https://simdakan.kuningankab.go.id/Shop/Checkout
This report is generated from a file or URL submitted to this webservice on June 15th 2022 10:30:53 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v9.2.1 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 2 domains and 13 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 4
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least three reputation engines
- details
-
3/95 reputation engines marked "https://simdakan.kuningankab.go.id" as malicious (3% detection rate)
3/95 reputation engines marked "http://simdakan.kuningankab.go.id" as malicious (3% detection rate) - source
- External System
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least three reputation engines
-
Network Related
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "157.240.18.19": ...
URL: https://static.xx.fbcdn.net/rsrc.php/v3iBj94/l/en_GB/1D9PDdCiQ-Ot6pMwDkhvO5_7ccVOpS18P4KvOysVKPXhXF6sWuJ3qzk.js (AV positives: 1/95 scanned on 06/15/2022 06:37:38)
URL: https://static.xx.fbcdn.net/rsrc.php/v3iCCE4/l/ml_IN/kcMNY5htPyh5gE1cVbv2Dq7UX3uQV-fq3MbEonYDNr1q17JGuN5a3KlKCmEx-7av-JyaopTz3TwxY.js (AV positives: 1/95 scanned on 06/14/2022 06:37:13)
URL: http://lookaside.fbsbx.com/file/file43620.mp4.bz?* (AV positives: 1/95 scanned on 06/13/2022 05:45:16)
URL: http://lookaside.fbsbx.com/file/video_99164.bz?* (AV positives: 1/95 scanned on 06/12/2022 16:53:26)
URL: https://static.xx.fbcdn.net/rsrc.php/v3iCce4/l/en_GB/n8AALmBzTnwjHV5nBX8o92jrwLW7Xti_-U8in6whbgjl7-4XaqbABReZV7JEwdXDc1HhC343nQBHL8WbCfhmAFNCO2ojiZIrn5mJu_lOAX-R0y.js (AV positives: 1/95 scanned on 06/12/2022 06:36:51)
File SHA256: 65b5cf89ee722e82e68f12c3ee8326caff75b22b4a68376f8cf1b768a2dafa54 (AV positives: 44/74 scanned on 04/03/2022 15:38:38)
File SHA256: 92f559f983d88b499b5c6a9a1b219c3c5f0aac9a85d2fd5d28f8befd3b4cfe34 (AV positives: 1/72 scanned on 03/20/2022 17:59:52)
File SHA256: 87587d89ca8bdfa93be85ee2fd3141622af8aee89ff63333fb45053b041798ce (AV positives: 41/75 scanned on 02/28/2022 18:55:32)
File SHA256: 017e9923f2a49a067b73223077303a28991d2a291beee814237a08a2f6421b09 (AV positives: 1/73 scanned on 02/15/2022 18:35:10)
File SHA256: f40306c46cb67ab751339d0a0ad4846e4191537401b0ea506627fd63cfc7362d (AV positives: 1/71 scanned on 11/24/2021 04:36:23)
File SHA256: f1c700535f1a95baede90bb608b23086f88c85d5c0635c78a3d7ddab59ef195c (Date: 03/30/2020 16:56:34)
File SHA256: 965560dd2a97db041ede506160f8bce5966d1c5f31ee297993d57f974a89c03c (Date: 03/30/2020 15:25:12)
File SHA256: 5e4f14e16e95779134b8a9293d1540b36c21490e087229f5438aac13e559fc8c (Date: 03/30/2020 15:22:23)
File SHA256: b4f30faef23326b433727176be0ea817c9d3138a53979662153b368184b3e7e4 (Date: 03/30/2020 15:19:56)
File SHA256: 795b8a23c4c3b6130b6a81759011eeae6be52e2743186f5efe7e8c1d85d5b23a (Date: 03/30/2020 15:19:52) - source
- Network Traffic
- relevance
- 10/10
-
Sends traffic on typical HTTP outbound port, but without HTTP header
- details
-
TCP traffic to 103.155.29.18 on port 443 is sent without HTTP header
TCP traffic to 142.251.32.42 on port 443 is sent without HTTP header
TCP traffic to 23.33.85.216 on port 443 is sent without HTTP header
TCP traffic to 172.217.6.46 on port 443 is sent without HTTP header
TCP traffic to 173.222.169.165 on port 443 is sent without HTTP header
TCP traffic to 142.251.46.200 on port 443 is sent without HTTP header
TCP traffic to 146.75.92.157 on port 443 is sent without HTTP header
TCP traffic to 157.240.18.19 on port 443 is sent without HTTP header
TCP traffic to 104.16.148.64 on port 443 is sent without HTTP header
TCP traffic to 104.244.42.67 on port 443 is sent without HTTP header
TCP traffic to 142.251.46.170 on port 443 is sent without HTTP header
TCP traffic to 142.251.46.227 on port 80 is sent without HTTP header
TCP traffic to 142.251.46.227 on port 443 is sent without HTTP header - source
- Network Traffic
- relevance
- 5/10
-
Malicious artifacts seen in the context of a contacted host
-
Spyware/Information Retrieval
-
Found an instant messenger related domain
- details
-
"HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
Pragma: public
Cache-Control: public, max-age=1200
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
X-FB-Debug: sObMb1J5+wQZ4L+vpIMAk0MAuybgllTN4m8NRfPMToXOHZq4a6BM3aWYAwsh1TwvR4N0DWilZ3loLMsHO0/jdQ==
Priority: u=3,i
X-FB-TRIP-ID: 1781455057
Date: Wed, 15 Jun 2022 10:33:41 GMT
Alt-Svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
Connection: keep-alive
Content-Length: 4671" (Indicator: "whatsapp.com"; File: "SSL") - source
- File/Memory
- relevance
- 10/10
-
Found an instant messenger related domain
-
Informative 11
-
Environment Awareness
-
Tries to identify Internet Explorer version from registry
- details
-
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES"; Key: "VERSION"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER"; Key: "HASHFILEVERSIONHIGHPART"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLBLOCKMANAGER"; Key: "HASHFILEVERSIONLOWPART"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER"; Key: "DOWNLOADVERSIONLIST"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER"; Key: "VERSIONLISTSERVERPATH"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\VERSIONMANAGER"; Key: "VERSIONLISTSERVERHOSTNAME"; Value: "")
"iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSION COMPATIBILITY\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"; Key: "VERSION"; Value: "")
"iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSION COMPATIBILITY\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"; Key: "VERSION"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN"; Key: "SEARCHBANDMIGRATIONVERSION"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "CVLISTXMLVERSIONHIGH"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "IECOMPATVERSIONHIGH"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "IECOMPATVERSIONLOW"; Value: "")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\BROWSEREMULATION"; Key: "CVLISTXMLVERSIONLOW"; Value: "") - source
- Registry Access
- relevance
- 3/10
-
Tries to identify Internet Explorer version from registry
-
General
-
Contacts domains
- details
-
"ocsp.pki.goog"
"simdakan.kuningankab.go.id" - source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"103.155.29.18:443"
"142.251.32.42:443"
"23.33.85.216:443"
"172.217.6.46:443"
"173.222.169.165:443"
"142.251.46.200:443"
"146.75.92.157:443"
"157.240.18.19:443"
"104.16.148.64:443"
"104.244.42.67:443"
"142.251.46.170:443"
"142.251.46.227:80"
"142.251.46.227:443" - source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_c5c_IESQMMUTEX_0_519"
"Local\InternetShortcutMutex"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"IsoScope_c5c_IESQMMUTEX_0_519"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"IsoScope_c5c_IESQMMUTEX_0_303"
"UpdatingNewTabPageData"
"IsoScope_c5c_IESQMMUTEX_0_331"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3164"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"Local\VERMGMTBlockListFileMutex"
"IsoScope_c5c_IE_EarlyTabStart_0xb44_Mutex"
"IsoScope_c5c_ConnHashTable<3164>_HashTable_Mutex"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"Local\ZonesLockedCacheCounterMutex"
"Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData"
"\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
-
Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
Antivirus vendors marked dropped file "poweredBy_ot_logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")
Antivirus vendors marked dropped file "Tar1B2C.tmp" as clean (type is "data") - source
- Binary File
- relevance
- 10/10
-
Found API related strings
- details
-
"GET /en_US/fbevents.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://simdakan.kuningankab.go.id/Shop/Checkout
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
DNT: 1
Connection: Keep-Alive" (Indicator: "connect") in Source: SSL_157.240.18.19
"GET /signals/plugins/identity.js?v=2.9.33 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://simdakan.kuningankab.go.id/Shop/Checkout
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
DNT: 1
Connection: Keep-Alive" (Indicator: "connect") in Source: SSL_157.240.18.19
"GET /signals/config/515866848571601?v=2.9.33&r=stable HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://simdakan.kuningankab.go.id/Shop/Checkout
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
DNT: 1
Connection: Keep-Alive" (Indicator: "connect") in Source: SSL_157.240.18.19
"HTTP/1.1 200 OK
date: Wed, 15 Jun 2022 10:33:40 GMT
server: tsa_a
set-cookie: personalization_id="v1_J3jGlOsm2QWNUI29clBFFw=="; Max-Age=63072000; Expires=Fri, 14 Jun 2024 10:33:40 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: text/html;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 0
x-xss-protection: 0
strict-transport-security: max-age=631138519
access-control-allow-credentials: true
x-response-time: 6
x-connection-hash: 203a05e518e84fb7aaa2953635d703cca391b95004f86f82fd2fead0d47644fa" (Indicator: "connect") in Source: SSL_104.244.42.67 - source
- File/Memory
- relevance
- 1/10
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA]- [targetUID: 00000000-00003528]
"6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003528]
"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003528]
"Cab1B2B.tmp" has type "Microsoft Cabinet archive data 61476 bytes 1 file"- Location: [%TEMP%\Cab1B2B.tmp]- [targetUID: 00000000-00003528]
"CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003528]
"80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868]- [targetUID: 00000000-00003164]
"TBURMOS5.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\TBURMOS5.txt]- [targetUID: 00000000-00003528]
"E87CE99F124623F95572A696C80EFCAF_6E04BD1DD1C5CE96B614515A0C0ED7B8" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6E04BD1DD1C5CE96B614515A0C0ED7B8]- [targetUID: 00000000-00003528]
"E573CDF4C6D731D56A665145182FD759_74EE87A62D1D132DC78B134CD21FDAC5" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_74EE87A62D1D132DC78B134CD21FDAC5]- [targetUID: 00000000-00003528]
"~DF13BE15E2B6C967E5.TMP" has type "data"- Location: [%TEMP%\~DF13BE15E2B6C967E5.TMP]- [targetUID: 00000000-00003164]
"347JUWUO.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\Microsoft\Windows\Cookies\347JUWUO.txt]- [targetUID: 00000000-00003528]
"35DDEDF268117918D1D277A171D8DF7B_15435EFA5EA0B92ADBF927E2CD4E154B" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_15435EFA5EA0B92ADBF927E2CD4E154B]- [targetUID: 00000000-00003528]
"69B5E9A1CA834DA32C0A425757544385_1C81A6E32FB64BC2C6F2E324E4CB26DE" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\69B5E9A1CA834DA32C0A425757544385_1C81A6E32FB64BC2C6F2E324E4CB26DE]- [targetUID: 00000000-00003528]
"7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003528]
"JQ9D9E27.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\Microsoft\Windows\Cookies\JQ9D9E27.txt]- [targetUID: 00000000-00003528]
"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003528]
"B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04" has type "data"- Location: [%LOCALAPPDATA%\ow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04]- [targetUID: 00000000-00003528]
"~DFA4C3A7927C371660.TMP" has type "data"- Location: [%TEMP%\~DFA4C3A7927C371660.TMP]- [targetUID: 00000000-00003164] - source
- Binary File
- relevance
- 3/10
-
Dropped files
-
Network Related
-
Found decrypted SSL traffic
- details
-
"GET /Shop/Checkout HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: simdakan.kuningankab.go.id
DNT: 1
Connection: Keep-Alive"- [Source: SSL_103.155.29.18]
"{}mMNO~ vJ
}(l
}_{{MN)2]oqwQ
"',sp1J^z{nZmulZ$v]zP}<g>`7fbG3|7;d#ve|rC[7^'Y{c\q};1m==Cc7tH8/%pCZ$u^>w[Mn*6xCutd+vO0o.>_}`*CcmUZYI
6p$
MBuH:eVj90x9*w:i\'T<|\Ew1z
]xlIQCAu*G08w>2}sTe%h/]Q|nl9
v|6tV;gV41^y>:mk[;9~)
h^vX:2u>;gVGvQXrQeT&[1[r5aSur;7ta}j*>qaMprsd:M&]7=VX;
F(^HitD]ivx 1W|tE-=r;5!$y~gs|3atvX!nRdn~c\w=Hs*RVoEDp:_eG:>?1{R<_CJLi]/H-^u6|Tk .jb>'mVtc]64?j=R+&[M9\gcM{ybj$o]MgoOV;gcvtNOoOWol^#Rv:qk
O:#"- [Source: SSL_103.155.29.18]
, "2000
!w#'r{>nuM<rYv
/#.<S]29v3^OFbl>jn`:?v~WALkyeq6kaJ<kG9/{NQwDp}.yi~Y_$9qN=VHwcP%,e>:1oP(+kNfpF/*-~\7fvN`A(gMPr]Y3%}>K|wL/'fvw9F
Lpv1v;Y\M-7SL6r%~V#=}xI
s
;5*QoQ~Fm#;%Dw*g%%5- k)DgS/^s4P]18qAW\&b~9:n<`%G&0?{|a(#
yIoEx8c${%Zx[}i~;n$6
y)gHwZcg>wy;OoHp
u&y`#~lX&oI
uwU30"dVdO66"l?uO]zCs>NZ~T
@C\O&qS+[[tn8C<"5ff
Ig5Y~R(wks6L
n"?G&zX=MOAxTOHYx(E9kW/IdE[<rvF]D98h{ml<WD~'>#m~Y#I]oP\\On+!ygF/{?Sq|l{Ac>0!tKG<Vryz~K<5Beqw-'vm
vQYNw@U>'Q(9}!X"]l32*!a*'-{d61$rc\SmO_5me-P
4Sy
^^gosYzt7*1~
o dk1G>BI9OzkNxFgAApg/7gZ]weu=bN*s7Y:;+oGKNuUc;pN6SpWvU5]6%,#k-*#_'(Nr|oZVy&iE.vWn'm%~~5Haqft}s|WcnvX2oWOcPiN}8'CX9#;xzis0|W2*
C`ydX14Qnycui~GIJ{q~o8Cpx+D!^vX>]nY=g>,bTR{)m]0Q6.pp
;>Nyw7A*</6mWS\>y5
*Qu_fJvm4ke<tH>c7~]o[C}8AY;o~(nnMkltsdq)K|$>WWajrIJ~Gy6mYOg`az8^^$jKyW9lMia\T;635pURas8Im6D|}fP[=}'#X+Ze=zz{O1X;GX5: xe{67KDClU-Swg'$8qc+@\Dp<'~oAMzr|be#2S+>>hw
$wX~WFr0;
?`$W?v1y7+bw3l/~V@y+X
OM4lvS}hIK[xwn/F4I}rnRox\W\kP=xP>)oy
;U_5j1wJzynotyFra<6m.(k/;wzq&(2BkGpu>chuDsPz
,cvdy%nW,89AS$%[5=`[<_]:-=56'X0u ~|BU\aW/w(bw):3o;/7h;k_Rkof/c$/.or{^X.[
mW7\LGqH=C>)RO8+/0#TNf!-BGcud~&n2x*wAA=J.'Vg7Ga;Yg#o=w]Nhm(1*n8K]C3[-#Gi>{&<`w!-G2#f<AtxcI<
Lgq&DuZ~P.~B0$a@[Hw!?SOZvSSY]kxNx18G4iBz(JdH~84'-s<51;wfT
on1#&{v^LRb6lt<q]
I-*~t-9/m2||.5_]#B].0<AiNR3)\q{sj>2Hk.O5ZsK2aVSZO.3
*V)]1sl3I2XOcehi`\$jMCYyu/(|
|u=)w`
;a8:_?+.keXh+g''0tX'C`HCa?~@.h\bwc%wpf-h~7C|1@_9,~zTM=>?k%O/{\0Na0}zo=LTu
%'oaK]~C3q>{ n?/feWZ;u4[y !nWscdw@2.1W}.>X~!n\YWe|S
\yk{\1K|$O-as0^}Bl.\9
G#
+n`.fKo:O`7A??oZ%Z~zb2_p/@|fbwX;^XDuf]qPb&V0/3mw'iW0-3Lo5.c/%$Me//GpO`]>l1k]Zx\/+s2G%FIy>pZkK/Sz4 :Yu(?5q,?{]ywlz}?bE~jR_>-1^ G>zzJXbAL8///X`5c_X+k'LZ>3
sCk|>j{G~//
uZSx[k0ab.u~U>{/[gZ
v[pR;R3[>-2j27x
*n-wYl0F%fR81<]WM2/`Wbz<>jb<HZlYj/|:ZcI9b}ke
um\[G/6?$/5NKm#/{G=9?C?28*_Z%_|q|]pLR[v-+_5
\~tYe~~!gs4`17~y6yGzW<XO^1V-9V{o^@yCK
uAr4u4>~(vC[t\[l^}koxbk\|sU^JW-3[.Q#5.GG0GH7=[P+sIUmtO6>-\
R]^X>'YPkQ`Ud~k\K.cBZU5P?4U;RFCT LhxcmwTuqHB,hL"*bF.gU+;}8qYd3`&m^x'QvLp9q~G[IS)"4@bo
m=Y10}B;Qn;r|FnUg4R%Os fkkV!CDmazT14tC)NN0aCXlo|x\xiuuW+B"DA^k?!qp1[5a:LD'ViMtEA\hL2&aNU[;;R9[pLR*Vqj%>8{5Ud
p9![muKyp9,{rl9?uX*;XY,DO(#;tuSSTTY=s=+uae] -]90DSXIGeW!P8s>'uxU!Dk9O+ z6xZ|8PLltEjpcLr1:aF<$2=e:?yLTR^9|[%~\uOGRp"~{,xu!E9M~;:g5p?"x{Ycl;
v*9az$ryj@G\~Hb2m^)N
Zj`SLnnD_v>RpfKUUuV/?=8VHv)]X/zU!^FE@`"*yyy*|VCfk.rnutC\&lu
bz{z%+IECNF&LBbd30XS|kP'4<<]YE&[*G`l; \
D(S\7Y$$&4z6AbO>l^gOqu5[33-`6TC86PTLUg%xA3`T{Q_Y++c(fb(!).e
%=DrHYEmjw!$ZQ2FiD}J]'xdjq|
WMXqh&exvBD"/\Lyi'V3|Jf;~k&J0NoEbP[1D@!jfvfqeL1xE^ jhzw8Pd1}r$rn%*T5(Eke
V>LL<H"#uTfH2!/Oe#C9a(8[5g,yJ3m`
D1k;xeRf[d|
j[Xk1vI4RzG,q*EWNOXJXFaS.,c8!dJ 8J
~{J)-vus|q83X*\@`PO@VNXU!Pg!$`liC!^&1\*ab(vad@5>q%*d9%Q@
uK="y&a
=p/;[+tbdl[T4$MF73a^ObykK(kO2u[_q[[##1UGlT7Wfp![{7m1snkh%6W{LEC3cV9p6<r
,LVuX~S,G}(G>ZL_<~*$S73+0
RxH TmH[k<+
;F+VBBU*s1mpd3:^X%~)C[>bO?*m>PV0s@|SNXR8{oYGn[)$J&<rjbww?5:etX648O$%P3`U2\= VS"g^&%&CUL5RIHp%3Og&{o,OZX
k06VJ]<e_ggOdj*SBza7-<LN,>du?c_Bf,iW>Z
rP4
pfnGz fbM)#{lC$*'\lG-rdL1"I&]W ary{[9#:C
Kg[tS?.6E1T.5(gJ==K{
82:v/+f}`2la^-6acU\:+E
+=J8@U)%POI/':SmE;E!ih@8%nk#8:uTb%V
IyGBzKtTA3yMJp/q&5Nk-&!
x}bAEGG6@nfSv
Zrz/KWS[P8q8vE'DlM0p"if0]Nk
6|h:^{]sjBVlbXf0!jjV)g~k\; l.Jx=TJh;^>"6a5Cb*/mY)45h%uF"- [Source: SSL_103.155.29.18]
"ai"- [Source: SSL_103.155.29.18]
"2000
|8u|'PXQY9b[4$YN
&mm_*l[Y/vtsK
<$
<#F4n+ZTy@eWJg(!';|['.N 8q92r3{p|]44!?#`1Me.r
n6%NgCek)x#d83+LlT|Xl^yA6hT*`rue:y)zovEZJ!U>yw$u*j*,SV%pS/B}b8]#!o+9|
"V=*YS_~
8zrm7\k7%D($y00%sCB)TM]RS&Z+;>!R@;X\"l8m)j1i5\{V)aS ysR FuIZ&aJ[Q$q)%!Um0xnq{-y&G]]wNF:RJA}ecU?G3=
2\`-?XSbi?q#5i)c='7W"9|#jk{qyXjOazCMWD&X%`!fpE(xnJ0J)lIhO
&^U'0-
n#Gj()Ctb1p'W)3>h\'n7KnXR#OVjo(w\B8#,rV]-]s!wH2/W9/q]QRv|(]0BWvaDI1
F^$2uqujj:(W,:
%kGB&GSC<_)Sc*@
B,BznZBi\KgCJS-^U=:>5m_<D|Xb1,W->kIE&JfR~h0SVroZPhp-:9DOs.\DMF)22U%
i]{cSjDT^A<=lT!US=0fnDBvoAr
)h6fG1UkT'C OL;
0b7?R^uG5;&~|?e*aE]~."N1$b}EZC^#9X^`gf:
2>F#9?2LCe[EcFs\
jL]|M\vxFAghA%V<"qdA
F!)|}{t9EJY.=//{!GtPG*r&}9vpn;|l{W&"`
YAmh>5L-p/#2
~fd<rp<f5("L8@\)X
DG:@q:\ZkRDbOkRu} o"940i)(eL{N
w.5_K%pT$Q0h7GeH`<1W\<u
)Vza1mM.,Q9)ob88?*[#r*{$nxJf]jZc\
]Um;VNR>FOP)'9LzLI0bs0Q/N-I-<sOi4=qiEJHg%
S>SGZq:=)V y"5=rJT#4:g!*(.pSjP8SCB)ev+pSzq2!vhN-}2UI{=fXFa`IMV/:q#'s=,za4J!F*yua,v$4mg'HbzAhrU[@
o'0VQiz5G]evx
0+ D2SA.(bFrCSoO3[6S[&*QCF91`Wm<m$=1YnQK$\4~ETH3Fu
j+t%8-l[Cx[w~\y)Y8C.0!c(Lt
3K>~hJPCn*B%~XrX~n,v-3:UlOS[(JJL.<v*\)3pp,$u
\Ci{nudqjJ;
a]z"GT<w2
.(5a%(Y`uAc;*X.wSPV:LYFq]R=4?;32Yabu'O'Ux%D*!u2t`csZT2S0m%4i7B&T7S%Mo;piL$B<)/l2VA.x`F>b
A9-c)w&USZh4*OM
6B2L&$(m>Zm9OG#ddhOG^#O[#a2|O>j{d$S1*n=@QsX:}[i,Pq.+kA63I%T2Fx{I
J&\-g#vjwyt.aE*c*CTM\;L\rj)!-9
<>aBxEw^}rRfq;^G%QS2
xoJ<aHX5o=*-35*i5l:6nL=]:1c0zPu~:%.:7F2 M&b^?SRM{]Y{{
B8\99v2}ZTN<z.D<AJEH!c50KITC*`dk"%z:(4\yj'CnaC
j_-M=
L'x,!l9^57$jF1h)B.(euV`&g`{|t05j0 /YSiOMHhuPP%n7.vRpae{Y]A|ChXxY
?g46E<&Ry|.eT'[0=&^6-Rqi$
l1uc<e9`r/hsV;{O&3Q6/3#\PrB@s7f9QUeZ~X
n.
J(pwy43VKg>LX@k}/[8UFR2-<Oi"1s3>U-j1e\p0;F**]'j6B]8RhCTbm)#QA)lzv9:!.\C@!f=gqA*
Y-1hCy-O&1G!H`t(|e\`ad8z:I10eG)[thu!uN]z@bHHAOTe1eHOJEs0#6@#GYuYxs
v2T}P~
ne=&~50G>DZ*WbN<=NEAb9$ro7GpKgC9p8]\`g7d/0A*l
vi#kVB^>SWAmiM\'8bR@*]ZTWOv&\R&c}J!.b
rLCMB`YRlvdP|lV
m>r!]<PH!k$uS5aX7>J @=Y|[zL[a>Mv4An_k#/TNg/+QS*tH=&M~|b
.\`wDZ0aiV
9gx
:~2ht9yzyb`"U~7;sdtH;4<@RIHVi65x66L&kA+QOA@ZDPeA{:r\m@=lXrS
bhAecBcPon%tpM{6}6N3K:sz&qEV[5Uu@C`CwFn@k:3,@L4zym7cco9:& #^ (OU@#>(/~QReJQ1\HfG|JVr~(*tme!"k6g]yv72G5PkGO2.g@cc"x|W\CEHuKW+3`2)\+jN{GMoh"
xX\u"cZgL,=ox*@#,s.udj<eQRWgq>8EPN=
FHxl1
,
s}d
J:Fu"TH8
vz/dCpJ|;6bA'tXAQ=JM<@U>QPxB-!"[^z@<n*JH
hsi6-hP|$xug}0uuuwgazyjy+4@OAr<#fh4'zZ[d'k;Zhqww jk,w\Yl_/q]
3&nC;g!m<:V>wAsDE%a}
YYt&s^7^YG)Ejcr}yY,yFC-FkAA={9OQwSV\vB"8+fe8+68YCO.OSRs#^Lc#*AkO=Q*lGsVRhH(H8'f5f2U`j\IE#wQ&)<+g54bsAG
w\_&C.$4_AN(HkC_
ntTOgF(nprVA}@QW?/p >4Xh?G1Elj6-l*
*iAPp`@G|U2vW(G1[ r![r*IKf=:b0 d\'52*;`U$Bt< 9-D)95As<0PiKs\N!GJnJJ}sFDj@r|JpjvgrXB8O
B2Q\1"F
)NPGKDAf5!g=p4dXkB2%^9
W~(z6>KNi&$V"S/rMbCs9O0i9'ehp1GfPc|}<2tux:2CZs*)~<CU&rnb9?z2G/1DlKJ:]$tM9L&LgzJNL(X=g9[e_EF``kgjyda3qxL
XBl CG[V'r;AN\
;-$N9pf9wv1hrr>
5*;u|:P!|yiqO5:ptx\[nJN@lHj)bF<
{E
R4mOcKxC\|'GT{Z7
*gq(&A^;JpkP[ytE6r)vNe=4$xL9v79sC0S{J#~7zwc;?,[p7?[^+U_&[`rF'{L'db2HNI8UspQri!g1nN<etQtYWJwGZ
afsmzke/OVV&Q2+)!)164q+L\P-x@Dpn:'+k=]7
I79d
vv<]1(!5e4AxtBnxL^<p`Rcj58%ue>k.^!vZ#'/?(*Vr<@cNBsiUV$r2J:Eu^S:dn
e?1I!)F/aH\$1Q3SYm9/5cB*<mPFNG;\#U^z#_K>T#p<be\"sFs*#WsuNuSA[zd/\J*^>aD2dE{p]NC&vwOL[~V
WH6q'LJ5F0@"- [Source: SSL_103.155.29.18]
"f"<E"- [Source: SSL_103.155.29.18]
, "2000
E7F?3)wQ-Cvn0:sA
|NXY0N{epzxO$p.
4$sb:^?)5Ux:r
3N3G@!'eq`*nxp%'K-O-Y?"!=B*"wFUeRNcp\%C-<jU+*E<91De"a8!oe{b@<3/1H:.\/g<#LEI&Flpr-0ML"uRzp:DDS
{Ojf
Zr]*fA@jaQJS#)m~NZG
$QHJyem
Y{
zKizBP6cBL%y$+=|4FmO_Do5
1r"
H8a:e
0
'=<\1*50drJ5hj9~h%Gxd
?ut*zRoT`,dp3z<^A2I}\U9;pNpXyYeySYY
:9rdA9DF1XQ$lH;_`B &%xk:}
`$h
)5n|pKh:V<RX
po!
o)k:OXd)U}z~!gbKLYswGzQQ6*=6(wLo*}jX`#C4s<c[qX;2,A]
K#WesfpWX~]t%:<CydA`}`"}$p5J`!So"PgRj-ps4*lb3.6 jjag8%_8=_FDG\b&VGL+!mGfR#C}yq+!kHK%aMaL/Px`Mi/z"
bu4vu
iHos]bDRw
JD
}Q6nhylZey^CM\3_P@-}r>
~9g<
Up;-TF9p``^j\#dCfEk;1>[+Tyz|qHT1S9VRd}o)
8hC)cp-;bgbyDB#e^4vI
T>f:+VU@{J1.|G5p
Koq-0\j:~{!P<]19
?Z%cHTY':0f<-v+3Ybv5%nshgL7,I<Ok\ps|:E6q1JTLrJM|<1Rdr@joA)(p=Whh7mdmk
yD{FR]T[.#2&$\y5Z'vd:InW~c)(t=F_AL
.|{1o?#%|8^"DrD1lmr:9T |z:F0U)Fc6h1}:D.c$WAz;~cZR0qA1[}
XKTTCx@p2"@mZ'{=_BpEx2/]&M7Dv[G!3W[uR)=L6h}mn#|
}
Bz!u84lt?5)#
]Vu<<[! WGAMapbt~VE|A*iIdjD4t,MKPa`j<aTf
j
Lt{!3]XW oF
2ZM0MY*sx,OXaU{5pO~k!T=q4d
!%^H2H3p5a!h0ub&,,Vijq?iu XDE5jK)'Kkd.cteA-{;>wR=#YW\Suj~R\d
H!1+bgg4K.Fw@_Q#
-K{dLh,g uJxnx(p+,P[,[]`~\|tXH_
-K
yw]G<Mm..W`.z"nCIbF1-A.zo%}T!'y2)}Ed(6%+sDvl
us`ECDzyhM0=Vu=fVK\LSFZ87c!@D@4aMl=XUWL"1-8
^-{#hu;zF<W$^lCVl+kO/j!sW]_xk l&H%3WjM2c])T0Wj0WK
FwE%Iee^!x\=&
>/WBsxk^N0rh:H
g,Y.0`O$iE?`I<t5cLl@r:rX=\.b3
r3}Q&mezu+r.+ ^}vPv|~a]4nzrJ*%
9e`yPp)[bO(<_/vygfSG~}Q
7RdUdN%~y|Z|wFIPOA.m*pJO+w"V+#7"O0WY^#!&f"}Mz!.Gpc4,m&3#e2[UxiX^^@LG'X4<XaEx9sWPB/w+)$Kz=>
*G8-@IpmfX*Ji;Bj7*qc{cx;k+E5q`YYl8#^_%s@>@_xNEvQ8\}D.spd+6.kY^{1F!P5JLCiTxd[Jx[ta[oK)9|'F~>1!i,xXRd\x A1U1X8`.Q
#=Bc=j
q+{LY)>{'e!ih5hiQ\'B7%xb1pxE~9S&t7!,RwR- #:k^5Nx?EJ0gZV{I-o-o)QB)HkB]1m,3\
wb/}ytV'xX^'AmqQbCG:U}2Mxl'~(e g4XSR3+h?Oa6XWWVF1`unz|VyX6Uuj0J2&>>e#W
?GU/4X.>9%rR&!<~+`m!!Nyq
:*h9-22-F.7GjWZ"
5
m=Lj9qptT2xG6t3^r":Z\W&]WWI7;I9iD\<x]yyPQ<}dC(&&4aW_fsP3s4>-T$S :GXK(Grh6(
.|TSwXY?ATp;8Q
<L[r=q|G_\+PP`f ms<UB5mDeQ, :e8+osPnH.EzU/80k'u`.s<
4qJo9&h!'RL2-
|T8j:
KM4$m&-5VMN
L]n\x6p9K|A\N%:cjA\uw!mu[B"1!X
w&F^YiV;P`V+T!Yrl445xVZP\[SF2FFaG1x\|,eiK#
<x}:LCm9?_Gr;"&u=|<~Pl<9U 45shcRA=O^_2'ukyw!n;L@s4M9'KuB=CNx9gE7oF]+zt
:0B`6d6n%hXOY
x;@UpvPpkjs282*u7YrhHeNwF:rg0DL}%GENTfR&H9O6-fuhr~fn1y0n5Z$(!2.l%3R\gMK=a^)]m%;p&"y)+i8:WmIm,OT*;A
xb8n&eB:R-Kika/'VD]x,OtH
qJ*#J29mn-Kr4Q#<xv@cxG$:u?}&
lee#@JOM-MO`"3ps0*J{e<9"L9]5'lLaw~!XDude5*y+13XLN^K2;*^-m<ml->T2\
<>cYGTYJ$uIe<gO$c1IR`O?r#J4h8Raj,u\!:t7OU}=/*V3s ,J>u\dT
78Q>&}3juHh2a6^24MpwIt
>z(cJbUd]'qFOZLXsQ5}M5|
haDUWlO<b#=A7+"S6w's|T
VhiE,B51D4.V%@WpG`Ti"/X.lb~Zj{!_N?WSKbC-b5a9:x6DA+P/0f5b"dY^hT*OL+{#TQ^xl75{tT6jUC<"'YCm9[
]
@wA`&mwkkUU
:f)"oe7=M,?/2b4$'#HI*<Ya_m@qfb${ZRRGhm8[l;Rkg0lEwhoQ,kDt-~Nl)OW<y-2UNxyh7K]
(f|V}O|p7<sC2uR,Su.aM<f"_%
&IP!=cV}Va$+)/lt }RwmDTlKG9&`1/in^e;^%Un0m"/mM_^
X;sQO?=2Xv4)@.<jBn'l_*cI~|2iy.~j.56w9^M,y6K241Ah5_0\GaR?csgQ6<$,J:wp3/'z*0^@">dcy`3d;cHOj }Ewdr;#&R]w:ial+>INwV)\~9Td]3N^~PJMdz`|B/t$t/y #>'z?8z8+OIo9p.[Wy_`_+Ru3BaSLOWU0t'<K}'UxGges*H^j2DT$slbJ\r^
DV{DSD-l=N%
m_fW_^]6+~D^Y93]dWYoBsxu.r:-C&$"`f67pS"XkspA>Vjt
xwo0rsUxR6_s|Cr4l(Yry*MDpaN\r)C2?~3'N5t!kUE/n
M>(}JN+"7T|oj;V@cv{QkB#7;zN$*Rb%bMje)9Sm>;)~5C!%uxYspn<0yf6#c5bbad<L*B^S57mh1+<[q]L`@"r9dJLP~Bl|l@s![6<m):hZC2
poUNiZ`'5Euw$B_N3(t/~<$Uub;yTc(|my!17wumGWIGIBsU#s(eA^?1969:+9I(dQwX`?h%pj,nOlY[gm'ICQW00,og
\M@0VkbRa[O!:&[Dp1
nZMW<7H_xLX^jI1uvTZxA"- [Source: SSL_103.155.29.18]
""- [Source: SSL_103.155.29.18]
"HTTP/1.1 200 OK
Date: Wed, 15 Jun 2022 10:33:32 GMT
Server: Apache
Cache-Control: no-cache, private
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjExZnB1VGVINUswTFUveEdkYVZrL2c9PSIsInZhbHVlIjoibGswQWs5NE9wejY3MVF4bzE3VVVOd2ZsZDQ2M3BFc0JtS3JFNXlBQzcxN1QyTjlDaWZjZEp0UjlLU2hYYXFnTVB0R2FkYW9aMWt0VE9kTThOWmFwR2crYVFsTTlNaDFNT2k1S1d5ZHlwU1l6OWdta25XZWxoTzNnQzY4SGVjUXoiLCJtYWMiOiI2NTk1ZWYxNjgwM2QyMzM3NGZiZjRiNGYzZDY0MWE5ODZhNzRlMDMzM2ZhNTA0YzkxNjk0YzI1MWUzOGJkYmQ5In0%3D; expires=Wed, 15-Jun-2022 12:33:33 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: laravel_session=eyJpdiI6ImdsTlRaVENBeUtRTzFPMHFWNWF6V3c9PSIsInZhbHVlIjoiVlpXczA5RjBPNnpzVFQ1NUVGSTBuR0d0RGhRV3NsQ29MMVlWK0FzbXhkM0hMU1hhVHZGczhtNHE0QW1UczA2U09GSE8zNkpJYms5TWsrSmprWU04MGpIL1RSY3lGdlVUOEpHWE4rWXdNRkFYc3JQRVlOTU5LN0liQlpxaGFUMVciLCJtYWMiOiIwYjJkZGEzZjZiYTU4YThmZjQ0YjBiNzcwNjM4YWJiY2ExNDU4NjZiNmRlMzE2ZTZjZmJhYzI3NzQ1YTVjNGFlIn0%3D; expires=Wed, 15-Jun-2022 12:33:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
2000
iH%~_a=T;j
bQX="2:KFfL=.U_%sgKO/4j.?}5Q}%gOGMwy00?\vt]_
h=_|k]/<K}q$yt|?zhQ<_6kg
;?e%$_'W]4zj(>)E}z/_~%~`/:r;#?$?$*k~ayrHYSN<w*#93>_tK~5i%/W..v_5-krzV&=EfA3E},a7*Y*2iguqVv^5.qVY_q:O?j~Y_~x_.~\Kr(D?K</E!g?}G,?}FmK3GU7_?Vp^/4{Y?~:_<`1w_O4,?_|u}6KfGS4C>bZ$_M?~XyM.(e>KMM_DwKh}5"~UP??y
~CV]J{n>~Mcao+~`,xf%?ec%u?p?=j]oy:v&~`+Lmb_3FBunvaEe]o5\f0&SJ2,3EVGc
O("/!C?;e}?}>=Q]~YKbe8O<ESvzQ}~W=J7Y%Y|V?4YxxYwG6f5OxO0y9J\Ooc`8{fKYro=VnSumx+}dyY7$}OxO_IG_W_~/"?wpio0Ks_m_tO/6GuY,>>+~~/_I2R[AIodOX<j/b}L17?,*.s0?W/15XW_wk/?}g}l2!MV;H>@tiMu[EOREw?%Z*?-5}-nf&X`7|&6>jwX7v5_$~/P1_n]Y_Px.0?{NEO6k=
b
9,-/_
@<dY%/P;LmiB3O?-.&71}Uoxz/W{+~3??5$4;uwXD,wT%^pU}/ntb|T/\?.W_-Zggo{-_l!?}j?}<=
|_"jc
}?Zawh1:+dr.v+i?;>g\>&khAleGIOGk\AtM*//f5Xf_co8_h]CDup^ak_bq1?i=i}X=>K: ?bR/~e_4J_Y5~O~+?O(ZW`b!s+2k|xv#fAmNg9?vq}7RkQ/lQ(z
tW8*Uo)y/-+cg0;=[^1g/QP{HcyOxYtYLXki/w?^lO}Z6;Vt9.2BeSv~Ghjwz,wObqyamN(kpnQoM:?EbCVvnu<dIi)z-==3W!nmNL2mbSl=v54x/n"r`Zm.yHFaUY&{9YsG[L[>6v{#=\Aw*
ufEy??~uY~0XLlq*kM LC7%nd.}h'40VWMY{s|ne>u5s*%x1M]n${}kuk9;2|yVX|{mEYMLorW6K:8h 6jx;wW=Gmg')*;h3 UM58EYyy
<2RzjnfwUOP>|Y%l~v.5;z;Zv<7$;w>61
Ej?]Upp>n5-rp
So,rejro
}L6)\xz>h2Z]a$Ho-\MC\69{Wir,v]Fln;_7vU?)y=Lc50g5A}$X[}y.;-SOqso;)(T.\nj2{q8y(X{ozIQ,7^fMXN:[;Va]:#;Z~Asys}-w-I}&tUoX#A.q:
wi&m~k7qZt8Vwh.%_JHu+?#
FCI4r
'!UZ1f5z
G7JQ WO?S8NMFf~{82Uy{P&o8aDUJ&frJ~yxOJi{KGmdu)dY3:1sD<}T=s;nd\%n\Ab+x
82}zi7n~CcU|H/AZ:)WU]8*<F</{k
~9_Wl;C-c5rM}Tk:_yR1=WS8VvqO(p
vS6yjEmz=/1gl^
cF)|&~6yn{Ho
6W->.i^')mE\wA?IM>f][)Qr}zBXwMrZ*f~=
mO:7-PTf-8Z}cskO>ME<cYamfPP.%GYP13x_VE"s3><2{5,: ;rfVxk2[3C{
Gs<lwlL~l*-16'YZ#@H~q}y};Ox?3&|(F9%(sn[{&7/Vfvoz&WedE5=b7y/]ho~Dc[
R'&3O1=-wuomyj'OEV}V]iD1uU0CAR7g*5$v9VeZJUy9}E?{+6finZ53yJ2=:z3Bi%?oNkc[~)PO~@"d;gMZ5C=h/g^6W0|VM.^8l$
3]Oza=+6F\fKqN-WN3~z`*h:NtmH#uML>*]8s0g5:]wtr#\aj({Lbp)mtntG}P;\(&\GexSgygs-`38so%+6&hMp<$|uvG[O
lVnOV[l3r}U<7't5v i^<mRWZQlDYRl7,jg'3-EG~z:q_'UO%~Z}aUnf!2YnJ>LqxsvR{PQk6GS~c\}VW[su|2V;}m<8{vzg6s-l]Mosr]W(vz^zfdE17WDJWk@/U/o|1iBxY|}xm2/_A"bp]s|}M7D">Im~z~q_Qd_\.~s?g4k?u\8J}o?Di5:e/E|k,o?_BKX[G0bpi}i/?4q%A|E2}gmKD_%QQyHumyg1FmeNA/]R_,5W@(GTIT$ykoi7_!YM/e\??Os]p8&&rkDywhiP?.;{zl+J~7s#FoW'@UQ]GVZu=whqz2v])vYdf]U4SE{dVs(C~!N>L;k~{<xV}OXu_4ew{7z~;UGyaT*4{TujsS|v'mo>v~To`[}{%,1IO+6nG4xfku[[ngvZUZ~4aZh/jD5,-G>C}wAUc&er//48}C5e02_//svMDZr'\~ER s:?x1/<~}~8}eW/r_=_c&]>|>}__ZF<WM{b$w4AQq:KoF=!OJh@}3
nZ#}:(t}zZ-y/&3[]m%yDRujy^emxg~0G|oAiaz+4c)oGF;JxI\rfS$qg!3-
\p)oVXwFhVO
FzMn,v^syPW6)D\7'
.na]a%w"- [Source: SSL_103.155.29.18]
"'"- [Source: SSL_103.155.29.18]
"2000
:c-+]C7>Gb}{/5.A[!7{<yjydd@<C9R/a/`{9
'/Ij0|FWqR3vWD*CX6s6cwr*%W30j
{~=kv5J011:)8Y`a,[1#?"\'c,5$vWV]06NGkno5R82*1]8~q
W$5Rs`R99UwFX~T{^cr)MEXC/lg07Kvwr0`($i>ip>N`tjN
LNi;y<Eu$LKIR{y3H#J%&fwz
:0[Kb
qqzN#WywaS(I~}x8oeiUK071]`)C>6+m%x7
mw}t)tkj{474g'Khz{7
BBN;YgjvxqdM#
:Z?p
wc-8l?g'? 5p]}{3$$/5Yv:8cRNoA,j=";~J8 Nm\%%/iwS[;1KxA=c$\lX`NB;g9,R^$Y/Eq-`N]mluow
n/
u\eU/{S[Oq
%QYw.sxUK7vN;1Z[
V[pZpm<m/L|h/o\1.~nD3e9+s
ilX?(A.h~hYEnV{;Gsjo1&Sjw]_28?'c3F8`"wvBTA=+>fUw{M]cMv:\V?v`6N`}/$y0aSk;Gx\4oWL8.0Ho=-kcc?K;{Tmw.O$6gL1l2S60->JASCvc<j+jla2PG[G#VGX,)!{
-J>}0
Mk1gGb2}"wgCcg~.> _p}y=
?S?@
GwZckJMUN%.Mkc>*B6=/GXJbJ$'{QxK:#sO\y:9gcs8
9{lotF,o$ ]|oG=mx:~?]$wh|'~9v
{mbI`w?[.3
u{iU~Ya.0{:\y){iA36b;C?_/~7>}-.^qM.E_kywqs|;J2|']r%_8wSM?a}-\`mx
Ol?sz.=so{={~z:}>=C,;|}BG=~</Y~FnR'O>{0N;'|c]|/jxz~u9T`Shc~ynamOwgo|^/x=O~}ky.qO0xou
SYK+|c[&2wKjS^G3T1~9Z_gik7G
?}v|x>G[GP[4fZym1,pv5 ~G#v~hMkc@w
j:_T{)'c>Yq"a/U<?'^A3##iLj7^vIwqxi*123
^)dQ9Xvfbm0&s3"WJ;9iN/jS>Lgj4lrVa^
pR]kjMtSFy<<Cf!^pMKob^aMOW7]6o
j719REk95o{
;i}/Bkk8?shHcJ&PhrCPx4`?kHc!?qPJME
zc-2{]9\bo9EG|g3
C]c
I;4
6wKqg
v ?zmA+aNQB[I:@_;P<y8k#YsTT{`!Kk
)x^8|~(7!* Xe~P=^q/LZkGol[0{W[kxk(r>;5=y]gv
%y{e7owq~sL0Sa&h?aFQ
?}vp?"4r=)4|
.1v?fo0%[RiiO/u--J||~~c<9}
9xc-#{R_B{7[{n]<'rk'zMTj_x1}$v<
hp7pT3K&4r@;\`<-%[XI~L_[zVmG?J-I{1pNa-~/;)
[ZMloB.b7#_
Lp#7?N5C1MI8dbRon.
s_xrHR)RHhx;h*.
vtfk$h2/39O{otZ8c|egmbx3Lkg$nf$eErTTov{\Jz`c/N}@7R%&*Z~0oYZ5}>tMgfy-IFj!?;wz9|t
g(1pRc}U1~lKc.IN{v8nQ-Q#rvhh*%{Atwj+Jdjgpjr^IkM}PcB3<R1 wx9X17 o\+S
d<QmNKqg$_jd4_;5xng'og+'_:f|m,6ABEF#~#l7&(FiIo&-5CS)9JB]]q0X!Dl
{;WIzho{\9A~0b%<00mh'`2(y.`YENyF%?wxg@~`QU:N3RF47|;R]!]IL0;!ZlrFc*xy`>"WX~c~I9G{bqS;Ed`'oG?+1Ob-o)&g"q~4zM0Y98Z$a`CfU?kRZ @L[rtm,W+
x^
u>nt[u7L=~FBv'^m,j0Ij99ZE6w?@rc47v#,|o_k8O026vI,"n(/#5'9*2}Jxo5B~ eg^h|pqWX&s{E)$qjv>4h
Ww01&C`LQ2j*&i"j[c9U2n'<XS7F3%OAQR<S<
jF%+@rH=cU|;5tDl;jkp/uNZ2We#B-N[),xZs4`XG#0kmN93q_b3+TZx`5F~]WnGnU/)0;vcJScbC-/:Q~1&?04+5^t>BfZ&
+|0noDFQQa#`e(N6@teF-kE}t\Q2I~w0
ze@gc<}`hvX7[gIMq{E,!vPZ/;&Xq/:2jL1_E%+gq6!zscq|kL
W]tUZ22EgI..&Ne?/MVx4VNb1%ui>}iO1F=GBqN>N_fvU/t%{1e=9
yx9Oljm4\<ubRlh*pjB@_@=-!mbU0]*;N:X'fH(w#,}UL&L4[vTtR11e/J_03s[i%.Z<5Z~cnnCA;,=RwE<k,nEqv*1gL<'wI72woY
X^(1>el]]x*.9;5bN{N"}i\4wi~fF}b16w<
mN}3uRK
O{-0;m7.XoKcDPlj"E6#0)d<XB]VOamEt9bXOcsg6](>FK)9E$k^u&aK/}5y0u$?dOZ,o9<OlOy;*#!+pO7'vg_nTj`d|$^92$~e..
LSLQcyBR;w-
3xvjhZj>LbsN')kj=uXqLL}]KQXS*M=eXoDml6[$0?V-1^oL1[yN)YL<#*Vf^N}%SEd9s*?c&2=WgIo ;q$h.0.0N~%01/&';}%QK@A&
tmWfesgj[ySl0/R-46s"xE"6[#y<4Vyb\^&?
hlwoVba=WJy.AL4R`K^n8Fsc5/=7cvt;}0[819D<"%DdxH`
h?E{mR(
u){.Z
d}8?Wi>gT711:b*`:{Ps(@550Du-'e]`,rgnz>1kN5f^:wmRUBJ<5*}pZ:-P68ic'xW_&td}5UfR;{5
gq#lA
V^t1a,lgn=.
rgbv3]Tch;&U\.8?%OI1+VV9z{eZj&~+6x" 4px=W'3OXqN'>bwXN8'I(HE&k('-:0yxK?+9Qj_Hh+1RX[c>0=A5s]K9wYF5QA3MlQv5ku<Egxx5OO,
{z6XS12[`=s>)p+.}$kZ9B{vf.S+DZ>GVV
V63)g11he-S/
zi|w8Z
nI=u8g2>.t'UdJj0jW}*NtWih8Y}XwP1|5]2X:y,U_,
Db`?WKNd5"- [Source: SSL_103.155.29.18]
, "lSNC"- [Source: SSL_103.155.29.18]
, "2000
vxgW8BA[]^QNeye*1n9rA36<`iLf]Obgflkdqznp_^8}91xyj{<
X
A5R(CCsR}}]?t_:6li}x&b{Rbr5aPK
H`]vR/9[M5pSdI8
;@A56k~/;<7+i/tH14;Mg.%pg-j1'Jo0i!Q:K+)YWkQ`G'e
v6FYg?/v&[N)'5+`mGmGiWC9bM/AH3FIjU?6w7zB$M@y_f!UIG:>4}Xb~pvwEMR/4vM#T@}EHUd1c/d2y#zi&&^X*@O_Vec;PXAs91f?
ajl
Eu"'6JM_`_C"i(`994V[N_E4#9IW;9*9
kpoa1?.Y2QH`$bG|rcYyH/;2lKXHlI6TR.(;5,C{4e=+J#*O7pPD;|zye|mZ"e%|xhGpytz4.4AHy;+xMi4}Y<,5AO~A>sDBlN"``9S(b`N94s.y72v=6/{'5C~F*u}lgc<<Ny]:L'Y A-e@'#v)
#g{w/BwA:>Xa"L8Y:l~3v,tv\/cill)pGw{UQ!!G_0'z*Xg>,#Ip[$3U.`]4h^7hx
%?c`o~lbv6Csjb=7WB$`Alwa]qUmzL7S5fee+yPgqQV"0n#bkD0*E7o'Jze~$VOM7'o+iw27qx}9
R}U~CkMO7S"
lU`^
v0
e-$tqg0\!rXpR,k?-,eU@O"_q!v[b)kmXOxx~bg7GK&vzNbH:lRL]1swT*hK?Jrmi#o=mgZ
X$S]~>'X_,V_}J\x(wn6Wxd`y
]ctZa.A<HQU,]s%Q3)vuV"u)M~eEbSM;<>6UdXsn?GqK.eRy1eP?JKg-/Jg+"2 Q:4o?jY83sxX?1W`/h,#)-h
z{`|o
l_dxeF=u;{c1^HL91{9&5mR,=It*/X)Iy!q=Vi6PoP}?E;jq9X<b=u+ZWJ&!`=^RG4XRy||ZO ^ST[9t;{RV
xG9,I;f{mtXv&LRps\JM@WxG],>'^y[8/W:*)
Zt
<"C1fMb7AtVk@e97y7/+3jKktYMA^iUUYVa;%s~eY0G+0z~N8OmANznZ\dI9(lerZKkxHCR-XfiWhY=~~a{nK='DXR]obol0LOzlX[v%3~OZT<vx7Ctcc|~_YIJmYq\~|6(!}TU}L|9X_8@{bL/9L8M4CwCAX@k@
MfQ;&]@cF8fgVu"VDm~%);ruyU#3Gt;-.N<2
`hrRG&Q+TBfXONXC:"%S9lfTQ~HUvwqOa"<R>25eyp=h16+Oyqxs2Jbv'{_UM|`F^E|mmv\ZnI_\oN*JAi)p/ns7OVl3_MbG`]X0"Z~/:rmZpsj$c9_:);=XC"[qY8D4qph-{N"HZb0?yii;\y`]I}\eZ\Cq[xF{^Ovn>T:>zO1FzGma\`,"^>]W8.T<8^X%eKhZ?aeRkBd[$]~N])po"_%>U0?'O
eyz7k7%<jOL/k3.R]c
T3enk5Md{y|oTN$a{1gYL9hW#r9
|g
ydAtZ*L%QgqIsE|TD:9O6
v`Fyu{)Sj[74"Q/okN]Y|w~ZkK?8jf*Yv^8&~~A'UD+ua-*OnY%@I|TMNxXAGil';U)!7|:0"/a#p{v~$Z1hS8SflT`_+(os_THo)v{QZ#166%x3Y?]dvslLkca`i
ckRz
hkbh-'<&EN
7G.|/Z93m>1.Z+^H~\fUX<dM ,7JN)m)/<9W5mA>A?+AxGM@[8F]qh-w ;vXFH;Lh_l[tyba@(9D
HeaMZu6^8o>a5 L$jiw<w4YYXS4Xa>{LA Ne)C5|/
d}?)ab|fVa.Xg/{477fU+_
}#Cq)9=R]@
4
0yfi~q7|{gc~(vDJ\6[w3#Uk?eL9O0d@
&<@CT\zkr%o<oWa&A;xv1 /wxYG1b2)7k-&sKW0Tsfe:1VaV"'}=)bt~p|]RjF9y4?|Q0/9{%^<&lC4XgcJyJ0Wj1gCDv@|en-<(6T}|i"?gQgJwXO.X3?xsX^VEMn! ^~LHI-le1P$5M4w
z9S;Kn^/naONBEU5&?;[yVMvBndxBYq"8:smsCJUGX;p?ev*O`;}6F>`?vV^T`w<9k!^-v);qrC37}$j8Il
V~4|a^P7p)x){FIj`W)eWE+u&ON}_vL&JFM
?Y0
upclk<
cvU/{}&L4-8rVd5q$oujvmas]6RzKl$T@!sr|Qz^}cu<C.0]]8j$rBL"s<tmO%[r9xs[^>/=o@oNg_`=d]W|8zzO8XMkAO/jE.NEb_mk
be[iS]Co~'V;ZP>wgkwwdg<
;Q7bV,??,N
ZP,K|h75T
f"gF
Y@f51^<T6>LxI>drs8)/Wkx'3M;
}r`,mi-Ixomm$g*5HrQ+5}xm!6e{+@~i`m$
Ll
W+#NmrV+&lvT@c>iOY1*2ccK=5zQ'JEL<_om_`
u/U3
}m"V6\fJv!/+s)VM1):dcec~Z(Q),%=.9J77%fBgO^EFH/&<gtYhfk""TB;p/)>O=""K
[JiBrX:nzPBFWDGVz?LN7sOfGX
YH&tJ$5.JJtG#XF4q_=Sr#Jt 3/6},+b |`g:i{9(7mI?zhnikR<&B_`ktozhog;s.saN~7M/yU-hD`1V5Z=LsxMOcSzJFtl.DO*g{q6b>6
l
h^
z9+#SZi-cBb{`|
h.RG/B0&"r^[kNy&%Ga
JV!q~6{xgcn1-Op"XnyJNeYkN10)
*\IVaC}_99-E;Nh376IsA<8gbaa-\Y{|cbAn|Y<JlG`;5kZe<:c-vMdCj,#r3"iEH)(T,?0w:M\rhd8/o"-;Mq+Gm1]7w0M|D4.6G/#ed)xZ0
mv^(h3xBFJWlN
nbG@:RpjjLOf/FlJx"#k.\fNE4A|,l
A/zo%g|kzd:W"[$Q^
ZR%mr,MKy`2LyNnu)-9{9I]e_0%8ew*-hTyk'Mf|Q,'8]Q^8jamx8yixg`:1J!;>lIf)(bXEWAzV;]-Ax_GXwMs@UMY >;I
D6f|RIvTc0}9xPm_dMZ\m^|'PBVvWLp!3wHR8Xqq"zK:C<GMI|"x`K/x_>gga:b0u17sWjNZb9[5k_Z:m{"^Ovgd#O$R'3cHp;:+!Sm2<e~o.Os@k]d<X?X:{L+i?~5tlMJ8FXk<>^Uc;yC2$J0.v9R%chP}},Kp}(viB%N#X1xez/h[>QRNJ6i$L&"- [Source: SSL_103.155.29.18]
, "tY"- [Source: SSL_103.155.29.18]
, "1ff8
D'K90Q<13t:yr
18`dh@?Sp+I<Ob*@MxmSVuU";`
|p%7xX<ReSaC)z:OI6~z>
y(p(;LSQ0>3v9]`7sln{,7vZx6&hJwh?a<E5J+u&s&U{j^jgnS/S?&$'j:1W,d-KH~+X
$uNA-c*h}$!{>k`N/\1Z[b'UmC|w1WSYIs5>j9{B1~4k46[p$x@*O\dJk w
lgr_SN,evsr<QXx]9_+<YSjIcp>YJ<jexvp{1nhKC9|5U
,Ue<YXx.+9=\yN>.8?ZYL:U-^_1la<9<wfx`hlY2m#Bx4*c\Q&Z1vo-kKWhb
|;J|?3Ceb>6s>zi=|<WmN;*]~;RQ<g"1/Gji};<{dqt`v#$-pAjvQul+;IjMo=4:R+/odw:a/k{@87=@[5GMccb<G/Dn<2{luREl:o5zh9_N>ElX2d7IL$`sZo@{Z+}9X:O/ey{\j)`:K\W}Xvr
D!u:;~a?\HWXG^Xww8ce_G0!S/u6b\0PnfTv0J;/|IdVU|=oN\]4:~X81` fcor4sFKRX/3Nzc
M~Z'bI|QwSp8YRGK=\wD1.@5T-`armDaj[NXnp_b%/5{1qSL{%LC%R'
/YVjr6wS@zBF)>.X2xM{9Kv#1pnik6k{K
L)[_"h0u|9J1 OU^^`&OF=<6wD$;p(rsanA[sw#-;zW8"{/<MFW7YUSL{![rYXo'*6wmD9<J?l?a=6]RjI<eZp1OmOW.fEqvvGz#z=`/Qw6a"wcZJ&yqupV2ggyAEfG~U%,K:%;%^PmiKD_J[lJkJSv6z5=_;U~!]u=tz}59/#\<K*l3w
{,l'h"-}Zh
'~g}&$JbkF24-0wn'`f>-
2r,x^^.#zSd2R?`SMg@7\~;Ny6q*$#rLUwzy\EX
S,75}IQq6u.N:"?KNfvfQ[49OsH*WEG-ce^tp}nDikg>N/f$kNTZ'/rmfmU2Q/a#sGY$ZuYOgw\:B6K|V~zN[OspcF/"[#9i&7K}^>#iGl?5bn5*v>g-hs3m;?K+FZD=*BD{[86v`gU4B&Su*
s~j{"
X@2}{w[>#eR~p+hifU=p?3D&[ywW_aw}gX3D=sv`nvv)i0xf9!?eM"fn:j<%7\Iv-1^xO$tUGes
Z^Wf:b2G$r#{puUOfbjOl_0SaU
Tva3BF_kkwG|ijJ,'JqaPy|y0w;C9`m2a_/paR<F<oyi`j""_c%5r-[G4ePw[CqIl:I&Hc4edv:oA)=PP8z<e
WNL3g91"sgvABN-Sf@tG6"
[bwz0"DrBcJ`C-t*WvbVIw?lO5wL|Eup$7/e&09p,v&];g .'teO;6J8=1ly_9/|.cZo/}t9:f]:`?.+b~RX8<i;0\/pc]9GLs*@gb}'
F1,@'>pR/9`|?bJsksc"r-&!GSu/B*S.hll`MySb{"{J;YC6=KeG|h~]'<,X&
q|kVoN)/e~6&%hzvZ*|w)@k%u%=4dNs<nOY^82(\%iO2o-p{}sH]]<_9``~[U0ua:pIIGMb1.hkR-Ob-#p!8+}!?6+f9Is^#bvDv/lwV(st1-]q~&
K_imA["XYFVlNzF%h
};xEUoFKX;S~@1-p?CX]X8xk@\x~_DO%aIOR[%k<7@6_HJ|>V
bm]+Wbd.`=8.J3EGZ^Y0{"qO
wO3p<mk,<EoBflms.%piF}MR{2+YEdz\cS1V80dV(<_>hD$;)}l9pVV=8Z
,.X.{'|^kOecgr~gkYm.)s`OML4?~90#x'|?Nx>lsH~X>b~8(.G
ixi/957Xlbm|HG&GAJ{|L"UUGJ
w(i;
a=KkaM8D6B[J+O>#wf{kL'%^Zji$6I"2?A38
svu9kNb~+,Bg_K\pA9]}yP(pn#hs`
%hIG<y3ph?+Mtxw5uVTeWc}&1h)H<xN0
SvC_xLN<ej
Zut9hb5*O+6}v5nBIP?a%w17OxnOWspeqD# }~E?twI_bwG8`scF&2TOb1=GMM3/MT>V8o3/Q qjS1JW1w0'qi+s|}3
]q:
tUc_k>2w"q$Eu&hx:xl3g)Bv:&>[VcVnkn3a@K
+)"=]oo;C-^UU^jy<s5oZ-}WS{Mw7Q7E"0/EX0qbBU7t`@,6Y\7ku
{k\ex\n9qe^kUr:%ey}5xcLb?8 vYI+
0. hCI;
v|:!*\B`6rS*vRdz(Q4~-qgf(SU,-3q"h20 a>yub-]tZ_1PpZ)N|#mtfo]N"2yfw]3k.mE2[:1i<qu-7OEaQzp}"1u
h6U{2kW|S;]RP0'c"!<p.pig`zdS4[G}L)gV/vDn!E+us[]F}Ksy4Fu
9z;4O+}j%!nM)kB!>
@t
1PhG>J~0)ME)`GW~P!.?G*:Ac(75c]Ocb,-@TD\Z@lsv8}>l+\XzT
utN
p||:(3F^)L
.JZ?TW
_<
!B/6?0tY{$&l 7+N#}dZqqs6hRRmMyFACAC
8}M
8RtSw
<`S87|;PgO6vd5\Ue7O'Ks&U/g/ADeg1^FU(u@X, h-SBQ&$v*qAUmoL`Z7k7jv@O^&r!5UK4dj8zEI#U`%z/\`BRiDjgAM<+ylV,y`i4!cjp nd)}#/t!]q]Yc;h
lBSpo&2D_FC&JN;[&`0Z'q1UNK2C_p4:t}jHCcB
4^%G'o"~-@1i{\iS=#9=j%}MYF}A".ASlBnq@_&1WW]a'zQU>FM<jm%+G($PraNTcqFR'b{nxD)@)^'p;u+<l'M)9L|$gjB]h
p^)9+]tmdY*\'IdB8'LxXY!ru#_!j+=;*6vw<ikJqN[^sO(Y0f}ajBy,Whq&
8+Hrizn
|J8ivuZ@&NCdy4Uhx}-Pq:QV|{T-[huQ9M7,;XyBsnH}eD1w-9w\_[T
sGPs^*JDf:\XzJ
j{JSuCreo\CzcqI5jFr;SXrQ(G^8m,!iZ>-]u},*yW7Z@c&J)Dg:,FYyS4Kr IJ.2N(W}tk1y\
J|c|wsA
@,U.
9C/}k+c";z4A9yKB!q2@mU%^nNiPK/jJnve$58D4mpZq|;pX^PF5+C22PEO(5`3_j7
P)L@ng&_g:
d6`C!itMx^+9){^S}U;%F4Sg3|:$px=vsW?-+
pAUY8McvH"6WBXUAZ&U+/`B.pvWS:cM"- [Source: SSL_103.155.29.18]
"2000"- [Source: SSL_103.155.29.18]
"_?z"r-
-w'UYRV@;l+wRw$(;vE2>Mc1Mi0|@RipsXT]j>6_u
mYpnTMv\:f1j!fd8.ndp`<[|m]h+jv{]43Y>[-8RWZ1*q`XI'!Y`>78.t;^J;:>q!7g5ZSvmk`TeztuC
NNX_:7YVFm\EUIL0v?@^N?%KG}[)6B."
v3{i|Q0qB-HUh<^
Vr&#y6&(&vl(9]/T5U)cF6DBsr@Hns/]Hzb\;O%ur4o]@PEvsrcr7
\blj*<0oLlkMmiSh(Oq:HjrI#f8@yH>FmB#WxOF=u@Aa4y<QZuc2k~H/+26<B'@a$\8*j;\iM@u"z$)T*9xG
G:m3BY*'QQ%
8;8B9S@1.M1+
.D_\.4QEY`gB1Ji$e.0?0nvHqM5n<V+K64(jq=)F!D8r!
#W~;[QZuyKp@wy`ul^u]G}d'vyuAmAxa3ljo
igxum;\
x_1v?e#DHQEXuzW+&*S&TPO\w2)o+8mkbp(=9*],48O5D
x/6zv`l5
l#=T]sHCQB0]4E,'4e`K"Wg_FAVq=HH*u/xBnX6qLqKmNX|vy\\PqP\+q.,\UQI{5Nrjx6ps8:p&-\<kOZ
S3C.Z|#BA]3Tht:C69R8Y/78hhWR1#Bj0on)`
W]5]Oxk{lBS3G2p#$8fl(<uYUzqQp[ybI[)Ok1%v`%46x
:)f{:u5 l\uV[6?(g#U7'l/8*Sr\S@NY^{A?)(=0kuTs</+n78W1-T``e
3"F751A
W<>f]>pKU Ks/3lYl)nEx
wR8y]v`]uNZa
u:e$s>1lJ
u1`ox7Vr=avGIozW*[P2A]cu1LRJ[J*G|F
]|nS(1p!'J?Vrd&-2.n
dMMsFguv,dS't.n#%PRZ\g7vUP89x5.^8bzz$UTTWRNR]4|:#'K-uT`^bg+u$|P5P0i'.vC:YC>";=lzn.~oqCHb<8*^cM;vbrH$*v/haTGeFGtM:;[E]cKN_uaImaKtBtQI]Y ;TQ0GS4)ZFYKll$fU~=cjU!@t*[VVf-mNz-1iKq?E89V>*~.EOZjv;u;yFn]0FD4'g7VJ>@i@%_R#T9v)iz89m?1Ucj?`i,fQ`>[)]hwh>h\)JR!"X/F5G*vjnf/u.4jT`Ai#W`0*dw97!lN/p<}g~u*W]Hv3a@GA>-E?pFKRAk
Y>2z<Jej|m;zz'S@aw[sB"j
~2v?XgQhAq<(Wz/!rk)I
mR=qlR`._Ae<J-&_|[gk .'@e.^K!0=u$| pl1;)n>\+Wz^Wx3_Uz7UtXl"7mT6\Z>l_|*$vG5(@W=
E^{w<T=!|zeDS[a-zU*}+~>{qbr'P~r${{e&hB7-:Q\`$^.aMX7AM(<zV
0*\.*6vuYP;J}nntO%3FY0ThOQ1K.(p}8
n?"fSNs
\\gT56
fn|iey\pzDu
`@k'H%~y4::6}{;2uAR`>>-~l|458C@8lj&r
js3uCKk.iphw1HW@I$g#vSkss)v
RTom0
qBZxQmJW_O|tK)@Duxrqxu;[sU_<-ugjFU}I-<kD]HU!4_i 4trT{v_4 skw
wksTU
vU4mv
_s
'0W+vkA`j\v^sV6nW<#1Z__u~85}Jpt
&83qpow+=gJvQh5OMs
X\Ivp`~/a$dH=UF]opC=YFU1\%R=uOzpUR:
sO)+D7^1Za\]AY8Fv'UulILh#
fa;4zsh#gf.O&.X:R5#4GT5YS~[R"c}|Z,+|0b`/W>ESU#%XDc-1:g,I]z;h*T-+qrH^WT,i;)n-M)d63[mOK@,Q;cn1~c:
YHlkl+*9E~pDRq)Hz\gPj~HFLPN.X1\-kOID
X|~pRAO-v3aR[)'w1*"7Wb.s+VoG4u*#P]c)8A*MJBTZ
j^ioX(1fYk)69SyTT7U"X&ic`/1&.i')nq9Y@`lg5]VNFuxur$dz*r87TtsM<pxyWy^IGz~i
?bvp^}H.gs8_u\|*4n
PZ9S=U*JHB[gMv$Sa?^zK%HZ(9pyF
e^WSUk]qj++nvTzdu}w_S~S\?m0-~-E_j!<WB}]uU
F]n?zp@&gcQm&^:HA),Sfv%+<'m94UE&/I4jhx7w?`KU'zSkR$/?6fh&/z`[5:[FZo$>I9VfUp&L<Nw9+'hr:KKHpvW;,{rabKY|fH`29#0N)SNKC6v@CN^.ag6.J!Y-MQ!#aaQ70LpWqK/_#LWnnE5iEqc@
!+nDyN8\:Wetc~:Q`3=9!>zxp40kOau<Wr+b3[WAKJ/#@B
@a[5`>Cd4=v72)EI-#}fM
l*F(oQBTBB&\6\e8(c2})b#=!7Og}~|PNp\xWU
=vvx`|38*W}
UTiu(^QcqaZ)g*6c
xW6|w
7bs9Ho)A&{^J'24k=Hqu:2n]s53hWlBU37@!urUao2LYq0bx^(z%hhK'U3Y9ISOh|@=yEZSX@6>RVAT\#&+X&az*zCA^fk>zv2[2<ed_y`X<N`Y3bY:WA
!``R!WM/.AF`Oh;4Phv6SOG2;R?=c-S)S7kk>|{8?NM[^<)?'647:*m
^)jwi}WMjK$tkOxZ*n=@{U/<'IaIKv[,=#7;
k=&b.t/L{q_15*(q@%GIK[qzKUO,PkAu&9Zd00Y3vU:s++%k'WUbyM`wfqU[iBpz'_g>d*eMo1/q)O:gEbTMW@|u^BP+FGY^P-?A?]m~SM3wnC*`T1zn
t#s;*}fY6gw
t~4Pq,j&gKX@pphfsIdw3Ih9[b
3Qi-iWWhXcQVLCj!
pw%26:|N/<~?|oq\d(?i~Kh"l_>.IcLQnMb^OV?8)mE9g9|-Mio_rL?8f?hV}L4HOuKg{?N44u}v9@ii901uCet:$O?K5$2tc>g4JAPc~L
[
xd"NthL_Nl7FW'&eFz Bvr'+GO7XTFthVtZ9;t79~>D8]rgN}V?+$U44&8t_F"aO!0ty~o\'nghI3JK~F'0%sfq5>2~h[5'3__N|UtL/@o?]xu#Kr=:COhLfl\$6NF7%pQ~@tA6'A|k3busy^`[}?>pO~_`s7rB_|t#bm$!G{_m]OsqD4J66
!0a;lx*?O5&Yg/kr_I1nM8"Wew@'xJu_m%*U7pkh&=B "- [Source: SSL_103.155.29.18]
"2000
X|wIXCcNYw4g1^o&QD5Ydi8=%=j;I+<LdscIV<2FnT6>+8"g=d6Twl
8Ep_`%
fz$9=xoL/?
_pa7eE6tg7?:6GT95Av<xj9kS@x#\k@e7RkZilM%_#4r}nY5BZ[+rwgE|qOz(FIMzRz{|] 0_OY7}n?gFD@O*fOF0~2[?~y1O8Mg
YM>$aE1SP8^CVc$jtN]X\f\8<
u)l_]4$
8dm$BP('7]x';S056'w.!VJs>+v"{Vv^$3>_l)\o1ou
LwjM%
j:2L/ogR#j o'UY++nh)o10n0I+a{LZn$+wKkqJ5
lV[A;z]04qX:tpr)cJyU,
={D<vlRy
Q=EWqU3CFuNN{arNF&c7I2ZA;o]>*7=3x])x_A1,&[)kS8jfzhvq=$ZqHG5OwacpsSlHo\
c\]k3'@d?JO{!Y
.y4CAfh#wV7quE5y(-Y2S.a< sf{N7kpdB4dx]*nR+y=71}iO{V;z%J
`DTn5^)Bp/{+Si)Esl_#!;^#*ud^jF;_W=QYE"q?~Y\HJKxeQ}K#p~4%c91tTiTGKWvyQ/y/e@Z6O~OUF?^~o*//e)D[%~??$C0|
^QnF}+oDI_m\|D^f?Qu0.=W\?<g%[_}[O[`[z4?fs; G,?#yCn1$ ?_V o>,0Q;_QpQRdI/owR.X"?ySN6&p
]4|imL'0_eSAOx8fMM=o4:}v'
jd_H7.y[%2Wt_~E"?r}FT/l2ift/xwSNC\M}T9ehra"bpq%YC`)dDbxJ8To8a9lJ8o?sc~-bpw(?/}*o^khG&sod2<LW-@ors0zAoC/O]a#rf{MoGRf}doo#R2)t>z1FwML~sJ4t~k[[[n]b?U6R2ZxINnd=_j'(;*s\XYNb)[c|uIOnP1W^<n)
m<Ww$v*=wG2Ijx^Ko'5OEH&2o^AqlGH;o5'AVxl2@Gv,S<\LTb#[^#>tDnxlv8pcx@y
t[9&nX*}73BTGy?su5/r3Qx]ntM$F5Dbo|jjaps*%^G?RPkgj"TNDX1Z#wAzk1K"*C9\T0<ApFE^SGp+,tn.
9_wY3"3K#D1^MC`.0Wv
DN-~j3^JP|,:8Fz1hU\u:HplSFPL%Fl^l|:>8'AVx#(KLi[!%4`&Oyh.?)-SM7ga7k0T/3F.@Ns|"P>c>z.A[+1CJ'E
.*f&QV57t.y*|#5L)'w~+sJNIme \#P2oC];r$pkYU'1.Z[jQQ
rYH7#WvN2h,g'I8Q/{ZT&C_ w%y)zl[1Y9zd{
$GZoM1yGZi/B.5f2tyj5_mv|J1sFr
/Su&Fgy!xKlCCZ;V`VC{lL;"AVKG!NYq%s}2
GM5Qr[|>"=KRc[[sS%#.g:&aM|e|*%#8x.<?H?7`NzyxN~hk4hTA/C"o/81%ju'Y
5<
:'|a<9{4zkPY
A&
b?!j1YuBuKr%.K\zr7a??_$:}>F"#dZd0{Jc3Cl6}BYv1XJ>&h_1l=tY$
g;^O>YZ8sPLLRN;m;TG1V!T^AF5Kz&TNOq8w>|i;2{Oc!,+'?R`"e<_.q[Op#f8"1jO9l|rIfQ;|fC5W<R9PCq)?.Y;FD49T)ezxOWCqqtg2}R0,~!^EnJ`u3KJ$fpfa\:K-x*bM>x#L32TI=>}WD?^scuFPLoVL[p~dIaV:#I5r:%cR<,G)\)ow`v
E$u*p0{KkU,?5vhN)|`Tm.(b\V|ftTY6aw#=];vr`fceBDVm<[3J$;A&(P[1)
!qu=([w0Mn|nH},#cl']VS$,[_)`X==U)=CdY~2B:v( %0B2YWGHvPFd:IFit);cfBKerwk5m
I0J/Wb85![8_8<"L :BZNJRr+GV\#C~+H+{A~oXyi)-tM}V$jwPDx_>AyUN}5e`F[![f~yFU/#c$Qgu+CKtE3(OeprQf^
Yl~ofg0MHwWNF|~59F*fMfgF_BFR5RD;r0u^h.ystQ|?U`]|{QH%OLz,)#I$"Xws3q`b#gA7*$KGGG"l]9P$uf'+*O\xSvp.+obvH,.xE8w<lmc}l^2YV6v>b*Zx+;q_<q@_sD2br*rU2yy'5=R>pQgUS[en8iO)7?u%/K5<-+e$9/mRb'!CoMC:Y[Y LKVBQ`MD+SB[5amO~vZQ0$.3ueu4P'gtN[gN|JUouM:U=}!zC(\0xwVi)/bKS&ap5o<MhmYLG'p3US)VmGxJ9w~uCvM9}
z-G0ei<"7K_IbB6l\5p,@Uv9M{n3r/xkkqV+BC{)HautI)YIFd6^2Ne
Gg[&ToHx&~YYt?_@cSfOMB=w|Wn0fI'-pmo<6;U[-!T{r8dGdS=M<XPeoZ'?\TMOA@xO4|SkpF/9}qsLj85,n*;eWimWO5
a5 <y7r#SV%+I4e+3b\U:9f*JoxyGQK`3[N
t6?e'FnKU;Ms'XWs+vt>t6=Y6 V$4HjP}t
D+L/p,AA#F2'%
L"U?6]\2^Ds)8 ^y~]B&%4};CgxQ-#
\k4!Vt0pl?!LEZ=Onm!A2)}ojmv/3,q%\M|v6\P.e^?HFY\.YhU)4vj1G\M?rAj/V8t
e;r[O![!n&
8=F}TAF8`l^J)yrpoL'Pv"Z%r^2=)lR|3|#}1jNoh1Pusdm@8#ZE=Ft\w~^D5">.:k}Sw!a_*1ZMGmjo7^l|$1?GG$R~5,QL6V_|%mPD:5V
"9iH.IW]NkNFX_:
w.(_qo$(30gyPd,y7z[M=\c#Y)]u
]w.S7sQSGU4V+1f~0)GP&>a.Dvj]zt&BgNF{Ye8))6AIpw6vq
w&:-\-]y}c5&?FNbl:2EZ.B-@.#N|3
/]GbTh
Mz)1E
LH!}1
p
8mv}?\&h{0T!KX
g?~
H|0.a}nl$o]z"\FI[5dQ,*SaMjG9b#$g'?w];8Fl}:yQ[8)=dxd qd+\LKnO6eyUaMhQ,;[k?)~0i-Gr7yx`2oH$*,oS(ka?`(J|5I{*qdI`2.(H>$>+]7Juc&B#s1v<j-5K}IxOuQYd`O>:oQ*R5R"- [Source: SSL_103.155.29.18]
"mZ0^"- [Source: SSL_103.155.29.18]
"2000
&'{](bxS>SLm/nc%b;{\f[F^G+xcP+lIsX
=)ZBkJ'+5
e739`F*&4nbSf*gC3H7;FO!8?$jN;2{=Yq1a<:fG*
Bv;=p-:Ui!8F;jJHadbF9
.BRH=L<6/]WH[]@)9^kQ
}7_e
1#+Q\$,y
5fOu(V%Y [sC<WJ2gA
TD0`<HbRdp41Up6o#g-87b}\-Z*'>'=Z!G7A;rw'|zjZ&3lhBi?2jB7}/~W#3KI-M*`dsbK-%OR8T0>u=ak:f6-7']5wh28~0lNL|?~x+X3Li123v7D*O2>E3D$NFnJ5fL(,)3'h:s+fGn-goq"T)U}x!M+bi;1G>H*H;!BN.5}:Fm
yFg.
5-h +VUH-N?|JbvGC.{
!"i(8=]U>j;-f]CO%qgenrCl'(RY:,oE5;skw0$~G|969
Zum2}BAI[>)~0YH-g5AC[!V~sI&}d$;,sm) roG*cQzciK7_1}b96zjUt~VrL3{-OB1&e6jKKf:JuFI`*2gIv}f I&T2c.!(Ftor9'?_oJ2TNuq70ul<5q(+A#X2!dCl!y??1$_9UNDg0;yC-Bg51M>=JcW)#=t(d=*^LPNbYAkoCHB_|}##-H;,Xk~eo_IkOW&*|{1.!1OM\@cl#Z(U$dO&h;CP=_4z6E\g
ubC(;K~=>:~fAd0n"Csw(Z@9tRs oOwb=
X4v>^qQ1Yo!X'.1-mjHO%jwOHhTAE0G&A~C:V-o6nl<\t+/R:,Y\H
c27>V)OE'
Ff=aCV7
!Gp:h4*va>$;n?%dD[P]s&pDJgnUpSWH.[hck{bl}F80!_.V.H(bA0~G}|Gt}qSBj^_f=F\ b<~K1UHJSJ:fCGH{L)<by%rSEYk!Vkk}GBQ\vV z0''!7bCgj`6QxE-4+|:ruA#r[*Op*r7|M?Ux
'PTh.-"VIMK,s,U&LojM?'7&/aH{aJ%}J` g
'i6~,w0>9wN:rN56T1Ao6aP~h!?<ck8Z-cnw$1/X~z?^gd$^]%+sw\Mn8[e+S`LGA-S(8mzPO"UW}fw
1bK*78*Ff_SVO|z&249hoe" $mlILaJ^K|?R
k#n
;\f<8`WT#D`VH7HYXym@)!'"cw%_?0~SL)*2|<xx BLJsQMI7tS;GORF95J.Eu
74f3"]w
-bi`9^'Bvq74*L}VGmH/D+{wu;'gY#M=]o,X
WBi}3dpK'o}uU!6`LNU+c
_)tS} !21->1H]vD"`$ a]_9yoxMq;"Ezi?!,31G'gr}%E>wK?VM zN2fvs~
z'@IRm!Do7ww2q~C77TkA]7E%M**TLE|3M4hEaI6>lFB.BTeFARVwo1e.0gg'CFwe:=a"w>UTd9z;K~cJU&TNE7Fxkb+!6!"&}X5`C
r&7h+zqh(:8v.1Xf5+5d?_40K9|Z-,S6m elDc_L-8E"7[Zl.k>m)!vB"yl}4/2LT4v"
|/Fw|
m!ne14$lh[>;OLVU|UpzgW=d[i2+6z75'7",A
##%eNZ\*+6=)$hpFJF^8-WUNq_v**NfE:EB]0O@I({!7 \;Xnb^rJE`tiW-b>pxfm<@M&&T|R$eD},-{#4!jTxsh*7WoC3chWJ<
2D69skH("w7yBbLxv's+FO? Hi/_zr>'2s2o^SbWf%rp?;9gG)X,Go};jJv^b-xZ/]8Y8N9Ljlcr<w>*6_`qBa5HN_kPH~b
BSRo2>;<YYUW\tA
A_Z<SZ:7^?*Fa=-io%HqL7-yCyb`.DkKBTgMC>BQcorvKAbY_As8RFH>o.VQ[V,GD
/5i<H.WRtp3nTm&I#`O!\7jQaP PoQ/ztJeU{]|Hd5 47#SeLLGZN4{Ge$Am`MDFKOlA/.u ;BicUS
c/wcIRvHer
%PTodZfY7\%HToV6n>8|tyk/.IOaO
(Dx9t<H=Zq03\dSvd-.x\sn^X=pu[MUdEw+yGID}8FtEWCHD)\d}Y4K1Qw8=xX_WG].OHR1yDO+c
3"pok;{JJb]Y|VDaAh*A;E{|@WxSV[~1 te
m[M%2l'.C.ynhMxta?-}~>cV*FeS-x-Gf8Z
X0gDHq*Mw'Z8sFe8U]jx\+.ZD
M4m\{v3-ci&G+-%a5sAo/Kw+tm`c~r7@CiN1LqPn=m<u9zUbh bENUp?/NQ{oj['r$*0n|g<g2+Cd~YH}P]$9$hWR!?U14ZCc !fwY>Wn`\oD-a8o
j#<$2vfOgq+a$|ILO.%z
c~9~V4T8'YD'53!{j}>}?nIrP12~UM[&>'awPr"yN7KVm~#L'1sz'lS+}~y%L3%E8ze
/}Wy8H3ao9*>90g3.spqdj<fmgp4'/x8^H??({Cn+=
yz)G)>;/\MI;jN%Y%Qn8Tovv1D|G.d8=#l
_^ V?GjMIv[NwBD5"~0IB<2gmlh|S<}xE&zVz(GHod`ELI;{%;O_l2!*}::xFWS
D*7U Yo`=yX*M/HK
vizj7Tk|nQj]?e,
ffp/ IN}~d^<}u?R
Buf7`QOw%$IlGE9 Ayvw>pVG
9TD
[[y
wz@*a+Im\I\m~vx_msLvxNv
P bc{Sc
y5zz !{R`_$Y[b{&$*pvKe
v=bt{YW+C&9B{R_#%@s,<rFv>+LBem/Uf5^}GqAUl{/i6'fK~y#^-;TQ}ox$Q[3O4(8V4vW]gJ|pM
f =;b~V~AmR
FdYfD<h\yulgUrDx,3nS7"D}Bs]Z]
ai@ig9!D
sPAY3Po5pn/Se4ii*L/C"&xIz=#x4&Zyv2dnDk<,P:=I!)s\<Q@="f%$w_sIS2p@Y_+17$pQ(C(CbsCB2V~p`]":I{;hd,qUSwH"!;}>8;"o!+<}w&$y'aj49oe^~>M.
:Th<u|j9WhD#XDD=*e2Nln)hDp^&E
v|#yE=3i+mDCU:k|'J:9DnfJ1OeCFM0:5(y"m%Wk)47<Tq)8f6.Z5%Lr|lN9\j/
5vZ8OE6=C)3j2'0cwbuzxj^?GKl[n:wMEYHLCH'\6G1;#6+<iq0
=n@&kTL':YjE?io$AcI78bj>F'Vuw-PMfk-e{bY#l}j3?n5'%|z&gxG"M[;!kK]i@%QEm
v|*db6oLYUBjVMcmsA epH_wdTYaHF3BZ-XvqbEAliG@]#,A}!H&)IC[Cj62Atu[I0n'i*o#eb~|Kc_Y<o9TM"- [Source: SSL_103.155.29.18] - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1573 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://simdakan.kuningankab.go.id/Shop/Checkout"- [Source: Input]
Pattern match: "https://simdakan.kuningankab.go.id"- [Source: Input]
Heuristic match: "simdakan.kuningankab.go.id"- [Source: PCAP]
Pattern match: "git.io/normalize"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/2000/svg"- [Source: SSL_103.155.29.18]
Pattern match: "ShopServices.asmx/AddProductToShoppingCart"- [Source: SSL_103.155.29.18]
Pattern match: "https://github.com/styled-components/styled-components/blob/master/packages/styled-components/src/utils/errors.md#"- [Source: SSL_103.155.29.18]
Heuristic match: "})
}
var ke, Se = !1,
Ae = function (e) {
return xe(be(e))
},
Oe = function () {
function e(t, n, r) {
v(this, e), this.rules = t, this.isStatic = !Se "- [Source: SSL_103.155.29.18]
Pattern match: "https://api.autoaddress.ie/2.0,key:,endPoint:{autoComplete:/autocomplete,findAddress:/findaddress},limit:-1},minInputLengthSearch:3,minAddressLines:2,debounceDelay:200,xhr:,controlWrapperCls:autoaddress__control,addressLinesWrapperCls:autoaddre"- [Source: SSL_103.155.29.18]
Pattern match: "http://a/c%20d?e=1"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.mozilla.org/newlayout/xml/parsererror.xml&&a.documentElement.tagName===parsererror"- [Source: SSL_103.155.29.18]
Pattern match: "https://www.facebook.com/sharer/sharer.php,twitterShareUrl:https://twitter.com/intent/tweet,linkedInUrl:http://www.linkedin.com/shareArticle,pageUrl:window.location.href,articleTitle:document.querySelector(meta[name~='twitter:title'])?document.query"- [Source: SSL_103.155.29.18]
Pattern match: "http://apdev.strata3test.com/anpost/moneyservices.asmx:/anpost/moneyservices.asmx;var"- [Source: SSL_103.155.29.18]
Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant="- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/1999/xlink"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/XML/1998/namespace"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/1999/xhtml"- [Source: SSL_103.155.29.18]
Pattern match: "https://anpostboticonstorage.blob.core.windows.net/images/user_avatar.png,botAvatarBackgroundColor:White,botAvatarImage:https://anpostboticonstorage.blob.core.windows.net/images/oscar_avatar.png,userAvatarBackgroundColor:#000000,backgroundColor:#ff"- [Source: SSL_103.155.29.18]
Pattern match: "https://fb.me/react-polyfills"- [Source: SSL_103.155.29.18]
Pattern match: "http://fb.me/use-check-prop-types"- [Source: SSL_103.155.29.18]
Pattern match: "w3.org/2000/svg"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/2000/svg'%3e%3cg"- [Source: SSL_103.155.29.18]
Pattern match: "http://tracker.strata3.com/tracker/files/anpost-com/images/placeholders/stamp7.jpg"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.carepanpostmobile.ie"- [Source: SSL_103.155.29.18]
Pattern match: "https://dbushell.com/"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w"- [Source: SSL_103.155.29.18]
Pattern match: "3.org/2000/svg"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/2000/svg'%3E%3Cg"- [Source: SSL_103.155.29.18]
Pattern match: "http://www.w3.org/2000/svg'%3E%3Cpath"- [Source: SSL_103.155.29.18]
Heuristic match: "bn:hover,.m77__calc .PollWrapper .PollControl .bn--primary.PollVoteButton:hover,.m77__calc .PollWrapper .PollControl .m10__container--inverted .m10__box .m10__box__cta .PollVoteButton:hover,.m77__calc .PollWrapper .PollControl .m78__bn--disabled .m41__sele"- [Source: SSL_103.155.29.18]
Heuristic match: "ul .m06__card__cta.m36__header,.m16 ul ul .m06__card__cta.m45__title,.m16 ul ul .m06__card__cta.m97__heading,.m16 ul ul .m100__slider__item--text .m04--b h3.m04__card__cta,.m16 ul ul .m100__slider__item--text h3.m05__card__cta,.m16 ul ul .m100__slider__ite"- [Source: SSL_103.155.29.18]
Pattern match: "https://simdakan.kuningankab.go.id/cookies-we-use"- [Source: SSL_142.251.32.42]
Pattern match: "https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"- [Source: SSL_104.16.148.64] - source
- File/Memory
- relevance
- 10/10
-
Found decrypted SSL traffic
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"GET /uwt.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://simdakan.kuningankab.go.id/Shop/Checkout
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.ads-twitter.com
DNT: 1
Connection: Keep-Alive" (Indicator: "twitter")
"GET /i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o4e2n&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.anpost.com%2FShop%2FCheckout%3Flang%3Dga-ie HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://simdakan.kuningankab.go.id/Shop/Checkout
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: analytics.twitter.com
DNT: 1
Connection: Keep-Alive" (Indicator: "twitter")
"HTTP/1.1 200 OK
date: Wed, 15 Jun 2022 10:33:40 GMT
server: tsa_a
set-cookie: personalization_id="v1_J3jGlOsm2QWNUI29clBFFw=="; Max-Age=63072000; Expires=Fri, 14 Jun 2024 10:33:40 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: text/html;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 0
x-xss-protection: 0
strict-transport-security: max-age=631138519
access-control-allow-credentials: true
x-response-time: 6
x-connection-hash: 203a05e518e84fb7aaa2953635d703cca391b95004f86f82fd2fead0d47644fa" (Indicator: "twitter") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
Unusual Characteristics
-
Drops cabinet archive files
- details
-
"Cab1B2B.tmp" has type "Microsoft Cabinet archive data 61476 bytes 1 file"
"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file" - source
- Binary File
- relevance
- 10/10
-
Drops cabinet archive files
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 4 processes in total.
-
rundll32.exe
"%WINDIR%\System32\ieframe.dll",OpenURL C:\9e1ef5ec576995b5be867f3726871b88dc9f57424d87ee95e650cf1fca005666.url
(PID: 2768)
-
iexplore.exe
https://simdakan.kuningankab.go.id/Shop/Checkout
(PID: 3164)
- iexplore.exe SCODEF:3164 CREDAT:275457 /prefetch:2 (PID: 3528)
- iexplore.exe SCODEF:3164 CREDAT:209960 /prefetch:2 (PID: 296)
-
iexplore.exe
https://simdakan.kuningankab.go.id/Shop/Checkout
(PID: 3164)
Network Analysis
DNS Requests
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
103.155.29.18 |
443
TCP |
iexplore.exe PID: 3528 iexplore.exe PID: 296 |
India |
142.251.32.42 |
443
TCP |
iexplore.exe PID: 3528 iexplore.exe PID: 296 |
United States |
23.33.85.216 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
172.217.6.46 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
173.222.169.165 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
142.251.46.200 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
146.75.92.157 |
443
TCP |
iexplore.exe PID: 3528 |
Sweden |
157.240.18.19 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
104.16.148.64 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
104.244.42.67 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
142.251.46.170 |
443
TCP |
iexplore.exe PID: 3528 |
United States |
142.251.46.227 |
80
TCP |
iexplore.exe PID: 3528 iexplore.exe PID: 296 |
United States |
142.251.46.227 |
443
TCP |
iexplore.exe PID: 3528 iexplore.exe PID: 296 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3... | GET /gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | GET /gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEHxMIovC4uGoEl9OwTOkmXY%3D | GET /gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEHxMIovC4uGoEl9OwTOkmXY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDi15VM0BYOewq4TUp6IjEK | GET /gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDi15VM0BYOewq4TUp6IjEK HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCfJG5G2EVbixAWg9fnjmF4 | GET /gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCfJG5G2EVbixAWg9fnjmF4 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCfJG5G2EVbixAWg9fnjmF4 | GET /gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCfJG5G2EVbixAWg9fnjmF4 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
142.251.46.227:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDHX3iCvc0o2BIcmpte%2Byj7 | GET /gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDHX3iCvc0o2BIcmpte%2Byj7 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
Extracted Strings
Extracted Files
Displaying 52 extracted file(s). The remaining 60 file(s) are available in the full version and XML/JSON reports.
-
Clean 3
-
-
Tar1B2C.tmp
- Size
- 158KiB (161786 bytes)
- Type
- doc office
- Description
- data
- AV Scan Result
- 0/56
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 2d8a5090656de9fb55dd0f3ba20f9299
- SHA1
- a08bb2fc731f6a72b095c266c44ea66f2c4aca72
- SHA256
- 44ae1e61a4e6305c15aaa52fd1b29ddb060e69233703cba611f5e781d766442e
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/55
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
poweredBy_ot_logo_1_.svg
- Size
- 2.9KiB (2998 bytes)
- Type
- image svg
- Description
- SVG Scalable Vector Graphics image
- AV Scan Result
- 0/58
- MD5
- 2e9b9ac8be368c1efcc51965c74be43b
- SHA1
- dde87f63ecbaeb97c5708ced6ffd0e7de5a806c0
- SHA256
- 49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
-
-
Informative Selection 2
-
-
favicon_3_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
favicon_2_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
-
Informative 47
-
-
347JUWUO.txt
- Size
- 837B (837 bytes)
- Type
- text
- Description
- ASCII text, with very long lines
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 87bc5c2f4afb62c0ce02faf688767de2
- SHA1
- c6eaef65bb2a48c0f4de683778fcec77151a3338
- SHA256
- c53189b863dd7ec20e0badc58e4b4c9a2ae715469f261cbc22c88feb05f9db97
-
3FVP1OUW.txt
- Size
- 109B (109 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 529add0f8213e330df3b21809d383798
- SHA1
- 51adfd2833df2d42e8f5a51eb38954b29ec401a9
- SHA256
- d76ca0aa3d74a60b8f6fe23a18ee85be704bfa334717e31a1e37065dbf32c355
-
4Z8Q61D8.txt
- Size
- 299B (299 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- fb541271588b4750b729bcb5cccfdd93
- SHA1
- cdef4c32a205f2f5789e33ac38a0068aa4b3b403
- SHA256
- 0ad7e180b73c7ae85c60f48b59dc6c3be939bdeb0fc150c9a7389cede36ae7f1
-
GSNASOVR.txt
- Size
- 837B (837 bytes)
- Type
- text
- Description
- ASCII text, with very long lines
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 981174022f4dea4b14e572cff3852e95
- SHA1
- 0884245d118b015b4a228c721f2dee505e8dd42e
- SHA256
- 56baa568b9d697587608001de80259a52b46fd8d3bc291876ab38569f24292f2
-
JQ9D9E27.txt
- Size
- 837B (837 bytes)
- Type
- text
- Description
- ASCII text, with very long lines
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 426a8f6e495651af4ca43342231d4040
- SHA1
- a20954523317f3881359492f1465edc75b8a45c5
- SHA256
- d0db516743fbe391809da5de1696ae5a5e1538d11455804f8bec0e04c442891a
-
KSRU7853.txt
- Size
- 118B (118 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- b13aa48bccce52a0bce0b6e0aae809bc
- SHA1
- d39455a6c8e0634c8940f4560a56fc460cfe2809
- SHA256
- 00c2c7882957ac2a3010b7cdf7b82b0fd2e2c6a83ad3242e10d5d9159725700d
-
RJZ5DXVI.txt
- Size
- 115B (115 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 8f8eb93760b9f998f2a7dbad05dc0aa2
- SHA1
- 365640d9e8eef6091935a9edb542e8e3d8ba5eb9
- SHA256
- 9d9211e2a35d6ba6283ce6d60cbe3233dfb658d5dbd054f7d7ed5273bafd33c4
-
TBURMOS5.txt
- Size
- 602B (602 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 2ab193b513c0f0d521576bb5bbe38861
- SHA1
- b3479ab8678a4ddca3f4195b7f4a6cf1a593c1ce
- SHA256
- 3abeaf9c7fe30e8e4146b0da90382a220bee16ab9fed06890f9e07e7e594ab69
-
TDWPWZXJ.txt
- Size
- 416B (416 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- b724d8a7b790d10f9a20f1e4115d19f5
- SHA1
- c1ccc3701e7434180b940ccb3b60e99ba9b557cb
- SHA256
- a3aec7be2b3bc8e525046587274529fee8cbe24a4d06c438b01d747737871dbb
-
TLB7DS6A.txt
- Size
- 1023B (1023 bytes)
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 65f623b8a166f2f09fec97f947eb752d
- SHA1
- e953525e0f7ba60e5edfdc3cdf0e9e1352e558c8
- SHA256
- b49256220d2d8f4c3d68f1a42c70244d9063e8907a9433c250f75ced4b230554
-
TPP0S22Z.txt
- Size
- 299B (299 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- fb541271588b4750b729bcb5cccfdd93
- SHA1
- cdef4c32a205f2f5789e33ac38a0068aa4b3b403
- SHA256
- 0ad7e180b73c7ae85c60f48b59dc6c3be939bdeb0fc150c9a7389cede36ae7f1
-
UL5M8YXF.txt
- Size
- 115B (115 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 8f8eb93760b9f998f2a7dbad05dc0aa2
- SHA1
- 365640d9e8eef6091935a9edb542e8e3d8ba5eb9
- SHA256
- 9d9211e2a35d6ba6283ce6d60cbe3233dfb658d5dbd054f7d7ed5273bafd33c4
-
V4BWBRX0.txt
- Size
- 533B (533 bytes)
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 6f00fd5e6688bf81ddf79cfcc2a9959c
- SHA1
- 1e2fd8b4b5d026a075174f8e0888cb8f310b7346
- SHA256
- 683ac42fee7bc4421ec04af4014abacafabed284a95b41763c45ebb49d6bc630
-
en-US.4
- Size
- 18KiB (18176 bytes)
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
- Size
- 396B (396 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- e997c1c779a8ee5612fa708125f93b52
- SHA1
- 0bfcbcbc97f448b4b85d06d6fa7fb3adce033fa5
- SHA256
- 360d2a609bac8174da87d4d9605e00345b341276e274440ad34e475e9e296755
-
6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
- Size
- 404B (404 bytes)
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 57bdff475ada98fae55e342f7b7902f0
- SHA1
- a3d6365b32e52b740c179d4a92c210de73042c2f
- SHA256
- b804cdf1bc80600b50e3e13381076a5b38b535bbc481d7e19973b6d66772953d
-
A16C6C16D94F76E0808C087DFC657D99_8CF9955824A04378055A17930885F9F4
- Size
- 472B (472 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 482ad2cac98e2cdb385e190878152de1
- SHA1
- 55ac53ca89a8ec7c20459517f24aa9368a612d22
- SHA256
- 15a9e51db6e17f5ff325e91f55a8974c276d543b3e8e3d3f67ab538a6e00ed72
-
B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
- Size
- 471B (471 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 23190b6ae1704fb61c2509bdbdee025d
- SHA1
- 909f0515dd3debcb0c20945d0e953f23006847aa
- SHA256
- 35ae860b7df7acd1ebcd845c616b5fbb4ba9826514fc375cf2cbfd40ae9d658b
-
CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
- Size
- 724B (724 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 5a11c6099b9e5808dfb08c5c9570c92f
- SHA1
- e5dc219641146d1839557973f348037fa589fd18
- SHA256
- 91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172
-
F07644E38ED7C9F37D11EEC6D4335E02_5E63287C0F36C177157F9D1566FD6BB8
- Size
- 471B (471 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 964ef52853b85755d31d3a508979c56e
- SHA1
- 82ca8c473e2ddb802fa98b1f99eb9e51c791499f
- SHA256
- 3326bf5302ef2f2fc85374719c3074c4d1028c000d80a75bfef9fad8319b51b9
-
24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
- Size
- 410B (410 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- b68ef4e381343e005996f0d7658a2c4e
- SHA1
- 66afe86622396f32f25ebff0c3a1a94d0ffaf340
- SHA256
- 6532cc783660298fdd8004f898120db7b69d79d06f72c2b3edbab8a5eee2075d
-
35DDEDF268117918D1D277A171D8DF7B_15435EFA5EA0B92ADBF927E2CD4E154B
- Size
- 471B (471 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 088dac2ee241150da2f5a7d6ab3a6f80
- SHA1
- b72c5b802d752dbf7e55292f9ba5c08c4aacf8e1
- SHA256
- 663709605a94f51f2623a6ebe486d51e19d76f48c14335f2e329961335e3ecbb
-
57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- Size
- 340B (340 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 862aea46b3f9925e5566231d5f322013
- SHA1
- 0f05862d5ec31c3a9c577b85777b8eff696d6657
- SHA256
- eb22b5ee0d69736a4344bbb2cf09fa1176c257ca0cbf527aa59afd4c8801b067
-
69B5E9A1CA834DA32C0A425757544385_1C81A6E32FB64BC2C6F2E324E4CB26DE
- Size
- 471B (471 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 129db75b57ecd68169939ae9547e252e
- SHA1
- ccd175d7d7b8e32356a19b8d8799d523bc8dd91d
- SHA256
- 911a6caff25ff5fa789493d69d0ed734591f75a9432c0fbc2b5a88166840e956
-
6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
- Size
- 1.5KiB (1507 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- def524bf45e92bffbc4caa28830e326e
- SHA1
- e5c6bab28da566ce773c7f0ede8d0947762b2c0b
- SHA256
- 811f8ec14b66e6065d68990b2887ca898b2e180c001653331fed0dab1c245b32
-
7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
- Size
- 404B (404 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- b3847c087a1deeeb578aa84f65ed0784
- SHA1
- f2fa461edbe92766985770f3282c4787548e2d41
- SHA256
- 10e5217e49ee621c3b153e7cd8cf5a389b7ed2d962fec89290d854e4cbe1ebf4
-
7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
- Size
- 434B (434 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 76f46a3f4ba3fcd4bec6ea34acd6af52
- SHA1
- 87b25e2968690fe4214aff728b942b354fb3ecb9
- SHA256
- ed0c271e193fc0e8ea951fe9fd52eabf669c42af87a2e8ed1f264961ac5c8ae8
-
77EC63BDA74BD0D0E0426DC8F8008506
- Size
- 60KiB (61476 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 308336e7f515478969b24c13ded11ede
- SHA1
- 8fb0cf42b77dbbef224a1e5fc38abc2486320775
- SHA256
- 889b832323726a9f10ad03f85562048fdcfe20c9ff6f9d37412cf477b4e92ff9
-
80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
- Size
- 442B (442 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 090c64dac1aa9280f7a5d50bb4cf43ad
- SHA1
- b42077d86e7e401ceb000d96f5fdd5929ce0175f
- SHA256
- c33048655baeaec0482a589c2621f58b6f90382cdd1a2ab6362a66d50d1ab30c
-
B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
- Size
- 430B (430 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- f06caba5efd7d9223dd2c2ee28b8167b
- SHA1
- 79017b69c2cc5dbd9d278dce7d024d0e7b103c08
- SHA256
- a37146e360e05d967283103c3851243bd664a4dd687788cef08464c23147093b
-
E573CDF4C6D731D56A665145182FD759_74EE87A62D1D132DC78B134CD21FDAC5
- Size
- 471B (471 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- be440b4ad89fee41ed5ef924314189b0
- SHA1
- d998821c8a158d5945f8776d56ed756f74ac207f
- SHA256
- 9f806226b2b0c9c252340cb534f549bc51f71538323f836e6fa16fdb07edd92b
-
E87CE99F124623F95572A696C80EFCAF_6E04BD1DD1C5CE96B614515A0C0ED7B8
- Size
- 472B (472 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- cf9708fb749fbf96a7d44f9622830469
- SHA1
- 1350387be5c0e9b34656574b0700a324ec7d328c
- SHA256
- a6192a2f76cda2d7dcb2c8b4b7e76538293bc3b983639866ee5696844f662ca4
-
E87CE99F124623F95572A696C80EFCAF_6FEE09A448F7A589A2A28A243CDEB0A9
- Size
- 402B (402 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 61f7277659d5f0af34f73a421106c7ad
- SHA1
- e3ae2249f32ee0275d8b35f5714b25fde1c38350
- SHA256
- ab43bca2162f99838b77e9f7e50b258e03f38ddc8e0a6ce34979609c9bea95f1
-
EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- Size
- 426B (426 bytes)
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- cb85aff2782c0cd1d991d14429699cdf
- SHA1
- fdcfab1e8af3c1cda480aa82a2a511df966273b5
- SHA256
- 31c6701854335b7f764557355fec5c4a5dcde789b64f1e1ea59a7008dd89c567
-
Cab1B2B.tmp
- Size
- 60KiB (61476 bytes)
- Type
- data
- Description
- Microsoft Cabinet archive data, 61476 bytes, 1 file
- Runtime Process
- iexplore.exe (PID: 3528)
- MD5
- 308336e7f515478969b24c13ded11ede
- SHA1
- 8fb0cf42b77dbbef224a1e5fc38abc2486320775
- SHA256
- 889b832323726a9f10ad03f85562048fdcfe20c9ff6f9d37412cf477b4e92ff9
-
~DF11577AB378AEBA9E.TMP
- Size
- 16KiB (16384 bytes)
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 09684faf6114cbd99d2db54bac562984
- SHA1
- f8a2503f588c8ba78916250d6a95c928e532d7b3
- SHA256
- d06682b9679593da6d1f48c8eddf428066c8bc9aad17dfae2e0f56ee022c0470
-
~DF13BE15E2B6C967E5.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- e7db8cf93bb500132c138c0da5940a2a
- SHA1
- ac1baab4b592c988797da1a51db1e4ee02b3d301
- SHA256
- 133c0e6a2d7d044339a85a85d3d77ac8e5e6e7b8a900e4a47fe8e584a8cd027b
-
~DF673E17A51BE7ADF4.TMP
- Size
- 20KiB (20480 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- beebb1790b0286fe7fa5a125259fb4a5
- SHA1
- a1c201fde0e55ff97f6d9d0eed79fe865b3d4467
- SHA256
- 30c191675fc49e2cd7e788322a17be2b8e30b1119e14c6dbcceaa51a0bcf1d19
-
~DFA4C3A7927C371660.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 0eb7a852a098e9d63a7e422a97e29839
- SHA1
- f8d7cf9848b552bf5bdca0608f3824d3712d80ab
- SHA256
- d1f78b6f7fa49bd14d5571c4a37d8338a5a8105db790334d7d90644534ec589e
-
~DFD49CC7613EDF6A7B.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3164)
- MD5
- 98c99dc599dc28206ad54204cd1a4bdb
- SHA1
- 4b9493a3339bdf9f5fbed518f7673c5e0b2269bd
- SHA256
- 081163a6f9680053cdc2e7a21920e59458579c5c0dd4ac5a3d1975a69f61d516
-
pxiByp8kv8JHgFVrLCz7Z1xlEw_1_.woff
- Size
- 10KiB (10436 bytes)
- Type
- unknown
- Description
- Web Open Font Format, TrueType, length 10436, version 1.1
- MD5
- 2ed184f355297674786cee87899e03b7
- SHA1
- 3075477be6206edb5bc400810c9a7612b9030a2e
- SHA256
- da36c91659b4490934d163c4013483e688996ee3cf8249499f945911df94c730
-
form_1_.js
- Size
- 22KiB (22823 bytes)
- Type
- script javascript
- Description
- ASCII text
- MD5
- 7c034dbd7256a677d7eddaae485945bd
- SHA1
- 9b6b10532621c3dd46d05528cbd334b1464d90a5
- SHA256
- b2693668fe931c0b35958910b65e0ffc6538ef7913613b22486216252d3d8dad
-
simdakan.kuningankab.go_1_.xml
- Size
- 17B (17 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 3ff4d575d1d04c3b54f67a6310f2fc95
- SHA1
- 1308937c1a46e6c331d5456bcd4b2182dc444040
- SHA256
- 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
-
otPcCenter_1_.json
- Size
- 62KiB (63091 bytes)
- Type
- text
- Description
- ASCII text, with very long lines
- MD5
- e3e7a670a50b17672a4dcbd9a861ed95
- SHA1
- cdf22f596cd6cdd7cf05aff451ac55f5ba37414c
- SHA256
- 015f5facb5e29c35243f30c95568cd386d0783b71faae2bf75e9227126fc9786
-
search_2_.json
- Size
- 281B (281 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 449f61c84cd2f7342f95403c908c0603
- SHA1
- 08afdc36927b6c4e03c3088e5c9c812cc4215ede
- SHA256
- 19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
-
otBannerSdk_1_.js
- Size
- 319KiB (326341 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- aa2e3ff705d27b77a2480d446a15e46b
- SHA1
- 5a3f0701965fe71ea279c8f0d09218f6c8f91f8a
- SHA256
- 972688e6f6c24d2b23019a796b19f90515ba5f4ff744747c072b79fa44de3432
-
cms_1_.htm
- Size
- 61KiB (62005 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with CRLF line terminators
- MD5
- 2e8969a358534479e95da54e6f8c60e5
- SHA1
- de4e7c6da73fa54309b7e79c025ecbe81d421a84
- SHA256
- 05877f8723783384a0c40202e189204e47b0f3125c4e147ed52fd358a92a1ad7
-
Notifications
-
Runtime
- Although all strings were processed, some are hidden from the report in order to reduce the overall size
- Not all IP/URL string resources were checked online
- Not all created files are visible for iexplore.exe (PID: 3528)
- Not all file accesses are visible for iexplore.exe (PID: 296)
- Not all file accesses are visible for iexplore.exe (PID: 3164)
- Not all file accesses are visible for iexplore.exe (PID: 3528)
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "registry-103" are available in the report
- Not all sources for indicator ID "string-102" are available in the report
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data