Windows Analysis Report
download.exe

Overview

General Information

Sample Name: download.exe
Analysis ID: 830512
MD5: 064fa36da0c2ca360b0906cc5bfe67c6
SHA1: a6623c33cbd86bdaee063f897bea1692621494e5
SHA256: 6974c5051372213d0e90147660c4b21bfff238e20c6449acb19f1901bf4729c8
Infos:

Detection

GuLoader
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Yara detected GuLoader
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://37.139.128.83/2-2 Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2k Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2 Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2Data Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2M Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2W7 Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2R2 Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2e Avira URL Cloud: Label: malware
Source: http://37.139.128.83/l Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2gsLMEM8 Avira URL Cloud: Label: malware
Source: http://37.139.128.83/2$2 Avira URL Cloud: Label: malware
Source: http://37.139.128.83/262hk Avira URL Cloud: Label: malware
Uses 32bit PE files
Source: download.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: download.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_00405745 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 2_2_00405745
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004026FE FindFirstFileA, 2_2_004026FE
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_00406280 FindFirstFileA,FindClose, 2_2_00406280
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:16:46 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:16:56 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:07 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:17 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:27 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:37 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:47 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:57 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:07 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:17 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:28 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:38 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:48 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:58 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:08 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:18 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:28 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:38 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:48 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:58 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:08 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:18 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:29 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:39 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:49 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:59 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:09 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:19 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:29 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:39 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:49 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:59 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:09 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:19 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:29 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:40 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:51 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:01 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:11 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:21 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:31 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:41 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:51 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:24:01 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:24:11 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:24:22 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: unknown TCP traffic detected without corresponding DNS query: 37.139.128.83
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2$2
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2-2
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/262hk
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2Data
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2M
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2R2
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2W7
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2e
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2gsLMEM8
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/2k
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://37.139.128.83/l
Source: lang-1032.dll.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: lang-1032.dll.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: lang-1032.dll.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: lang-1032.dll.2.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: download.exe String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: download.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: lang-1032.dll.2.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: lang-1032.dll.2.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: lang-1032.dll.2.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: download.exe String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: download.exe String found in binary or memory: http://s.symcd.com06
Source: download.exe String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: download.exe String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: download.exe String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: lang-1032.dll.2.dr String found in binary or memory: http://www.avast.com0/
Source: lang-1032.dll.2.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: download.exe String found in binary or memory: https://d.symcb.com/cps0%
Source: download.exe String found in binary or memory: https://d.symcb.com/rpa0
Source: download.exe String found in binary or memory: https://d.symcb.com/rpa0.
Source: lang-1032.dll.2.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004051E2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 2_2_004051E2
Uses 32bit PE files
Source: download.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004031E9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,LdrInitializeThunk,DeleteFileA,CopyFileA,LdrInitializeThunk,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 2_2_004031E9
Creates files inside the system directory
Source: C:\Users\user\Desktop\download.exe File created: C:\Windows\resources\0409 Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_00404A21 2_2_00404A21
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_706B1A98 2_2_706B1A98
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A314A8 2_2_04A314A8
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A320AE 2_2_04A320AE
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32897 2_2_04A32897
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3189B 2_2_04A3189B
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A310F6 2_2_04A310F6
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A324DB 2_2_04A324DB
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32C37 2_2_04A32C37
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3143B 2_2_04A3143B
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31800 2_2_04A31800
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32018 2_2_04A32018
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31C75 2_2_04A31C75
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32441 2_2_04A32441
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32DA2 2_2_04A32DA2
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31D82 2_2_04A31D82
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3198B 2_2_04A3198B
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3318B 2_2_04A3318B
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3218A 2_2_04A3218A
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A321E8 2_2_04A321E8
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A319F6 2_2_04A319F6
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A315D0 2_2_04A315D0
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32D30 2_2_04A32D30
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3153A 2_2_04A3153A
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32909 2_2_04A32909
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31D0C 2_2_04A31D0C
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3191C 2_2_04A3191C
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3211C 2_2_04A3211C
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3296F 2_2_04A3296F
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3116E 2_2_04A3116E
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32552 2_2_04A32552
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31AA9 2_2_04A31AA9
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A316B3 2_2_04A316B3
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A30E92 2_2_04A30E92
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32E97 2_2_04A32E97
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3269B 2_2_04A3269B
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A30E9A 2_2_04A30E9A
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A326FB 2_2_04A326FB
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A312DA 2_2_04A312DA
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32A20 2_2_04A32A20
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3162C 2_2_04A3162C
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3123F 2_2_04A3123F
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32A08 2_2_04A32A08
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32E1D 2_2_04A32E1D
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3261D 2_2_04A3261D
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32260 2_2_04A32260
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31E6F 2_2_04A31E6F
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A30E44 2_2_04A30E44
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31A4D 2_2_04A31A4D
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A323B2 2_2_04A323B2
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3178C 2_2_04A3178C
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32B94 2_2_04A32B94
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31BE1 2_2_04A31BE1
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32FDA 2_2_04A32FDA
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31336 2_2_04A31336
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32F3F 2_2_04A32F3F
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3233C 2_2_04A3233C
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32B01 2_2_04A32B01
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31B0F 2_2_04A31B0F
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31718 2_2_04A31718
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31B71 2_2_04A31B71
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31F75 2_2_04A31F75
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631C75 4_2_00631C75
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632441 4_2_00632441
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632C37 4_2_00632C37
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063143B 4_2_0063143B
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631800 4_2_00631800
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632018 4_2_00632018
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006310F6 4_2_006310F6
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006324DB 4_2_006324DB
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006314A8 4_2_006314A8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006320AE 4_2_006320AE
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632897 4_2_00632897
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063189B 4_2_0063189B
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063296F 4_2_0063296F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063116E 4_2_0063116E
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632552 4_2_00632552
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632D30 4_2_00632D30
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063153A 4_2_0063153A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632909 4_2_00632909
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631D0C 4_2_00631D0C
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063191C 4_2_0063191C
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063211C 4_2_0063211C
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006321E8 4_2_006321E8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006319F6 4_2_006319F6
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006315D0 4_2_006315D0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632DA2 4_2_00632DA2
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631D82 4_2_00631D82
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063198B 4_2_0063198B
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063318B 4_2_0063318B
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063218A 4_2_0063218A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632260 4_2_00632260
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631E6F 4_2_00631E6F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00630E44 4_2_00630E44
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631A4D 4_2_00631A4D
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632A20 4_2_00632A20
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063162C 4_2_0063162C
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063123F 4_2_0063123F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632A08 4_2_00632A08
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632E1D 4_2_00632E1D
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063261D 4_2_0063261D
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006326FB 4_2_006326FB
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006312DA 4_2_006312DA
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631AA9 4_2_00631AA9
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_006316B3 4_2_006316B3
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00630E92 4_2_00630E92
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632E97 4_2_00632E97
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063269B 4_2_0063269B
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00630E9A 4_2_00630E9A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631B71 4_2_00631B71
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631F75 4_2_00631F75
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631336 4_2_00631336
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632F3F 4_2_00632F3F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_0063233C 4_2_0063233C
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632B01 4_2_00632B01
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631B0F 4_2_00631B0F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631718 4_2_00631718
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00631BE1 4_2_00631BE1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Code function: 4_2_00632FDA 4_2_00632FDA
PE file contains executable resources (Code or Archives)
Source: lang-1032.dll.2.dr Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
PE file does not import any functions
Source: lang-1032.dll.2.dr Static PE information: No import functions for PE file found
Tries to load missing DLLs
Source: C:\Users\user\Desktop\download.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Section loaded: edgegdi.dll Jump to behavior
PE / OLE file has an invalid certificate
Source: download.exe Static PE information: invalid certificate
Source: C:\Users\user\Desktop\download.exe File read: C:\Users\user\Desktop\download.exe Jump to behavior
Source: download.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\download.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\download.exe C:\Users\user\Desktop\download.exe
Source: C:\Users\user\Desktop\download.exe Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\download.exe
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\download.exe Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\download.exe Jump to behavior
Source: C:\Users\user\Desktop\download.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004031E9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,LdrInitializeThunk,DeleteFileA,CopyFileA,LdrInitializeThunk,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 2_2_004031E9
Source: C:\Users\user\Desktop\download.exe File created: C:\Users\user\AppData\Local\Temp\nsp21EF.tmp Jump to behavior
Source: classification engine Classification label: mal76.troj.evad.winEXE@4/5@0/1
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004020D1 CoCreateInstance,MultiByteToWideChar, 2_2_004020D1
Source: C:\Users\user\Desktop\download.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004044AE GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 2_2_004044AE
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4728:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4728:304:WilStaging_02
Source: download.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000004.00000002.5807012371.00000000025EF000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1806817167.00000000069EF000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1798739196.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: download.exe PID: 8540, type: MEMORYSTR
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_706B2F20 push eax; ret 2_2_706B2F4E
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A314A8 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A320AE push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A388BE push esp; ret 2_2_04A388DD
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32897 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3189B push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A30C99 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3449E push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3349D push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A340E2 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A340E6 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A394EB push esp; ret 2_2_04A394F1
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A310F6 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A30CFC push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A33CCE push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A324DB push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A364DC pushfd ; ret 2_2_04A364DD
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32C37 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3143B push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A33C02 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31800 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3440B push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3341B push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32018 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A3641D push 7E114A25h; iretd 2_2_04A3642D
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A34076 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A31C75 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A33878 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A32441 push es; retf 2_2_04A34799
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A36C50 pushfd ; ret 2_2_04A36C51
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_04A335A3 push es; retf 2_2_04A34799
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_706B1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 2_2_706B1A98
Drops PE files
Source: C:\Users\user\Desktop\download.exe File created: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\download.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\lang-1032.dll Jump to dropped file
Source: C:\Users\user\Desktop\download.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect Any.run
Source: C:\Users\user\Desktop\download.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE3
Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXELE
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 928 Thread sleep time: -300000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\download.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\lang-1032.dll Jump to dropped file
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_00405745 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 2_2_00405745
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004026FE FindFirstFileA, 2_2_004026FE
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_00406280 FindFirstFileA,FindClose, 2_2_00406280
Source: C:\Users\user\Desktop\download.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\download.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\download.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Shutdown Service
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicshutdown
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V PowerShell Direct Service
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicvss
Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EAB000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5897618619.0000000003F13000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe3
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Heartbeat Service
Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface
Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exele
Source: CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicheartbeat
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_706B1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 2_2_706B1A98
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_00403B48 SetWindowPos,ShowWindow,DestroyWindow,SetWindowLongA,GetDlgItem,SendMessageA,IsWindowEnabled,SendMessageA,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,SetClassLongA,SendMessageA,GetDlgItem,ShowWindow,KiUserCallbackDispatcher,EnableWindow,GetSystemMenu,EnableMenuItem,SendMessageA,SendMessageA,SendMessageA,lstrlenA,SetWindowTextA,DestroyWindow,CreateDialogParamA,GetDlgItem,GetWindowRect,ScreenToClient,SetWindowPos,ShowWindow,DestroyWindow,EndDialog,ShowWindow, 2_2_00403B48

HIPS / PFW / Operating System Protection Evasion
barindex
Writes to foreign memory regions
Source: C:\Users\user\Desktop\download.exe Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe base: 630000 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\download.exe Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\download.exe Jump to behavior
Source: C:\Users\user\Desktop\download.exe Code function: 2_2_004031E9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,LdrInitializeThunk,DeleteFileA,CopyFileA,LdrInitializeThunk,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 2_2_004031E9
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 830512 Sample: download.exe Startdate: 20/03/2023 Architecture: WINDOWS Score: 76 23 Antivirus detection for URL or domain 2->23 25 Yara detected GuLoader 2->25 27 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->27 7 download.exe 4 29 2->7         started        process3 file4 17 C:\Users\user\AppData\...\lang-1032.dll, PE32 7->17 dropped 19 C:\Users\user\AppData\Local\...\System.dll, PE32 7->19 dropped 29 Writes to foreign memory regions 7->29 31 Tries to detect Any.run 7->31 11 CasPol.exe 13 7->11         started        signatures5 process6 dnsIp7 21 37.139.128.83, 49792, 49795, 49798 LVLT-10753US Germany 11->21 33 Tries to detect Any.run 11->33 15 conhost.exe 11->15         started        signatures8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
37.139.128.83
 unknown Germany
10753 LVLT-10753US false

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://37.139.128.83/2 false
  • Avira URL Cloud: malware
 unknown