 3d 4b 93 2c 6b fc 9c cc 58 18 5b af 79 96 b1 71 18 8f ad 80 47 73 9e 5e b7 64 ef eb 96 00 e0 7a 98 f8 9b 9b eb cc 4b c3 79 7e 63 f9 89 b7 98 c1 72 4d 5f 8e a6 96 3d 52 d3 36 bd 64 66 77 ad 70 e4 5c 3c 4d 53 b6 69 86 99 f8 25 95 27 3a 5a c4 5e 1e 26 b1 c3 c8 36 e5 f9 22 8d ad b7 c3 09 f7 f2 e6 3c 4d f2 04 91 6a e6 c9 87 3c 05 90 9a 1e 8b 22 e8 48 a9 dd 4b 44 27 4b 4c 32 b0 bb fb ee 9f ff e4 14 73 91 ed 92 a5 16 a3 67 67 72 87 aa cd a9 b1 1a 71 3d 3a ec b5 07 17 14 1e ba 7a 12 cb 77 38 d9 72 5a e7 5d c0 81 5f 50 2a 1e db dd 3d 8f 32 6e a9 ba f6 e5 25 fe 38 57 ad 36 91 c5 86 28 13 4e 1d 7e d3 de ed 1a 57 e4 db d7 2c 0f 9a a3 28 49 52 47 14 d9 30 83 b9 49 57 e1 cb bb fb 92 4a 25 ac 33 36 27 27 ea 4a 8a 71 77 44 b6 30 12 5b 92 91 05 8b db ba cd 26 79 90 26 2b 2b e6 2b eb 23 34 3f 4f 53 58 9c 74 91 2c 63 37 a0 79 10 66 cd 88 c7 e3 3c 70 43 8a bd c4 4a 4e 40 ba 23 e8 38 06 34 c7 d7 41 b7 5e 1f 13 58 60 6c 01 6b 71 08 09 7b e3 01 e5 92 0f 23 17 ab a0 c2 1d 8b 52 81 4f 08 dc 38 85 10 cc fc 9c 79 c1 11 52 aa fe 00 31 01 22 e0 2b 9e ce cd 18 46 39 4f 8f 27 14 d5 ff 08 42 01 71 4c 52 4d 68 6f 60 10 28 3c 26 d0 56 d2 16 a8 22 a4 46 53 2a d0 34 22 93 e6 7c 91 05 48 e8 bd 22 d7 e4 0c 72 7c c9 d3 cd 11 6e a2 f6 bf 8e 9a e0 b9 da 02 02 30 10 8a b1 42 53 60 88 bd 42 c0 32 04 31 08 eb 75 c4 32 44 2c 05 be 17 05 62 e3 5e 38 70 43 77 4c 88 c2 66 c4 60 77 68 49 c8 d3 05 3f 83 5d 96 cc f8 11 72 58 f9 3f 8d db 79 d4 04 36 15 34 4f a3 16 c6 3e 5f bf 1d 1d 61 a7 ea 0f 10 94 20 1b 52 d6 1d ed 10 b6 91 33 ba 6e 93 51 9d 8e 05 cc dd d1 35 14 24 b0 23 2d 6e 97 97 42 d8 46 03 8a da 49 83 a6 61 6c 5c 9d 01 30 62 59 fe 52 02 b3 db 39 bd b6 7b 35 30 eb 9c b6 db f8 8e 5c 50 50 5d 47 38 18 dd 0c 3c 24 16 23 ea 5d 5e 32 49 3e 41 77 4a 6b 5a 4f 4b b5 3b a8 dd 0a 44 b3 79 14 82 ea ad 91 4e 85 4d 63 3a 52 34 b8 b9 b9 11 24 b8 18 93 12 19 5c 03 38 09 25 68 61 e9 58 58 1e 4d b5 9b 2b 12 50 a1 5d 67 61 ec 04 ae 5f f6 e8 5d 0d 40 d9 06 34 b8 a1 ed db a0 33 6e 14 4a 58 a9 bb 2e b6 74 83 46 03 89 1b 20 71 47 a0 cb 81 a6 a3 5e 30 d0 00 04 5f 24 6b ca fd 85 77 2c d4 b2 ba 42 ad 8a 50 7f 49 aa 79 dd b6 c2 cc 8a 93 dc 62 56 d9 b5 2b 49 6e 08 0e 12 cd 95 4a eb 90 3a 80 cb 23 84 39 24 63 6a d2 45 a0 1f 20 f2 d7 23 50 66 01 12 40 cc 18 b0 ec ed 2a 7e 97 26 e0 02 e4 68 17 c4 26 41 92 a0 e0 93 ad 94 58 20 4f 17 34 a4 d8 e5 c2 2a 8e 29 77 a4 a6 83 26 80 44 da 85 ca d0 53 28 da ef 05 8d 2c 24 c8 6c 9e 6f 2c 86 34 b4 56 61 1e 00 de c0 90 30 0f 59 64 2d 59 b4 e0 76 61 67 c6 9f e5 c3 fb 70 1c e4 67 98 21 da fe 57 73 64 04 52 16 dc c0 9f 46 e3 ff 1e 53 f6 04 54 f1 9f ff 84 bc f9 99 e5 bc 19 27 2b a2 0b d4 70 d2 d4 10 5c 16 9b 1d d2 1c f3 fc 63 38 83 92 70 e8 32 1e 8d 9a 77 77 3f 3f ff 8f bb 3b 6a 3e ec 76 6d 35 ff 0b 35 9b c1 e2 21 e8 59 72 a6 be e2 6e 96 3c 47 8a 7c d1 ba d8 3f c1 04 d6 6c 91 e5 d6 90 5b a8 e5 b8 6f 81 9f 78 24 02 43 c1 06 70 2a 8f cc 5b 14 7a dc f5 a9 a7 1c 59 cd 76 f7 8a 94 6e 27 77 b4 36 1d 96 43 2f 2f 85 04 00 d1 b3 9c c5 1e c2 3c 2c 48 3e 6c b2 f9 3c da 38 17 a0 b5 d8 6e 27 16 f7 c1 fd 8e 3d 96 3b 87 6b 11 50 85 7b 5e ce 6c ae d2
Data Ascii: 227d|i6>K.cP5cg<mlgnIH"U$^,$v%Kz7 /~~=|O:4_KZ8q7s^|phf<~|vsyo^0dj=K,kX[yqGs^dzKy~crM_=R6dfwp\<MSi%':Z^&6"<Mj<"HKD'KL2sggrq=:zw8rZ]_P*=2n%8W6(N~W,(IRG0IWJ%36''JqwD0[&y&+++#4?OSXt,c7yf<pCJN@#84A^X`lkq{#RO8yR1"+F9O'BqLRMho`(<&V"FS*4"|H"r|n0BS`B21u2D,b^8pCwLf`whI?]rX?y64O>_a R3nQ5$#-nBFIal\0bYR9{50\PP]G8<$#]^2I>AwJkZOK;DyNMc:R4$\8%haXXM+P]ga_]@43nJX.tF qG^0_$kw,BPIybV+InJ:#9$cjE #Pf@*~&h&AX O4*)w&DS(,$lo,4Va0Yd-Yvagpg!WsdRFST'+p\c8p2ww??;j>vm55!Yrn<G|?l[ox$Cp*[zYvn'w6C//<,H>l<8n'=;kP{^l
244
Nov 22, 2017 13:36:34.213242054 MEZ804919594.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 15 Mar 2014 05:39:40 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Data Raw: 32 32 37 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7c 69 97 db 36 96 e8 f7 3e a7 ff 03 4b 93 2e 12 11 b5 94 e3 a4 63 a9 50 35 8e 63 67 3c e3 6d 6c 67 92 6e 49 ae 03 91 90 48 89 22 55 24 b5 95 a4 f9 ed ef 5e 2c 24 a8 c5 76 de f4 99 25 4b 09 c4 7a 37 dc 0d 20 af 2f 7e 7e fb ec e3 df de 3d b7 82 7c 16 dd fc f9 4f d7 e2 f7 3a e0 cc c7 a7 19 cf 19 34 e5 f3 06 bf 5f 84 4b 5a f3 92 38 e7 71 de c8 37 73 5e b3 d4 13 ad e5 7c 9d b7 70 68 d7 f2 02 96 66 3c a7 bf 7e 7c d1 f8 b1 76 73 9d 87 79 c4 6f 5e 30 8f 0f 93 64 6a 3d 4b 93 2c 6b fc 9c cc 58 18 5b af 79 96 b1 71 18 8f ad 80 47 73 9e 5e b7 64 ef eb 96 00 e0 7a 98 f8 9b 9b eb cc 4b c3 79 7e 63 f9 89 b7 98 c1 72 4d 5f 8e a6 96 3d 52 d3 36 bd 64 66 77 ad 70 e4 5c 3c 4d 53 b6 69 86 99 f8 25 95 27 3a 5a c4 5e 1e 26 b1 c3 c8 36 e5 f9 22 8d ad b7 c3 09 f7 f2 e6 3c 4d f2 04 91 6a e6 c9 87 3c 05 90 9a 1e 8b 22 e8 48 a9 dd 4b 44 27 4b 4c 32 b0 bb fb ee 9f ff e4 14 73 91 ed 92 a5 16 a3 67 67 72 87 aa cd a9 b1 1a 71 3d 3a ec b5 07 17 14 1e ba 7a 12 cb 77 38 d9 72 5a e7 5d c0 81 5f 50 2a 1e db dd 3d 8f 32 6e a9 ba f6 e5 25 fe 38 57 ad 36 91 c5 86 28 13 4e 1d 7e d3 de ed 1a 57 e4 db d7 2c 0f 9a a3 28 49 52 47 14 d9 30 83 b9 49 57 e1 cb bb fb 92 4a 25 ac 33 36 27 27 ea 4a 8a 71 77 44 b6 30 12 5b 92 91 05 8b db ba cd 26 79 90 26 2b 2b e6 2b eb 23 34 3f 4f 53 58 9c 74 91 2c 63 37 a0 79 10 66 cd 88 c7 e3 3c 70 43 8a bd c4 4a 4e 40 ba 23 e8 38 06 34 c7 d7 41 b7 5e 1f 13 58 60 6c 01 6b 71 08 09 7b e3 01 e5 92 0f 23 17 ab a0 c2 1d 8b 52 81 4f 08 dc 38 85 10 cc fc 9c 79 c1 11 52 aa fe 00 31 01 22 e0 2b 9e ce cd 18 46 39 4f 8f 27 14 d5 ff 08 42 01 71 4c 52 4d 68 6f 60 10 28 3c 26 d0 56 d2 16 a8 22 a4 46 53 2a d0 34 22 93 e6 7c 91 05 48 e8 bd 22 d7 e4 0c 72 7c c9 d3 cd 11 6e a2 f6 bf 8e 9a e0 b9 da 02 02 30 10 8a b1 42 53 60 88 bd 42 c0 32 04 31 08 eb 75 c4 32 44 2c 05 be 17 05 62 e3 5e 38 70 43 77 4c 88 c2 66 c4 60 77 68 49 c8 d3 05 3f 83 5d 96 cc f8 11 72 58 f9 3f 8d db 79 d4 04 36 15 34 4f a3 16 c6 3e 5f bf 1d 1d 61 a7 ea 0f 10 94 20 1b 52 d6 1d ed 10 b6 91 33 ba 6e 93 51 9d 8e 05 cc dd d1 35 14 24 b0 23 2d 6e 97 97 42 d8 46 03 8a da 49 83 a6 61 6c 5c 9d 01 30 62 59 fe 52 02 b3 db 39 bd b6 7b 35 30 eb 9c b6 db f8 8e 5c 50 50 5d 47 38 18 dd 0c 3c 24 16 23 ea 5d 5e 32 49 3e 41 77 4a 6b 5a 4f 4b b5 3b a8 dd 0a 44 b3 79 14 82 ea ad 91 4e 85 4d 63 3a 52 34 b8 b9 b9 11 24 b8 18 93 12 19 5c 03 38 09 25 68 61 e9 58 58 1e 4d b5 9b 2b 12 50 a1 5d 67 61 ec 04 ae 5f f6 e8 5d 0d 40 d9 06 34 b8 a1 ed db a0 33 6e 14 4a 58 a9 bb 2e b6 74 83 46 03 89 1b 20 71 47 a0 cb 81 a6 a3 5e 30 d0 00 04 5f 24 6b ca fd 85 77 2c d4 b2 ba 42 ad 8a 50 7f 49 aa 79 dd b6 c2 cc 8a 93 dc 62 56 d9 b5 2b 49 6e 08 0e 12 cd 95 4a eb 90 3a 80 cb 23 84 39 24 63 6a d2 45 a0 1f 20 f2 d7 23 50 66 01 12 40 cc 18 b0 ec ed 2a 7e 97 26 e0 02 e4 68 17 c4 26 41 92 a0 e0 93 ad 94 58 20 4f 17 34 a4 d8 e5 c2 2a 8e 29 77 a4 a6 83 26 80 44 da 85 ca d0 53 28 da ef 05 8d 2c 24 c8 6c 9e 6f 2c 86 34 b4 56 61 1e 00 de c0 90 30 0f 59 64 2d 59 b4 e0 76 61 67 c6 9f e5 c3 fb 70 1c e4 67 98 21 da fe 57 73 64 04 52 16 dc c0 9f 46 e3 ff 1e 53 f6 04 54 f1 9f ff 84 bc f9 99 e5 bc 19 27 2b a2 0b d4 70 d2 d4 10 5c 16 9b 1d d2 1c f3 fc 63 38 83 92 70 e8 32 1e 8d 9a 77 77 3f 3f ff 8f bb 3b 6a 3e ec 76 6d 35 ff 0b 35 9b c1 e2 21 e8 59 72 a6 be e2 6e 96 3c 47 8a 7c d1 ba d8 3f c1 04 d6 6c 91 e5 d6 90 5b a8 e5 b8 6f 81 9f 78 24 02 43 c1 06 70 2a 8f cc 5b 14 7a dc f5 a9 a7 1c 59 cd 76 f7 8a 94 6e 27 77 b4 36 1d 96 43 2f 2f 85 04 00 d1 b3 9c c5 1e c2 3c 2c 48 3e 6c b2 f9 3c da 38 17 a0 b5 d8 6e 27 16 f7 c1 fd 8e 3d 96 3b 87 6b 11 50 85 7b 5e ce 6c ae d2
Data Ascii: 227d|i6>K.cP5cg<mlgnIH"U$^,$v%Kz7 /~~=|O:4_KZ8q7s^|phf<~|vsyo^0dj=K,kX[yqGs^dzKy~crM_=R6dfwp\<MSi%':Z^&6"<Mj<"HKD'KL2sggrq=:zw8rZ]_P*=2n%8W6(N~W,(IRG0IWJ%36''JqwD0[&y&+++#4?OSXt,c7yf<pCJN@#84A^X`lkq{#RO8yR1"+F9O'BqLRMho`(<&V"FS*4"|H"r|n0BS`B21u2D,b^8pCwLf`whI?]rX?y64O>_a R3nQ5$#-nBFIal\0bYR9{50\PP]G8<$#]^2I>AwJkZOK;DyNMc:R4$\8%haXXM+P]ga_]@43nJX.tF qG^0_$kw,BPIybV+InJ:#9$cjE #Pf@*~&h&AX O4*)w&DS(,$lo,4Va0Yd-Yvagpg!WsdRFST'+p\c8p2ww??;j>vm55!Yrn<G|?l[ox$Cp*[zYvn'w6C//<,H>l<8n'=;kP{^l
253
Nov 22, 2017 13:36:34.213269949 MEZ804919594.46.14.103192.168.1.16Data Raw: e5 4d 3f 04 dd cc 36 6f 18 18 62 7b 98 2c 62 bf 63 d7 9d a1 59 bf db 0d 9b b1 f8 b5 9d 5b 02 38 97 6e 75 41 5e 6b 54 b2 57 4d 63 d9 f5 21 70 b5 f4 79 81 83 7f fe 13 62 fa af 1f de be 11 1b 19 0b 04 ff d0 ed be 6b 7a f3 f6 02 c4 38 83 25 bc dc 2e
Data Ascii: M?6ob{,bcY[8nuA^kTWMc!pybkz8%.)I}k3;;|{O))"a(%!E3pFv3h{YW',LtEO}_P\QGY<=)I""N&^h6h
255
Nov 22, 2017 13:36:34.213277102 MEZ804919594.46.14.103192.168.1.16Data Raw: a6 46 50 50 c3 38 0c f0 aa fc 1f a5 9c 3f 14 12 2d 9f 2a 32 20 a3 68 f3 ec 0b 2a 59 f3 ee 6e 56 76 1b ba 1e d9 0e a1 ee c3 6b 3c 3c a4 5e 91 38 90 b9 1a 99 0f 92 3b e9 28 42 cc 72 96 e6 d9 6f 61 1e 90 cf b4 55 60 aa 95 d1 7a ad ab 72 57 15 d9 3b
Data Ascii: FPP8?-*2 h*YnVvk<<^8;(BroaU`zrW;}i`(Yvsuv2+l:MoJQ+2Xt~" 4*A"Gx"&n<V|wt;0[GEsM3rG"eT#PCT/5{
255
Nov 22, 2017 13:36:34.302373886 MEZ804919594.46.14.103192.168.1.16Data Raw: 72 e2 1a bc d7 f6 3b a6 57 dd f8 fa 50 7d 34 1e 75 63 79 b8 5a 6a 8f 58 30 1f a6 84 02 53 61 4c b9 14 2e 2b e0 28 7c 81 a3 c3 26 84 5b 65 67 c6 00 b5 84 1f b6 5d 77 46 2b 88 42 ac 8c 7a 58 4f 4d 39 19 82 ef 3a 15 19 13 df 88 d7 a8 a6 13 31 6a eb
Data Ascii: r;WP}4ucyZjX0SaL.+(|&[eg]wF+BzXOM9:1juOh@p+v_YhE}*t@>J6a8Oat[lFd%mlws~ttm;Q?+k0M"S.r:nv\d"p&f++^+g#
257
Nov 22, 2017 13:36:34.302390099 MEZ804919594.46.14.103192.168.1.16Data Raw: be 2f 52 2f 17 15 ff 13 7a 04 46 13 2d fb 11 52 36 18 d5 85 cd 0d ce 99 31 71 4f d2 d0 9a 87 74 3c af 4c aa d7 7c 8e 75 a5 f1 ae 80 e9 b8 81 b8 8f 41 ed 6d f3 80 e5 ef 45 97 ac 83 17 3c 8b a7 17 b8 c3 3b e0 9d 8b 9d 6e b6 7c 4c 17 d8 80 87 2e 95
Data Ascii: /R/zF-R61qOt<L|uAmE<;n|L.7 P/J'DIfJSWdOOa@^*x7ssw.K{I};Wcq23@$Nq/ %/)a^z|!y4&9-
259
Nov 22, 2017 13:36:34.302397013 MEZ804919594.46.14.103192.168.1.16Data Raw: 77 6d 8c 12 83 9a d5 47 db dd 88 5c 74 11 d1 cc a3 c5 38 8c b3 e2 5a f2 51 0b 6e 21 e3 0e be dc 2b a7 7a 35 7d 2e f7 05 80 26 7c f5 cb cb b2 db 2c 9c 71 bc e1 91 9d ac ec ad 06 e7 ea 61 2f e0 6d 3b ff 9d 58 87 6c e8 43 73 26 32 dd 52 b1 10 f9 55
Data Ascii: wmG\t8ZQn!+z5}.&|,qa/m;XlCs&2RU:#`v*$~KfBG[\.xo;z:W{a|Be/%VhF)z%L]7.Y!N'+0~?o$ST\]a)8E2P
259
Nov 22, 2017 13:36:34.309729099 MEZ804919594.46.14.103192.168.1.16Data Raw: bc 84 a7 24 96 df f4 e1 b8 36 97 47 c9 4f e3 e2 55 62 f1 42 77 b2 c8 ad 62 14 5e c0 2b 06 59 33 36 e5 78 91 c4 ca 78 2c de 52 38 ba 75 f2 c5 c9 ec ba fd 99 f9 f6 12 68 2f 60 60 6d 23 71 b8 c0 52 d0 89 af 43 70 2f 80 36 aa 41 78 37 2e 8c 8a 40 f7
Data Ascii: $6GOUbBwb^+Y36xx,R8uh/``m#qRCp/6Ax7.@c=-p@26eh()hmF7 ^st\Bckm6@zYf^FZ`[V{I|9vc[U<x`%{56o#
260
Nov 22, 2017 13:36:34.316970110 MEZ804919594.46.14.103192.168.1.16Data Raw: 2f 2e c0 21 c8 42 31 41 4c 05 b4 9a 65 56 03 55 12 38 8b e1 68 63 e1 c9 85 e4 9f bc a8 ce 53 fd 6d 0f 58 11 64 d5 0a 42 df e7 31 ea b1 30 5e 86 59 38 14 37 ec ec 85 50 4e cf 3e 7c 40 cd 2d 3e ce b0 0a a3 08 a4 40 dc 02 4f 66 dc 1a 82 9e 04 53 98
Data Ascii: /.!B1ALeVU8hcSmXdB10^Y87PN>|@->@OfS$0R.kV^[$C^Jpqh/w!r{QZ@lf|?1!PGhr-~`NYWhyQHYUoa"GIfTXx1
262
Nov 22, 2017 13:36:34.317001104 MEZ804919594.46.14.103192.168.1.16Data Raw: 7a 68 e1 69 1e c6 1e e8 55 43 38 b1 89 38 ad a9 ef 15 76 f0 13 16 bc 0b e1 76 94 a4 1d 40 b8 76 f3 e1 f9 b3 5f df bf fc f8 37 4b bf 34 60 bd 8b f0 f2 9e 95 a3 98 8b 4c c0 af ef 5f e1 56 00 85 01 a1 fd 26 59 58 2b e1 a7 40 29 05 ef 29 cb 56 49 0a
Data Ascii: zhiUC88vv@v_7K4`L_V&YX+@))VIK[eA,7o`ukX|'=YJAXZeh`U~W4!k=jTj?c^0
262
Nov 22, 2017 13:36:36.966417074 MEZ4919580192.168.1.1694.46.14.103GET /images/sprites/filetypes.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
282
Nov 22, 2017 13:36:37.395188093 MEZ4919780192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/YLogin.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
283
Nov 22, 2017 13:36:37.505554914 MEZ4922280192.168.1.1662.149.144.39GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: www.viewdocsonline.com
DNT: 1
Connection: Keep-Alive
284
Nov 22, 2017 13:36:37.912962914 MEZ804919794.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 02 Oct 2014 08:49:26 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Data Raw: 33 34 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 df 8f db 36 0c 7e ce 01 f7 3f 10 ea 5b 51 c7 b9 a6 bd b5 39 3b c0 b0 f6 9e 3a 60 0f db 80 3d 15 8a c4 d8 5a 65 c9 93 94 e4 ae c5 fe f7 92 b2 7d cd e1 72 d7 fd 70 10 c7 12 29 92 1f f9 91 4e d5 a6 ce ae ab 16 a5 5e 9f 9f 55 c9 24 8b eb 9f a5 93 0d c2 1f 7e 17 e0 9d ef a4 71 50 c0 07 df 18 57 95 83 06 a9 5a e3 3e 41 40 5b 8b d8 fa 90 d4 2e 81 51 de 09 68 03 6e 6b d1 a6 d4 af ca f2 70 38 cc f7 06 0f da ab e8 1d 9d c1 b9 f2 5d b9 95 7b 56 9e d3 4d 40 ba ed b1 16 a6 23 9f e5 4d 91 8d b0 83 0e 93 04 36 53 e0 5f 3b b3 af c5 4f de 25 74 a9 60 7d 01 6a 58 d5 22 e1 4d 2a 19 c6 15 a8 56 86 88 a9 fe ed d7 eb e2 4d 36 12 d3 ad c5 d1 43 56 54 31 b2 60 2e 77 c9 17 59 7a 01 5f ce cf 66 1b 1f 34 86 e2 60 74 6a 57 70 d1 df 5c f1 a6 54 9f 9a e0 77 4e 17 ca 5b 1f 56 f0 6c b9 7c fb f6 fa 9a 84 7f 9f 9f 49 3a 38 ed ab 4b bc c0 4b da 67 2f 85 46 e5 83 4c c6 bb 15 38 ef 70 d0 3f 72 fa 32 3b cd ba d2 9a 86 d4 14 81 c1 30 28 ce 66 70 a4 bb 7c 52 b7 2a b3 12 83 2d a7 32 6e bc be 85 bc 5d 8b a2 f3 9f 8b 5d 24 6c 11 2d aa b4 02 b6 74 25 60 d3 e4 d8 6b f1 6c 9b af 9c af 4d f8 76 df fa d0 01 55 a1 f5 ba 16 bd 8f 49 80 54 8c a9 16 b7 b2 f5 7e de b7 3d 1f 9a 55 da ec 41 59 19 63 2d 8e 20 0e b2 c1 96 71 3d 11 c4 c9 8e 22 1a 8c 08 d8 4b bb a3 a5 65 62 4d 2c 68 8d d6 98 eb 3f 1b ae ca 74 0d 48 4b 75 26 66 a1 69 5a 7a 7a f5 46 40 0c aa 16 bf 13 b3 3e 6e 8d c5 58 0e 11 fd d9 37 02 72 0d 6b 71 b1 7c 29 a0 5c 57 43 b2 c8 22 f3 5b 6e 88 0e 0a ad ed a5 d6 c6 35 64 4c e4 75 ec a5 ca eb 05 65 26 73 81 2c e4 94 24 ce e6 ba 4a 81 be 1a 72 05 6a 31 18 15 0f 51 0f 67 b6 44 4e 18 d3 4b a9 dd a0 12 b0 95 8a 00 ee 31 68 6a af 17 20 83 91 76 e4 68 f0 ae 59 33 18 f8 d1 da a9 ef 54 e4 d2 66 51 55 b2 41 fa 49 b9 bc 65 8e e5 64 3c 77 45 d5 0b fe 88 47 61 2f 1e 87 bd 38 82 cd 0f d9 d1 7a c0 74 12 04 44 f3 99 76 a9 e0 13 96 f3 b3 f7 34 36 ec ea 31 04 6c ef 98 12 01 9b 8f cc 51 5e dd 99 5b 4c a4 40 b6 25 ee c1 ff cf 71 fd 42 f5 3a 10 d0 7f 15 5a 3f 1e ba e3 ec c3 18 ef 54 4e 87 c9 64 a0 5c 3b 8e e6 64 ab dc a3 4c 40 fd 08 5f 4e 41 7a 9e 73 0d d2 69 98 d0 91 36 d5 5b 46 84 88 2e 9a 64 f6 c8 8d f8 9e 49 c2 18 8c 06 ea 30 e3 b6 34 dd b9 19 4f 26 63 42 50 8e 1d 50 66 1a 0d 3b a3 f4 84 ec b8 df c7 6c e5 57 07 24 0f 4c f1 29 61 71 b7 e9 4c fa 36 74 d8 ec d8 aa 55 49 03 25 fb e1 11 f4 9d 51 54 1a a7 f1 66 ae 1a f3 c4 2c 5a 66 3f c7 93 80 7c 3e f5 65 08 0f 07 cf 0f af 1f 0e 1e ed 0f ce 7a a9 ef cf 9e 4b 7a fd 7c 1f 57 96 fe 5f 6c c3 9c 9d 1d a3 9b cd fe a1 ef 72 ac 5e fe 17 f0 15 22 37 d4 ad 0c 08 00 00 0d 0a 30 0d 0a 0d 0a
Data Ascii: 347V6~?[Q9;:`=Ze}rp)N^U$~qPWZ>A@[.Qhnkp8]{VM@#M6S_;O%t`}jX"M*VM6CVT1`.wYz_f4`tjWp\TwN[Vl|I:8KKg/FL8p?r2;0(fp|R*-2n]]$l-t%`klMvUIT~=UAYc- q="KebM,h?tHKu&fiZzzF@>nX7rkq|)\WC"[n5dLue&s,$Jrj1QgDNK1hj vhY3TfQUAIed<wEGa/8ztDv461lQ^[L@%qB:Z?TNd\;dL@_NAzsi6[F.dI04O&cBPPf;lW$L)aqL6tUI%QTf,Zf?|>ezKz|W_lr^"70
287
Nov 22, 2017 13:36:37.925208092 MEZ4919780192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/View_files/download.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.dinartedamaso.com/R-viewdoc/Re-viewdoc/YLogin.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
287
Nov 22, 2017 13:36:39.311136007 MEZ804919794.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:38 GMT
Content-Type: image/jpeg
Content-Length: 8969
Connection: keep-alive
Last-Modified: Sat, 15 Mar 2014 08:17:30 GMT
Access-Control-Allow-Origin: *
X-Cache: MISS
X-Type: static
Accept-Ranges: bytes
Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 78 00 78 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 4b 00 a8 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fd d0 f8 99 f1 43 45 f8 47 e1 93 ab 6b 97 46 de d5 a4 58 21 48 e3 69 67 bb 99 b8 48 61 8d 41 69 24 63 d1 54 13 80 4f 00 12 38 9b 7f 14 fc 59 f1 ca 2d d6 97 e1 ef 0a f8 2f 4f 93 98 c7 88 a7 96 f2 fd 94 e3 6b 34 16 e5 63 88 e3 f8 0c ac 41 eb d0 8a ab f0 6f 47 5f 8c 5f 12 b5 8f 88 ba 87 ef ac f4 bb eb ad 13 c2 76 ed f3 43 67 04 0e 61 b9 bc 41 ff 00 3d 67 95 64 5d dc 11 1a 22 e4 82 73 ea 5e 25 f1 25 8f 83 f4 1b dd 57 54 bb b5 d3 f4 dd 36 de 4b ab bb cb a9 96 1b 7b 48 63 52 cf 24 92 31 0a 88 aa 0b 33 31 00 05 24 9a 00 e0 bf b2 fe 31 7f d0 c1 f0 bf ff 00 09 db ff 00 fe 4c a3 fb 2f e3 17 fd 0c 1f 0b ff 00 f0 9d bf ff 00 e4 ca f9 2a e7 fe 0e 82 fd 88 ad 7c 5b 26 92 df 18 25 7f 25 cc 6d 7b 1f 85 75 79 2c f7 0e 0e 24 5b 52 4a e7 8d e1 4a 9e b9 c7 35 f6 b6 ab f1 b3 c2 7a 37 c1 bb af 88 93 78 83 47 6f 02 5a e8 8f e2 46 d7 e0 b9 59 b4 f9 34 c5 80 dc 9b c4 95 32 af 0f 90 3c c0 c9 90 57 91 91 cd 00 73 df d9 7f 18 bf e8 60 f8 5f ff 00 84 ed ff 00 ff 00 26 51 fd 97 f1 8b fe 86 0f 85 ff 00 f8 4e df ff 00 f2 65 79 97 ec 5d ff 00 05 82 fd 9c ff 00 e0 a1 df 10 f5 3f 09 fc 1d f8 8d 0f 8c 3c 45 a3 e9 c7 56 bb b1 fe c4 d4 b4 e9 23 b4 12 c7 13 4c 3e d7 6d 10 75 12 4b 1a 9d 84 90 5d 72 00 39 ac 9f da cf fe 0b 77 fb 2f 7e c3 3f 18 ee 3e 1f fc 53 f8 9d ff 00 08 bf 8b ad 2d 61 bd 96 c3 fe 11 ad 5e fb 6c 33 2e f8 9b cd b6 b5 92 23 b9 79 c0 62 47 43 83 40 1e c7 fd 97 f1 8b fe 86 0f 85 ff 00 f8 4e df ff 00 f2 65 1f d9 7f 18 bf e8 60 f8 5f ff 00 84 ed ff 00 ff 00 26 57 86 7c 0d ff 00 82 f3 7e c9 ff 00 b4 92 78 cd bc 15 f1 59 75 a5 f8 7b e1 7b cf 19 f8 80 9f 0c 6b 36 df d9 fa 4d a1 8d 6e 2e 7f 7d 66 9e 66 c3 34 63 cb 8f 74 87 77 ca a7 07 1c 2f fc 44 f5 fb 0c ff 00 d1 70 ff 00 cb 2f c4 3f fc 81
Data Ascii: JFIFxxCCK"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?CEGkFX!HigHaAi$cTO8Y-/Ok4cAoG__vCgaA=gd]"s^%%WT6K{HcR$131$1L/*|[&%%m{uy,$[RJJ5z7xGoZFY42<Ws`_&QNey]?<EV#L>muK]r9w/~?>S-a^l3.#ybGC@Ne`_&W|~xYu{{k6Mn.}ff4ctw/Dp/?
400
Nov 22, 2017 13:36:40.246697903 MEZ4919980192.168.1.1694.46.14.103GET /R-viewdoc/Re-viewdoc/ALogin.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.dinartedamaso.com
DNT: 1
Connection: Keep-Alive
409
Nov 22, 2017 13:36:40.492746115 MEZ804919994.46.14.103192.168.1.16HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:36:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 02 Oct 2014 08:10:50 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Data Raw: 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 55 dd 6f db 36 10 7f 76 80 fc 0f 07 f6 6d 98 2c 27 e9 b2 d6 91 04 14 5b f3 b4 02 7b d8 06 ec a9 a0 c9 b3 c4 95 22 35 92 b6 93 0e fd df 7b 47 49 89 83 38 40 3b 1b fe 20 ef f3 77 f7 bb 53 d5 a5 de 36 55 87 52 37 e7 67 55 32 c9 62 f3 41 3a d9 22 fc ed 77 01 7e f5 bd 34 0e 0a f8 cd b7 c6 55 e5 a8 41 aa d6 b8 4f 10 d0 d6 22 76 3e 24 b5 4b 60 94 77 02 ba 80 db 5a 74 29 0d eb b2 3c 1c 0e cb bd c1 83 f6 2a 7a 47 36 b8 54 be 2f b7 72 cf ca 4b fa 12 90 ee 07 ac 85 e9 29 66 79 57 64 27 1c a0 c7 24 81 dd 14 f8 ef ce ec 6b f1 8b 77 09 5d 2a 58 5f 80 1a 4f b5 48 78 97 4a 86 71 03 aa 93 21 62 aa ff fc e3 b6 78 93 9d c4 74 6f 71 8a 90 15 55 8c 2c 58 ca 5d f2 45 96 5e c0 7f e7 67 8b 8d 0f 1a 43 71 30 3a 75 6b b8 18 ee 6e f8 52 aa 4f 6d f0 3b a7 0b e5 ad 0f 6b 78 75 75 f5 f6 ed ed 2d 09 bf 9c 9f 49 32 9c ef d5 35 5e e0 35 dd 73 94 42 a3 f2 41 26 e3 dd 1a 9c 77 38 ea 2f 16 70 14 f7 32 c7 a5 bb a7 a1 57 63 e8 05 3c 33 b8 ca 06 d9 bf b4 a6 25 d7 8a 0a 80 61 74 5e 95 59 89 41 97 73 3b 37 5e df 43 be ae 45 d1 fb cf c5 2e 52 a0 88 16 55 5a 03 7b ba 11 b0 69 33 86 5a bc da e6 57 ae db 26 3c 7e 6f 7d e8 81 ba d1 79 5d 8b c1 c7 24 40 2a c6 56 0b e9 ed 72 e8 06 36 59 54 da ec 41 59 19 23 dd 3f 26 9d 65 e3 ab 92 13 39 de 65 32 2d a9 69 c7 52 d3 b7 20 2d 75 54 3c 77 73 49 bc 42 d3 76 24 7d fd 46 40 0c aa 16 7f 11 af 3e 6e 8d c5 58 72 1e ff 0c ad 80 5c c4 5a 5c 5c 91 41 d9 54 a5 6c 26 10 c6 0d c4 50 27 7b 2a c5 98 bd 80 bd b4 3b 3a 5a 4e 66 a6 61 67 b4 c6 91 80 63 75 e9 1f 0f 86 dc 10 8f 14 5a 3b 48 ad 8d 6b 29 0f 91 cf 71 90 2a 9f 57 62 ea 24 85 cf f6 89 cb df 54 29 d0 47 43 6e 59 2d 46 a7 27 10 8e 36 5b 62 35 4c fd a0 5e 6c 50 09 d8 4a 45 89 ed 31 68 9a cb 1f 41 06 23 ed 44 ee e0 5d db 70 1d e0 9d b5 f3 c0 aa c8 5c c8 a2 aa 64 87 f4 93 32 1f ca 9c cb c9 7c 1e 58 a0 57 fc 16 2f c2 5e bd 0c 7b 75 04 9b ff e4 40 cd 88 e9 24 08 88 e6 33 dd 5e 8a 66 c6 72 7e f6 9e f6 8d 5d bf 84 80 fd 1d b7 32 60 fb 91 49 cd a7 07 77 2b 71 34 f1 e2 09 fa ff 9d d6 ef d4 ae 03 e1 fc ae cc 86 c9 e8 81 6a cf 53 7c 50 39 9d 26 73 81 4a ed 38 9b 93 c3 f5 84 31 01 f5 0b 74 39 05 e9 87 5c 6a 90 4e c3 8c 8e b4 a9 dd 32 22 44 74 d1 24 b3 47 9e 9f f7 cc 11 c6 60 34 d0 bc 1a b7 a5 a7 02 cf d0 c9 62 cc 08 ca 69 00 ca cc a2 f1 66 92 9e 90 1d 8f e9 54 ad bc 25 20 79 60 86 cf 05 8b bb 4d 6f d2 bc a4 be e5 c3 6e 1f 57 cb bc 46 7e fe e9 f9 1a d1 fe e0 ac 97 fa e9 2e b9 a6 47 c9 e8 87 21 4c 5b a1 2a 69 dd 65 4c bc 1e b3 8c 0f 13 aa fc 54 fd 0a 5e 10 2e f5 5c 07 00 00 0d 0a 30 0d 0a 0d 0a
Data Ascii: 339Uo6vm,'[{"5{GI8@; wS6UR7gU2bA:"w~4UAO"v>$K`wZt)<*zG6T/rK)fyWd'$kw]*X_OHxJq!bxtoqU,X]E^gCq0:uknROm;kxuu-I25^5sBA&w8/p2Wc<3%at^YAs;7^CE.RUZ{i3ZW&<~o}y]$@*Vr6YTAY#?&e9e2-iR -uT<wsIBv$}F@>nXr\Z\\ATl&P'{*;:ZNfagcuZ;Hk)q*Wb$T)GCnY-F'6[b5L^lPJE1hA#D]p\d2|XW/^{u@$3^fr~]2`Iw+q4jS|P9&sJ81t9\jN2"Dt$G`4bifT% y`MonWF~.G!L[*ieLT^.\0
410

HTTPS Packets

TimestampSource PortDest PortSource IPDest IPSubjectIssuerNot BeforeNot AfterRaw
Nov 22, 2017 13:36:34.395953894 MEZ44349216179.60.192.36192.168.1.16CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=USCN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Dec 09 01:00:00 CET 2016Thu Jan 25 13:00:00 CET 2018[[ Version: V3 Subject: CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun EC public key, 256 bits public x coord: 72796836896024250540670287871159592541946330786250779466423542213376197337834 public y coord: 73986592417019630365603572314878953642162012803095695018690968405918923912915 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Dec 09 01:00:00 CET 2016, To: Thu Jan 25 13:00:00 CET 2018] Issuer: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US SerialNumber: [ 0c0099b7 d789c9f6 6626317e bcea7c1c]Certificate Extensions: 10[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 82 02 A0 04 82 02 9C 02 9A 00 76 00 A4 B9 09 ...........v....0010: 90 B4 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 ...X......gp.<5.0020: 04 F9 1B DF B8 E3 77 CD 0E C8 0D DC 10 00 00 01 ......w.........0030: 58 E5 D3 62 04 00 00 04 03 00 47 30 45 02 21 00 X..b......G0E.!.0040: EF 58 5B 14 7A A5 84 FF 1C 08 61 C5 CF BD B6 F9 .X[.z.....a.....0050: 13 1C DF 1C 16 53 37 07 E7 51 FE 11 3C EF E5 06 .....S7..Q..<...0060: 02 20 74 E1 A6 AF 48 FB FA EF 3F 4B EE ED 7C 5C . t...H...?K...\0070: 3B D5 91 23 AA 9C 09 10 B9 7F B0 41 6E 41 D3 E7 ;..#.......AnA..0080: A7 04 01 2F 00 AC 3B 9A ED 7F A9 67 47 57 15 9E .../..;....gGW..0090: 6D 7D 57 56 72 F9 D9 81 00 94 1E 9B DE FF EC A1 m.WVr...........00A0: 31 3B 75 78 2D 00 00 01 58 E5 D3 62 28 00 00 04 1;ux-...X..b(...00B0: 01 01 00 62 F9 CC 57 E0 5F 3F 75 AB 93 8C 85 40 ...b..W._?u....@00C0: 4F D9 C7 95 AC 8D 26 9B 60 EA 4B 8F 54 E3 E7 11 O.....&.`.K.T...00D0: 5A A1 5A 07 74 6A 8B 09 FF C7 8B E5 6F D0 84 72 Z.Z.tj......o..r00E0: 78 F2 85 04 24 96 D3 ED DE 03 9F 3D F9 69 C2 0C x...$......=.i..00F0: CC 1C 26 50 58 79 95 7C 32 5B C7 15 98 37 6B AE ..&PXy..2[...7k.0100: 94 87 1F CE 02 FA 1E B5 BD 26 0A D5 29 9E 62 04 .........&..).b.0110: 53 02 D7 FD E3 0D 12 F8 E0 DA A4 C7 DF FD F7 CA S...............0120: C0 A8 DA 5D B9 FB F1 1C 47 CB A9 17 ED 8A 21 C9 ...]....G.....!.0130: A7 93 95 B0 68 9C DF AB B7 05 3D 07 38 0A F7 33 ....h.....=.8..30140: 99 31 DA B0 98 BF 8E 65 5A 21 A2 7D 1C 2E 74 83 .1.....eZ!....t.0150: 77 71 E7 CE 13 41 7D BA 94 32 DD 74 5F CB 8B 8B wq...A...2.t_...0160: 84 6C 9E D3 4A 8A 67 4F 38 D0 75 60 6D 59 B3 05 .l..J.gO8.u`mY..0170: 87 76 DC 7E 11 42 29 AA 8A DA 42 09 57 76 E0 BA .v...B)...B.Wv..0180: 9E 47 89 B1 27 67 62 CF 9B A9 5E 91 8D 3B D9 91 .G..'gb...^..;..0190: 42 18 CE 10 61 CE 2E 92 AC E8 BB 62 56 09 19 86 B...a......bV...01A0: A3 47 4C 1C 98 67 BD 05 E9 9C 84 06 C0 04 EA 08 .GL..g..........01B0: 3E 10 D4 00 76 00 56 14 06 9A 2F D7 C2 EC D3 F5 >...v.V.../.....01C0: E1 BD 44 B2 3E C7 46 76 B9 BC 99 11 5C C0 EF 94 ..D.>.Fv....\...01D0: 98 55 D6 89 D0 DD 00 00 01 58 E5 D3 62 B9 00 00 .U.......X..b...01E0: 04 03 00 47 30 45 02 20 1A 15 D7 6F 05 0E E5 B0 ...G0E. ...o....01F0: F8 4E CF D0 D2 0A 99 C1 44 B6 BE 5F C0 E0 77 A6 .N......D.._..w.0200: 93 BA 2F C6 5F 36 BF DA 02 21 00 9B B6 47 E5 0D ../._6...!...G..0210: 76 DC BA 76 38 30 04 02 6C A9 67 7A C3 C6 73 F9 v..v80..l.gz..s.0220: DF B4 0F 38 C4 38 49 A7 11 47 59 00 77 00 EE 4B ...8.8I..GY.w..K0230: BD B7 75 CE 60 BA E1 42 69 1F AB E1 9E 66 A3 0F ..u.`..Bi....f..0240: 7E 5F B0 72 D8 83 00 C4 7B 89 7A A8 FD CB 00 00 ._.r......z.....0250: 01 58 E5 D3 64 11 00 00 04 03 00 48 30 46 02 21 .X..d......H0F.!0260: 00 AB 9B 9E 04 28 6B 92 1A 93 C7 82 3A B7 DF 1F .....(k.....:...0270: B5 F1 DC 03 F5 34 C6 F9 A4 5C 37 E6 7B 76 55 27 .....4...\7..vU'0280: 91 02 21 00 E3 B2 AA D5 44 1C 0D 72 04 B1 5F 96 ..!.....D..r.._.0290: 9E E3 DD F4 B3 39 92 97 5E BB 4F 93 88 72 AD 4C .....9..^.O..r.L02A0: B4 50 AF 4B .P.K[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com, accessMethod: caIssuers accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..0010: B8 59 72 3B .Yr;]][4]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl3.digicert.com/sha2-ha-server-g5.crl], DistributionPoint: [URIName: http://crl4.digicert.com/sha2-ha-server-g5.crl]]][6]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114412.1.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][7]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature][9]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.facebook.com DNSName: *.facebook.net DNSName: *.fb.com DNSName: *.fbcdn.net DNSName: *.fbsbx.com DNSName: *.m.facebook.com DNSName: *.messenger.com DNSName: *.xx.fbcdn.net DNSName: *.xy.fbcdn.net DNSName: *.xz.fbcdn.net DNSName: facebook.com DNSName: fb.com DNSName: messenger.com][10]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: CB 98 28 8C A1 72 E7 E2 32 A9 9A 3D F2 0D A1 81 ..(..r..2..=....0010: 56 A1 1A 8B V...]]] Algorithm: [SHA256withRSA] Signature:0000: 3A CD 4A CA 28 9D B8 F5 60 68 F0 CB DB 7D C0 FF :.J.(...`h......0010: 7E 91 90 70 AC D3 0E DA 7E 4D E5 F4 0D 84 66 B0 ...p.....M....f.0020: 90 40 17 FA 55 E5 CE 09 B7 4E A6 25 4C D8 BA B0 .@..U....N.%L...0030: 21 5B 3C 10 04 AE 29 B7 68 C5 65 5A E3 A5 72 D8 ![<...).h.eZ..r.0040: 27 8E D0 1D 99 D5 99 E2 A1 0E 36 B0 4B 1C F1 A0 '.........6.K...0050: BA 40 C9 DD 47 A7 FC 40 BF 83 02 BA 29 D0 42 6F .@..G..@....).Bo0060: 84 ED A7 A3 0C 3D 8D 5C 85 BF DC 89 32 E2 DD 05 .....=.\....2...0070: 14 53 88 78 38 95 AA 52 3B DC 70 10 83 B3 F2 F2 .S.x8..R;.p.....0080: 74 D8 CA 59 96 53 C4 B2 66 C5 14 A6 7E 9C 82 53 t..Y.S..f......S0090: 7B 94 D9 71 C7 30 D9 68 F1 44 C8 96 A6 6C 3A D7 ...q.0.h.D...l:.00A0: 6A 86 0E FF 43 F7 2F 30 31 C3 91 C2 3F B6 A7 A5 j...C./01...?...00B0: 9A 0D 0C 0F 61 FD 2A 97 26 02 F5 64 C2 08 E7 F8 ....a.*.&..d....00C0: 15 69 BF 91 C4 2E 5F B4 10 FD 14 85 89 27 23 50 .i...._......'#P00D0: 7A 2C 17 9C 26 E8 FB 8C 8D BA 79 76 5D 5F 7E 42 z,..&.....yv]_.B00E0: 62 4A 48 FD 26 40 F4 A2 BE 39 82 87 87 AB C2 C4 bJH.&@...9......00F0: AA A7 45 9F 59 41 43 A3 5E 72 16 29 07 95 E4 78 ..E.YAC.^r.)...x]
Nov 22, 2017 13:36:34.395953894 MEZ44349216179.60.192.36192.168.1.16CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028[[ Version: V3 Subject: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 public exponent: 65537 Validity: [From: Tue Oct 22 14:00:00 CEST 2013, To: Sun Oct 22 14:00:00 CEST 2028] Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US SerialNumber: [ 04e1e7a4 dc5cf2f3 6dc02b42 b85d159f]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....0010: 63 64 2B C3 cd+.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..0010: B8 59 72 3B .Yr;]]] Algorithm: [SHA256withRSA] Signature:0000: 18 8A 95 89 03 E6 6D DF 5C FC 1D 68 EA 4A 8F 83 ......m.\..h.J..0010: D6 51 2F 8D 6B 44 16 9E AC 63 F5 D2 6E 6C 84 99 .Q/.kD...c..nl..0020: 8B AA 81 71 84 5B ED 34 4E B0 B7 79 92 29 CC 2D ...q.[.4N..y.).-0030: 80 6A F0 8E 20 E1 79 A4 FE 03 47 13 EA F5 86 CA .j.. .y...G.....0040: 59 71 7D F4 04 96 6B D3 59 58 3D FE D3 31 25 5C Yq....k.YX=..1%\0050: 18 38 84 A3 E6 9F 82 FD 8C 5B 98 31 4E CD 78 9E .8.......[.1N.x.0060: 1A FD 85 CB 49 AA F2 27 8B 99 72 FC 3E AA D5 41 ....I..'..r.>..A0070: 0B DA D5 36 A1 BF 1C 6E 47 49 7F 5E D9 48 7C 03 ...6...nGI.^.H..0080: D9 FD 8B 49 A0 98 26 42 40 EB D6 92 11 A4 64 0A ...I..&B@.....d.0090: 57 54 C4 F5 1D D6 02 5E 6B AC EE C4 80 9A 12 72 WT.....^k......r00A0: FA 56 93 D7 FF BF 30 85 06 30 BF 0B 7F 4E FF 57 .V....0..0...N.W00B0: 05 9D 24 ED 85 C3 2B FB A6 75 A8 AC 2D 16 EF 7D ..$...+..u..-...00C0: 79 27 B2 EB C2 9D 0B 07 EA AA 85 D3 01 A3 20 28 y'............ (00D0: 41 59 43 28 D2 81 E3 AA F6 EC 7B 3B 77 B6 40 62 AYC(.......;w.@b00E0: 80 05 41 45 01 EF 17 06 3E DE C0 33 9B 67 D3 61 ..AE....>..3.g.a00F0: 2E 72 87 E4 69 FC 12 00 57 40 1E 70 F5 1E C9 B4 .r..i...W@.p....]
Nov 22, 2017 13:36:34.534703970 MEZ44349217179.60.192.36192.168.1.16CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=USCN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Dec 09 01:00:00 CET 2016Thu Jan 25 13:00:00 CET 2018[[ Version: V3 Subject: CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun EC public key, 256 bits public x coord: 72796836896024250540670287871159592541946330786250779466423542213376197337834 public y coord: 73986592417019630365603572314878953642162012803095695018690968405918923912915 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Fri Dec 09 01:00:00 CET 2016, To: Thu Jan 25 13:00:00 CET 2018] Issuer: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US SerialNumber: [ 0c0099b7 d789c9f6 6626317e bcea7c1c]Certificate Extensions: 10[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 82 02 A0 04 82 02 9C 02 9A 00 76 00 A4 B9 09 ...........v....0010: 90 B4 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 ...X......gp.<5.0020: 04 F9 1B DF B8 E3 77 CD 0E C8 0D DC 10 00 00 01 ......w.........0030: 58 E5 D3 62 04 00 00 04 03 00 47 30 45 02 21 00 X..b......G0E.!.0040: EF 58 5B 14 7A A5 84 FF 1C 08 61 C5 CF BD B6 F9 .X[.z.....a.....0050: 13 1C DF 1C 16 53 37 07 E7 51 FE 11 3C EF E5 06 .....S7..Q..<...0060: 02 20 74 E1 A6 AF 48 FB FA EF 3F 4B EE ED 7C 5C . t...H...?K...\0070: 3B D5 91 23 AA 9C 09 10 B9 7F B0 41 6E 41 D3 E7 ;..#.......AnA..0080: A7 04 01 2F 00 AC 3B 9A ED 7F A9 67 47 57 15 9E .../..;....gGW..0090: 6D 7D 57 56 72 F9 D9 81 00 94 1E 9B DE FF EC A1 m.WVr...........00A0: 31 3B 75 78 2D 00 00 01 58 E5 D3 62 28 00 00 04 1;ux-...X..b(...00B0: 01 01 00 62 F9 CC 57 E0 5F 3F 75 AB 93 8C 85 40 ...b..W._?u....@00C0: 4F D9 C7 95 AC 8D 26 9B 60 EA 4B 8F 54 E3 E7 11 O.....&.`.K.T...00D0: 5A A1 5A 07 74 6A 8B 09 FF C7 8B E5 6F D0 84 72 Z.Z.tj......o..r00E0: 78 F2 85 04 24 96 D3 ED DE 03 9F 3D F9 69 C2 0C x...$......=.i..00F0: CC 1C 26 50 58 79 95 7C 32 5B C7 15 98 37 6B AE ..&PXy..2[...7k.0100: 94 87 1F CE 02 FA 1E B5 BD 26 0A D5 29 9E 62 04 .........&..).b.0110: 53 02 D7 FD E3 0D 12 F8 E0 DA A4 C7 DF FD F7 CA S...............0120: C0 A8 DA 5D B9 FB F1 1C 47 CB A9 17 ED 8A 21 C9 ...]....G.....!.0130: A7 93 95 B0 68 9C DF AB B7 05 3D 07 38 0A F7 33 ....h.....=.8..30140: 99 31 DA B0 98 BF 8E 65 5A 21 A2 7D 1C 2E 74 83 .1.....eZ!....t.0150: 77 71 E7 CE 13 41 7D BA 94 32 DD 74 5F CB 8B 8B wq...A...2.t_...0160: 84 6C 9E D3 4A 8A 67 4F 38 D0 75 60 6D 59 B3 05 .l..J.gO8.u`mY..0170: 87 76 DC 7E 11 42 29 AA 8A DA 42 09 57 76 E0 BA .v...B)...B.Wv..0180: 9E 47 89 B1 27 67 62 CF 9B A9 5E 91 8D 3B D9 91 .G..'gb...^..;..0190: 42 18 CE 10 61 CE 2E 92 AC E8 BB 62 56 09 19 86 B...a......bV...01A0: A3 47 4C 1C 98 67 BD 05 E9 9C 84 06 C0 04 EA 08 .GL..g..........01B0: 3E 10 D4 00 76 00 56 14 06 9A 2F D7 C2 EC D3 F5 >...v.V.../.....01C0: E1 BD 44 B2 3E C7 46 76 B9 BC 99 11 5C C0 EF 94 ..D.>.Fv....\...01D0: 98 55 D6 89 D0 DD 00 00 01 58 E5 D3 62 B9 00 00 .U.......X..b...01E0: 04 03 00 47 30 45 02 20 1A 15 D7 6F 05 0E E5 B0 ...G0E. ...o....01F0: F8 4E CF D0 D2 0A 99 C1 44 B6 BE 5F C0 E0 77 A6 .N......D.._..w.0200: 93 BA 2F C6 5F 36 BF DA 02 21 00 9B B6 47 E5 0D ../._6...!...G..0210: 76 DC BA 76 38 30 04 02 6C A9 67 7A C3 C6 73 F9 v..v80..l.gz..s.0220: DF B4 0F 38 C4 38 49 A7 11 47 59 00 77 00 EE 4B ...8.8I..GY.w..K0230: BD B7 75 CE 60 BA E1 42 69 1F AB E1 9E 66 A3 0F ..u.`..Bi....f..0240: 7E 5F B0 72 D8 83 00 C4 7B 89 7A A8 FD CB 00 00 ._.r......z.....0250: 01 58 E5 D3 64 11 00 00 04 03 00 48 30 46 02 21 .X..d......H0F.!0260: 00 AB 9B 9E 04 28 6B 92 1A 93 C7 82 3A B7 DF 1F .....(k.....:...0270: B5 F1 DC 03 F5 34 C6 F9 A4 5C 37 E6 7B 76 55 27 .....4...\7..vU'0280: 91 02 21 00 E3 B2 AA D5 44 1C 0D 72 04 B1 5F 96 ..!.....D..r.._.0290: 9E E3 DD F4 B3 39 92 97 5E BB 4F 93 88 72 AD 4C .....9..^.O..r.L02A0: B4 50 AF 4B .P.K[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com, accessMethod: caIssuers accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..0010: B8 59 72 3B .Yr;]][4]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl3.digicert.com/sha2-ha-server-g5.crl], DistributionPoint: [URIName: http://crl4.digicert.com/sha2-ha-server-g5.crl]]][6]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114412.1.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][7]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature][9]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.facebook.com DNSName: *.facebook.net DNSName: *.fb.com DNSName: *.fbcdn.net DNSName: *.fbsbx.com DNSName: *.m.facebook.com DNSName: *.messenger.com DNSName: *.xx.fbcdn.net DNSName: *.xy.fbcdn.net DNSName: *.xz.fbcdn.net DNSName: facebook.com DNSName: fb.com DNSName: messenger.com][10]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: CB 98 28 8C A1 72 E7 E2 32 A9 9A 3D F2 0D A1 81 ..(..r..2..=....0010: 56 A1 1A 8B V...]]] Algorithm: [SHA256withRSA] Signature:0000: 3A CD 4A CA 28 9D B8 F5 60 68 F0 CB DB 7D C0 FF :.J.(...`h......0010: 7E 91 90 70 AC D3 0E DA 7E 4D E5 F4 0D 84 66 B0 ...p.....M....f.0020: 90 40 17 FA 55 E5 CE 09 B7 4E A6 25 4C D8 BA B0 .@..U....N.%L...0030: 21 5B 3C 10 04 AE 29 B7 68 C5 65 5A E3 A5 72 D8 ![<...).h.eZ..r.0040: 27 8E D0 1D 99 D5 99 E2 A1 0E 36 B0 4B 1C F1 A0 '.........6.K...0050: BA 40 C9 DD 47 A7 FC 40 BF 83 02 BA 29 D0 42 6F .@..G..@....).Bo0060: 84 ED A7 A3 0C 3D 8D 5C 85 BF DC 89 32 E2 DD 05 .....=.\....2...0070: 14 53 88 78 38 95 AA 52 3B DC 70 10 83 B3 F2 F2 .S.x8..R;.p.....0080: 74 D8 CA 59 96 53 C4 B2 66 C5 14 A6 7E 9C 82 53 t..Y.S..f......S0090: 7B 94 D9 71 C7 30 D9 68 F1 44 C8 96 A6 6C 3A D7 ...q.0.h.D...l:.00A0: 6A 86 0E FF 43 F7 2F 30 31 C3 91 C2 3F B6 A7 A5 j...C./01...?...00B0: 9A 0D 0C 0F 61 FD 2A 97 26 02 F5 64 C2 08 E7 F8 ....a.*.&..d....00C0: 15 69 BF 91 C4 2E 5F B4 10 FD 14 85 89 27 23 50 .i...._......'#P00D0: 7A 2C 17 9C 26 E8 FB 8C 8D BA 79 76 5D 5F 7E 42 z,..&.....yv]_.B00E0: 62 4A 48 FD 26 40 F4 A2 BE 39 82 87 87 AB C2 C4 bJH.&@...9......00F0: AA A7 45 9F 59 41 43 A3 5E 72 16 29 07 95 E4 78 ..E.YAC.^r.)...x]
Nov 22, 2017 13:36:34.534703970 MEZ44349217179.60.192.36192.168.1.16CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028[[ Version: V3 Subject: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 public exponent: 65537 Validity: [From: Tue Oct 22 14:00:00 CEST 2013, To: Sun Oct 22 14:00:00 CEST 2028] Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US SerialNumber: [ 04e1e7a4 dc5cf2f3 6dc02b42 b85d159f]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....0010: 63 64 2B C3 cd+.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..0010: B8 59 72 3B .Yr;]]] Algorithm: [SHA256withRSA] Signature:0000: 18 8A 95 89 03 E6 6D DF 5C FC 1D 68 EA 4A 8F 83 ......m.\..h.J..0010: D6 51 2F 8D 6B 44 16 9E AC 63 F5 D2 6E 6C 84 99 .Q/.kD...c..nl..0020: 8B AA 81 71 84 5B ED 34 4E B0 B7 79 92 29 CC 2D ...q.[.4N..y.).-0030: 80 6A F0 8E 20 E1 79 A4 FE 03 47 13 EA F5 86 CA .j.. .y...G.....0040: 59 71 7D F4 04 96 6B D3 59 58 3D FE D3 31 25 5C Yq....k.YX=..1%\0050: 18 38 84 A3 E6 9F 82 FD 8C 5B 98 31 4E CD 78 9E .8.......[.1N.x.0060: 1A FD 85 CB 49 AA F2 27 8B 99 72 FC 3E AA D5 41 ....I..'..r.>..A0070: 0B DA D5 36 A1 BF 1C 6E 47 49 7F 5E D9 48 7C 03 ...6...nGI.^.H..0080: D9 FD 8B 49 A0 98 26 42 40 EB D6 92 11 A4 64 0A ...I..&B@.....d.0090: 57 54 C4 F5 1D D6 02 5E 6B AC EE C4 80 9A 12 72 WT.....^k......r00A0: FA 56 93 D7 FF BF 30 85 06 30 BF 0B 7F 4E FF 57 .V....0..0...N.W00B0: 05 9D 24 ED 85 C3 2B FB A6 75 A8 AC 2D 16 EF 7D ..$...+..u..-...00C0: 79 27 B2 EB C2 9D 0B 07 EA AA 85 D3 01 A3 20 28 y'............ (00D0: 41 59 43 28 D2 81 E3 AA F6 EC 7B 3B 77 B6 40 62 AYC(.......;w.@b00E0: 80 05 41 45 01 EF 17 06 3E DE C0 33 9B 67 D3 61 ..AE....>..3.g.a00F0: 2E 72 87 E4 69 FC 12 00 57 40 1E 70 F5 1E C9 B4 .r..i...W@.p....]

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Start time:13:36:14
Start date:22/11/2017
Path:C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):false
Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:0x75d90000
File size:815312 bytes
MD5 hash:EE79D654A04333F566DF07EBDE217928
Programmed in:C, C++ or other language
Reputation:low

General

Start time:13:36:14
Start date:22/11/2017
Path:C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):false
Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3316 CREDAT:275457 /prefetch:2
Imagebase:0x77390000
File size:815312 bytes
MD5 hash:EE79D654A04333F566DF07EBDE217928
Programmed in:C, C++ or other language
Reputation:low

Disassembly

Code Analysis

Reset < >