Windows Analysis Report
WEAREX_IHRACAT.exe

Overview

General Information

Sample name:	WEAREX_IHRACAT.exe
Analysis ID:	1501093
MD5:	2e620407c0b25239ef46534a34217c27
SHA1:	1751f775e9e9279757ec94c9f4cf63b01af42525
SHA256:	a49b3780d9a1af972b0e6d252284edff3b00e35713336456579431f1081debe4
Infos:

Detection

GuLoader

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Sigma detected: New RUN Key Pointing to Suspicious Folder

Switches to a custom stack to bypass stack traces

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Found dropped PE file which has not been started or loaded

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://gitak.top/dmAaHCQMI79.bin/A~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin5	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin)	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin6	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/9~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin6	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin0	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binM~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binD	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binNJ	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bine~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binY~	Avira URL Cloud: Label: malware
Source: https://gitak.top/W~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/o~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binR	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/Y~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binR	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binX	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/K~v	Avira URL Cloud: Label: malware
Source: https://gitak.top/e~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binK	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin-~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binX	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bino~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binA~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binK~v	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binD	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binf	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin9~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/M~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bince	Avira URL Cloud: Label: malware
Source: https://gitak.top/7~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binq	Avira URL Cloud: Label: malware
Source: https://gitak.top/A~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binW~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/7~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binz	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binl	Avira URL Cloud: Label: malware
Source: https://gitak.top/	Avira URL Cloud: Label: malware
Source: https://gitak.top/M~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binc~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/e~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binMicrosoft	Avira URL Cloud: Label: malware
Source: https://gitak.top/K~v	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binl	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binz	Avira URL Cloud: Label: malware
Source: https://gitak.top/My	Avira URL Cloud: Label: malware
Source: https://gitak.top/Y~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin7~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/W~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin/c~	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.bin(	Avira URL Cloud: Label: malware
Source: https://gitak.top/dmAaHCQMI79.binAuthority	Avira URL Cloud: Label: malware
Source: https://gitak.top/o~	Avira URL Cloud: Label: malware
Source: https://gitak.top/9~	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: gitak.top	Virustotal: Detection: 22%			Perma Link
Source: https://gitak.top/dmAaHCQMI79.bin	Virustotal: Detection: 19%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe

ReversingLabs: Detection: 57%

Multi AV Scanner detection for submitted file

Source: WEAREX_IHRACAT.exe	ReversingLabs: Detection: 57%
Source: WEAREX_IHRACAT.exe	Virustotal: Detection: 70%			Perma Link

Uses 32bit PE files

Source: WEAREX_IHRACAT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.207.219:443 -> 192.168.11.20:49776 version: TLS 1.2

Source:	Binary string: mshtml.pdb source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: mshtml.pdbUGP source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Code function: 0_2_0040276E FindFirstFileW,	0_2_0040276E
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Code function: 0_2_00405770 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405770
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Code function: 0_2_0040622B FindFirstFileW,FindClose,	0_2_0040622B

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49776 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49778 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49782 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49806 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49786 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49781 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49779 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49787 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49780 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49797 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49791 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49783 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49794 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49792 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49784 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49798 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49793 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49788 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49814 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49777 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49808 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49807 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49799 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49795 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49790 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49785 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49816 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49819 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49801 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49800 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49796 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49789 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49818 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49803 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49815 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49802 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49821 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49809 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49804 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49817 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49813 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49810 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49805 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49812 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49811 -> 172.67.207.219:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49820 -> 172.67.207.219:443

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: gitak.top

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RtkS5n2C9K8mjiAQPIkIP9T88mXoVLDUFQwJUfSU5sWwsYGnJKDIxQnhTK%2BYG5ngpEcRf5RfEbq4xB%2BvWG1QUI17VL2JbGYWyhEsdLzTqLMGDmjiPOeBBprfnY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babec105a2956ec-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 10Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLabE8DPPtKS9rn%2FTmLbROV6pDDQFvRUk5aR5YeVnvTApARwxz%2F8eMLXqLjU1H2LPDuTGQXlPnvkwrSU8v3J6RPJcu5I7EI7q06db33Ur7Nef7zicxytRomCyHM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babec535dbf2d28-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 21Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWXXS2NrwTGdUxdtZPpsZTpq8PP%2Bh4tk92eB%2FEd5X13HxWMvQ%2B6NdI2shR5ctT2z8oU1E4HTXmPeGexsCOi5j4W%2FHdkE0kdFxfXspk4Tk%2Bm1yHedovEr5Pti9IA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babec950eb559f1-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 31Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0fWlft6fUQ4S4m4KlgLPN5GN2AGQUD7AL7zviH7Ky3zISp6ZpHnfTQrQtdHPn3GPqoPei3sBc5gN1WUIihvF5Y%2BpAf7A4Bpcdnl1W%2BRSByVg3wQsjOuM3azODM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babecd6edd32d15-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 42Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGiHI3lLvT9Gur%2FzlVH2DRekG2i01nj0wF8JaD0PDHAb3Vx3HLZBTbOoe87ew2QVaaNRadhADqYBGLdObIr7C8zJRuT68CpYshrP3ekInFYY3JTra00i0dP02DA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babed18a9bb082e-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 52Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i7gL3sdbOuJzSEcJkT99MXrxL780mMWdYRsl3RrCszGJhf9VuZqfcXQG0z6504sWRm1nsGiSL4fIXJA2sCPjAZe5kDXg2AB3Xa9%2BYi2a0kOCrOsKiLgG0cxQFTo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babed5a69411fd4-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 63Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F5b2RW%2Fj%2BT4RrEZWx4D%2FnyakwG90IGNXz%2Fl%2Fy9eJcEXVaz99bZLUGlNYOClAFPHSWDkTInHh3OqeupG1uIY%2FCy1DDISV8N41MvZpYqErhYiSpEZDk9JPknQQYf8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babed9c1cd9c584-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 73Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3xhKipF4ZA8%2Bkvdd%2BU1F%2BrBg4eynZTN%2BjBDWj9bgfGgH%2BilT3MDXaYBqPidLk%2BHIjGpOJ1KV5XU%2BxKhXjAr%2FlM%2FPDMyPa%2BmW65B7puXv5TX78IU5IOvcZbn8wsk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babedddcc3059df-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 84Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoNQvU%2F68bPKsSQUFFONu8irGKTbWrh9ZiAyCeTfaGqzkT7pMFpOm5qS5cv%2BpGcO9DD5iqwclNCCrU5vtum1PhltMVpXIYst3f8%2BQdM1rJzMTQXGTSBbOxZT56Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babee1f886782ec-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 94Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hwkKcTa3VXkc7R9rQYkkb4eqPmY8q4UzebAK8gzZsZ4XJBRVEUF19Zbfu0H4L7Gp15nI4QJZ7M5%2F%2Fm8bIekDe9NEAW9JWIima4oQgcnbn1Gr3bjWeb6%2F2hGaJTo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babee614a62c968-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 105Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13eTPd51Zx4b9EW4xNYd4Zei8NPIGF4uqYtQUC%2BvF7tiLZ45S6fm%2B4M7DPeBk7meYNsqfYwxRKlb%2BQqUwjx4TJBXNlEP7Z%2FylcPwqo20X09H0aQMyGuOzkdWb64%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babeea32f3d061c-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 115Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqmBalLXHAr8qRHykb93s7Lp50lREcKDyK8n%2Bv3wMBlsq8eWm%2FglNpbgr71VKPXaN9RNmJINX9aly%2FjGoZjXd5KoUWa3uB7RDsG05r8TwF7mWPTyTmQB3N%2Fsh6c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babeee4daa80854-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 126Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBfD0KFqKH%2FjuEPqXLGmfVRvGlYJ7xonfYKsjAuioIk3mZ0nD9XfU%2BsdBUtdQhBZsKK5pD6i%2FUtbiuoTH6VFzUzLjhCbEFyDCq93DypeKvLBwuv6cw7Or8rps0k%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babef268d5d2d0e-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 136Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXfiXuYJ4hadXmEM7sONEP2m4MQat6SkERSgInyk3olB8%2FyTCkHB9wvTJz%2BgVW0ZWgn4wzpHY%2FvjdL3Nm%2Fo0G%2Fw%2BeVKfHB1ZsNgSW49r3D78mp37yvegGleUReY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babef686b810737-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 147Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKbW1Y4HPTxcwBPBIxIFuOUjsGbsPaM6IiXAd0gCMmTFMP9875X41jv%2FHIB2pY3JVz7Pai9QieunjV56GiHCRUmj5a0Az4aB3jgFZq%2BDhZf%2B8td4V0P0WY4tXPY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babefaa5a9a81b7-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 158Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACR1CIV4FDjAhd2ezzKBo%2B%2BmCDuOxvybSxgwkG%2BbAd5HU8pi0XXVuQciCGeO3g2yq6%2BYdcmvE1zckugScTv%2Bv9j6Z6OLnGK86IWyAqmiaNLNoz6qlN7YsvRc8vA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babefec688805f3-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 168Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7Th%2F8Vb4dHHXArb7cx59BBVc87nvJf%2FkctRSGb54018w3bD7fVg3zI5%2Fec8AKupGUwgCcLMuJ0n9cCjXQASLw1zbGqJkvhSaaPE8zL3nDYgQoyt6XKX7OcSQdM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf02e69c8172f-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 179Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbk%2FKlA5H5JLhG8PPhB65XbwQbdmh%2BQuyX7czVbll9LXT2Gn6wLrXAg2J01sP%2BrLITcKC2G80RJdaTG2N3GJ00IoPwRLkpY2uN0YM7%2Bs37rw0vlUL%2BiDrvlu77o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf0706a5c05ce-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Od4qaBQE%2FtUECG2uHXncFSGFpGy%2BElvcGv%2F4Zuev9uqQg3CYtB0J5RH5UGOt1uAq3oNKrZGFbXkZC5ZN8paB1%2F2pdPTk02kUIZNS3jKtbuNJRKQgd08JUWCvWLc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf0b24fe40609-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 11Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woX15csC0YOdsa1t8EAgxqkSaWKCCfkIOd%2Bw7Tlq0AZCVdXVwSZi9akJ%2FX4%2Fz%2FDXfb2Z8hEgZN1RbvaspsX9mjx7%2B5K8T45kDCrg9oMv%2BNEBzj31wMu03OoMeCU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf0f58f11c97c-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 21Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jLzCJsXLh%2FbWWp8BjVWVvbN3PyjdVuDU6cM5nc8f7Z%2Bx3yGVBy1YNlbzREWZFtOZoFTWPylOsvMeUFnOmg90cQlbqRlz5twBb0gZcQF0EnzDJeFM8C7NTFqGUo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf1371bc759ce-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 32Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66FqERb112nzweANwbLdsasmMz7%2FDYqGhx8TV%2BInDLuRcE3Xe9%2Fo0CcLb1X7S4Ag3zmA6d8YHlL7KsnZVtsScPJoowdkcYp3L01kOBtHiO2kCiw%2Bl5qVENt0YzA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf17898bac9bc-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 43Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAyowupOWb5VXJ8gC4tntqPW5lHx8Wi31AqO8BiSuyacK%2BvW%2Bj8bdTSJccpv2AWsWdcPSFfIJC7JQrZwlmmGQw%2FXHYGg793%2F%2BJA0Oo8Nv7kyTTDfZi4IsfhJB%2F4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf1ba687f1ffa-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 53Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUQZXjbzj6ju5s79yPBAjZRr5ZbQySffRYXyCiog5C98MrYxjtX4dfqOvzHoEREzjEpqkWEcgtlnPMoUI77jkK34azHbAEx6NuWJoGWLZ0hVfIDXRrbRWywH9Fw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf1fc3cdb8292-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 64Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jz7VFTiPKQF%2BrRLpb7vN69gK1%2BcUzeYu3BFQsHzO%2FmQB7Hoyaz7PP2PEJ91Iqz4OhWro%2BvS41XUpNsShp%2FwWXGND%2BNVq9DVAV5IhPeLjK9dkC%2FnuyGJawWmzKiU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf23dfbae9c19-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 74Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSvQgm36B3CQEVixDq3DLwJqqF5XXqvULb76%2FrqY6JwvfSAYG14bICP2RkC3%2BlivDeQ11NRp0ElYQUdvNinDT9QqQ0DxTADa9IU3zT%2B7VYeAVDpivDoFpGi%2Fe%2BU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf27f88a9c942-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 85Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvGrHFVh6PWFBvVSHPcReQAvG0Omr3d9apds8VsHZOTN8ioHKp0%2BhLP54nunsGj%2B29ujAyCl%2BpO8%2B20tzttoyvcV28n1%2BxKZ%2FhluUogbCGQ1Xa1zUUIn0U1DaPU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf2c13d4281db-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 95Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q5RykvhTjptvCpjS4wBPMhx7sp3%2BIMVVbgt%2BdCZ5ZDBHAQzsmV1mWm%2BfHQUYsE69qHvhdqIMvGmqLPrN6Q39SMHAX1j5kFlAsGbT4Yj4ZUDtLM2umg8S3KmvoWY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf3030f68c591-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 106Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHBvQLdSwBm9PoKkTUtljEORft8B1GglMqqEBglJjTMkatKnSdWb64zw2yRX6qFMQNH%2F8TYsc7qAPz%2F7OuPcjsXgLOia82dKizi9rdTMsjTqUo9Vd4N94%2FBzd5k%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf344da1e57be-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 116Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7ML22O2MaLNZwkcKS5ZwIoNBgQdWjIPbpKa5C656H0VcHLsJ3mDbZ9IEolDUb1noMxr2onIbst3OkbdrzkLScnR1NkvZYlF4EIUcwP99DxRYaoQW70ruzdv2pY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf38668e43937-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 127Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2Ft4Tp4q67AjqoGnNYQb3vJ36PjrscP1jipXuXbg4DznR3Hb4YcJ7XJ6OJHXc64pDG09DJPB4mELnEq0%2BEuQhVAsFklDV6mm49lng4PkUvqOGoVLgBwghDiBlnQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf3c7ffb620a6-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 137Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8mdVRsckUPkt8lQImW1t%2FJNUaQlVWdid47Dt%2B8tQOwfS6LRTGKaX6Jf%2Fwwyu%2FhoOWUjgJQazpjxkQtSARQtuY%2BaOgW%2Bdd0lXnN5SPiV%2F4If74pYAqji2H2U9EA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf4099fdbc964-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 148Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CeJDVuF8OdH73QzQxhx6Ya%2By2rTERqsl2K1PkHi6bLgELQ%2FqL6nLvm10nk7D7QPkyypge0Qv2G2NkjWPH%2F8B7rk9Te4lhDOrjOfdWum19e%2FRC%2BdAzDoTfYaziJw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf44b2cbf7fa2-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 158Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9rZlVeDhwdqDZZGjQhu0dUlwNp5yTVN8CDPGJU6B0zoyrVMK4M2SFsG29iaDHhvENveahuXEZqOdbgnOQVQ2sHWgdBRoqWOO4U3NgF%2Bq5TZHM0nMTlkHxOy%2FqM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf48cbb7f5b16-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 169Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpFerUiOo3ZV%2BbxUG8g34luJU5ejspS3NVs3q3CJs2XmEzhBLIZLkq89aryqZdIuxLnwRKNWVBj0ZdMOukG4KD%2FvXYU%2FB4y%2Bz%2FWxC6azEhijd6PBBys1vx21i1o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf4ce5fc505e2-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 179Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNIMbtOHrHgJlLrjgfSeKe%2FL%2BGXi9zf5%2B4BVoo87xepPBkNa48MR2OZKtRgL2hVw06Eoyk8ByvYbFOoZq%2FZs8XbiuIqUfl5P2iAH2OBG4iNDvsOkUL2ItgjTUsU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf50feb7f0949-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vTE2Sv77XFRjvS8qsqlko1AXrAWneT8Lgnx0krqqZJj%2BallBnvx8eQbG%2B5eDjz4dxLXn7pF1jYX4RbWUL9ZzMDi6nY8h%2FHmfHx3PDDnRzctcZXY5xqeDFxXgX2w%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf5518b0c05c2-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 10Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMZVqUKXFMvt2oMoa48tTQ6wtJGNlsj%2BV0xfFDSCUlN4MdFfYHKliDJuGvqvQdJspkuekEbN9gYQKsm%2FN%2FCX%2B9QswbCJYmma%2FmsNw34w300XjQjpejXGy4rijac%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf594ad5d801b-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 21Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2e7n4Gsfk9EOUGZg0NvISoDMYY5slzc%2BuhdL6VsJXvTznTMhPQFig3bIc5SBS0xOp1js7%2BZlr7KJ4ZKaUFT830IKXSxADI5iWUIT%2Bjez%2BQ%2BzACGDLjB0CHTtaDQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf5d68da12d28-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 31Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9E4enV9EQITKn2RdaDLiP1UOL%2F4RcQ3ckHhSfEealRp%2BJr%2Bs6pVErAmRvyglu6UI7uWTGZlJKq6%2Bw%2BC8BIWPeI2PVbnBWrRNkS%2FQk7vcvV4gitiB6PZ9ZnfYyY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf6182f97061a-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 42Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FSMgWbpddeq%2FNvt4ouFM%2Ft8tKPaxufufFx4ue7U4Qi3HEA1ervrhFkn94kyx8AstrXZf9lon1y1gr0dWGtL0%2FbsJwUQcZC%2B88dTjCGMFKJYWGooBCqENCmkkGs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf659ee228293-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 52Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WFdsMkrc8RRA2jzkju2Dw8YfkBOYChY%2BEGc3nHm3kIXPFWw9F3UVUDtLhDBvQbwh6Wg7aerf%2FHvzGIPhbFjr8q%2BHOzwBdSezZB6%2B%2FdYhD7tu22gnwnrrCpoRlbg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf69bfe628236-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 63Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TijnKBodBwojS8fKVLojY4UC1Zb7qH4Z%2BxtG9PrWXRFiC80y5FNVswJzJLm0s5U0zdJRIgFfLZocw2Ur5PB80w5E4dR3i6Lkv31RTT9IhqHycTD8v6SWJwJBJCo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf6de0f7707fb-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 74Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6y9po9cH2nR7wTK5ZhBrQFqpL6XH8LRPJgEsXPzNxbZPFXkx604oL8xF8tKONIlMDQBjbn4NiZJ1F8%2F4MzoNkLpzMF4e%2FTLAfb3v07Zg4JJx8awOkQkv2DNogU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf720183182b6-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:48:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 84Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkJ5muxbGh3WKoyUAuIjzC29ofOziiGvVSYbGuOiaLSxUxquXjRmKH4x0GOwL3PlJ%2BFgCW9S6PKXfKzgsUNHeYU%2BRtwomMTuu4KRYo%2BT%2FgzLC1BMk453BH0JSes%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf761c9cf588a-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:48:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 95Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2aDB4%2BOqdQtNoXmdnoTwWpdHpIsfDYmEtXWW0tXRoz%2FPb0Q5QiF31cAPs8jSnMVLyadDzg%2FnEfE4a7Z5xnOSQRkMHpJMIfIhboElqhIyGydqjP9Tiraq2vao8TE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf7a3898859bc-IADalt-svc: h3=":443"; ma=86400

Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: WEAREX_IHRACAT.exe, Caterva.exe.2.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000626000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/
Source: WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/7~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/9~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/A~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/K~v
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/My
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/M~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/W~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/Y~
Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin(
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin)
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin-~
Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/7~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/9~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/A~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/K~v
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/M~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/W~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/Y~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/c~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin
Source: WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin6
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binD
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binR
Source: WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binX
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binl
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binz
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/e~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/o~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin0
Source: WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197590543.000000000287D000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302765402.000000000287D000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6305027978.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515602395.000000000287A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin5
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin6
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin7~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bin9~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binAuthority
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binA~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binD
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binK
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binK~v
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binMicrosoft
Source: WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binM~
Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653324742.0000000002838000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binNJ
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binR
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binW~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binX
Source: WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binY~
Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653324742.0000000002838000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bince
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binc~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bine~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binf
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binl
Source: WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.bino~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binq
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/dmAaHCQMI79.binz
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/e~
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitak.top/o~
Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown

HTTPS traffic detected: 172.67.207.219:443 -> 192.168.11.20:49776 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe

Code function: 0_2_004052D1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004052D1

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe

Code function: 0_2_00403358 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_00403358

Creates files inside the system directory

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe

File created: C:\Windows\Fonts\logorrheic.ini

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Code function: 0_2_00404B0E		0_2_00404B0E
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Code function: 0_2_0040653D		0_2_0040653D

Source: unknown	Process created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"	Jump to behavior

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: Yara match	File source: 00000002.00000002.6650157112.0000000001721000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2455393389.00000000031C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	File created: C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe			Jump to dropped file
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	File created: C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll			Jump to dropped file

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Aaregang	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Aaregang	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Aaregang	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Aaregang	Jump to behavior

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	API/Special instruction interceptor: Address: 3B9064C
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	API/Special instruction interceptor: Address: 20F064C

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0 FILES\QEMU-GA\QEMU-GA.EXEP
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2458782228.00000000040E0000.00000004.00001000.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653716052.0000000002A00000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEN

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe TID: 5580	Thread sleep count: 39 > 30			Jump to behavior
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe TID: 5580	Thread sleep time: -390000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	Last function: Thread delayed

Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exeN
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: WEAREX_IHRACAT.exe, 00000002.00000003.2933900374.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3144180833.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566595182.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197529994.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.0000000002897000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6305027978.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.0000000002867000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515602395.0000000002866000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0 Files\Qemu-ga\qemu-ga.exep
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2458782228.00000000040E0000.00000004.00001000.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653716052.0000000002A00000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe	API call chain: ExitProcess graph end node

ID:	1501093
Product:	CloudBasic
Start time:	12:37:38
Start date:	29.08.2024
Sample:	WEAREX_IHRACAT.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	2e620407c0b25239ef46534a34217c27
SHA1:	1751f775e9e9279757ec94c9f4cf63b01af42525
SHA256:	a49b3780d9a1af972b0e6d252284edff3b00e35713336456579431f1081debe4
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	2E620407C0B25239EF46534A34217C27	1751F775E9E9279757EC94C9F4CF63B01AF42525	A49B3780D9A1AF972B0E6D252284EDFF3B00E35713336456579431F1081DEBE4
C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7399323923E3946FE9140132AC388132	728257D06C452449B1241769B459F091AABCFFC5	5A1C20A3E2E2EB182976977669F2C5D9F3104477E98F74D69D2434E79B92FDC3
C:\Users\user\AppData\Local\Temp\nsrB208.tmp	data	DF83E71E1F504BA452688A89CEBF2651	6FF125C56A32F86EEBA91A003BCF03F3E571C355	3D5C790BC1C1A1708DD88368CC17ADC9C38FB2375D31E759373A1FCC38B47DEB
C:\Users\user\gangningerne\jot\mtn\Discomplexion\Modulsystemernes.Tie	data	A2F5F04E983190C0354C8362548F3AF2	241D36CB0F4490E394F914CB2876A2EECDDD4F9A	915CD18120B0827AFA12CA7D9C702A61F88541EED6D896779D62BA581251D573
C:\Users\user\gangningerne\jot\mtn\Discomplexion\Sengeheste.txt	ASCII text, with CRLF line terminators	1459E91F25E94A3A75C331FEE10CE27B	98619C367B9C295221E9D419308A7160F927566B	71F06CE6041A49F416D50E6BC6FF252D44A4829209B9778352D5F03C8120CEA0
C:\Users\user\gangningerne\jot\mtn\Discomplexion\Soldede.Phy	ASCII text, with very long lines (65536), with no line terminators	0667E0457CC4EB7E2455A757544890F9	110F026C12E0C1A53FC59424741580ADC6C1CBCA	EFF5D379FC2733E5FD0860EB112E465A364BCB19C9F0652E4CFC57DD87F739D0
C:\Users\user\gangningerne\jot\mtn\Discomplexion\hulen.urh	data	731DFA6DF00249CAC29566287712DB7E	D0395A078EDEDE1FFF4B5F6921549257F9128864	1A039C58A7D2CA90AFFCF28F5ADBA163CE0E38109A8E258E28D49F5D9A5E157C
C:\Users\user\gangningerne\jot\mtn\Discomplexion\isvintrene.gaf	data	3FB3828F8898D364F7EE5607547E6040	9EA56ECEB3D57AB5AE8D3434A157BAECF424715F	51A0A1D3B04F367EA6F0294222D49E1D351376577ACE15734340092D11391081
C:\Users\user\gangningerne\jot\mtn\Discomplexion\rustling.avi	data	46E9E6BF651E043A929B22B6E20B22C2	C2E94B4CE6F9328A063B9A6E2427ADF528735164	5A12E8D8793E33175392D0743BCE73E93F877DCB1D9933079A19ADD4161D6D97
C:\Windows\Fonts\logorrheic.ini	ASCII text, with CRLF line terminators	40600272448BB9ADF1D91714A4C7A2BE	E7DBF46977F456296394B6B954868EDA9AA6023F	90E93C241E8033528681E2CA698B36EF573272E920B5A0A5E900D69C258DADB4

Windows Analysis Report WEAREX_IHRACAT.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
WEAREX_IHRACAT.exe

Malware Threat Intel
Provided by